From 51c6b1fb94c78f0c3b9120a9ce52e6a6ad358b39 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Thu, 27 Oct 2022 11:24:30 +0000 Subject: [PATCH] Add AlmaLinux 9 support --- SOURCES/0001-Add-AlmaLinux-9-support.patch | 26599 +++++++++++++++++++ SPECS/scap-security-guide.spec | 15 +- 2 files changed, 26611 insertions(+), 3 deletions(-) create mode 100644 SOURCES/0001-Add-AlmaLinux-9-support.patch diff --git a/SOURCES/0001-Add-AlmaLinux-9-support.patch b/SOURCES/0001-Add-AlmaLinux-9-support.patch new file mode 100644 index 0000000..5584430 --- /dev/null +++ b/SOURCES/0001-Add-AlmaLinux-9-support.patch @@ -0,0 +1,26599 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index e7a1ee7f..f090900d 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -69,6 +69,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + # unless explicitly asked for. + option(SSG_PRODUCT_ALINUX2 "If enabled, the Alinux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ALINUX3 "If enabled, the Alinux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) ++option(SSG_PRODUCT_ALMALINUX9 "If enabled, the AlmaLinux 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN9 "If enabled, the Debian 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -274,6 +275,7 @@ message(STATUS " ") + message(STATUS "Products:") + message(STATUS "Alinux 2: ${SSG_PRODUCT_ALINUX2}") + message(STATUS "Alinux 3: ${SSG_PRODUCT_ALINUX3}") ++message(STATUS "AlmaLinux 9: ${SSG_PRODUCT_ALMALINUX9}") + message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") + message(STATUS "Debian 9: ${SSG_PRODUCT_DEBIAN9}") + message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") +@@ -345,6 +347,9 @@ endif() + if (SSG_PRODUCT_ALINUX3) + add_subdirectory("products/alinux3" "alinux3") + endif() ++if (SSG_PRODUCT_ALMALINUX9) ++ add_subdirectory("products/almalinux9" "almalinux9") ++endif() + if (SSG_PRODUCT_CHROMIUM) + add_subdirectory("products/chromium" "chromium") + endif() +diff --git a/build_product b/build_product +index 24ca39b4..5d886438 100755 +--- a/build_product ++++ b/build_product +@@ -299,6 +299,7 @@ set_explict_build_targets() { + all_cmake_products=( + ALINUX2 + ALINUX3 ++ ALMALINUX9 + CHROMIUM + DEBIAN9 + DEBIAN10 +diff --git a/controls/anssi.yml b/controls/anssi.yml +index ed840cc5..301ac865 100644 +--- a/controls/anssi.yml ++++ b/controls/anssi.yml +@@ -297,7 +297,7 @@ controls: + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_oracle_gpgkey_installed + + - id: R16 +diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml +index 9991ffbf..7a0d5ada 100644 +--- a/controls/cis_rhel8.yml ++++ b/controls/cis_rhel8.yml +@@ -347,7 +347,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.3 + title: Ensure gpgcheck is globally activated (Automated) +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +index a8c094ec..0fc9bcaf 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Disable Avahi Server Software' + +diff --git a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +index dcf0885f..cb14ee55 100644 +--- a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable Cockpit Management Server' + +diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +index 1f6a233e..9f3a4d6b 100644 +--- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda ++++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + kdump --disable +diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml +index 3643c2ff..0712aa20 100644 +--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable KDump Kernel Crash Analyzer (kdump)' + +diff --git a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +index 2d3189bc..e6295d3b 100644 +--- a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,uos20 + + title: 'Disable ntpdate Service (ntpdate)' + +diff --git a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +index ffa0e5d8..fd443c99 100644 +--- a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,uos20 + + title: 'Disable Odd Job Daemon (oddjobd)' + +diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +index e33eba2e..04b193fe 100644 +--- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,uos20 + + title: 'Disable Apache Qpid (qpidd)' + +diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +index 75e2ada1..171d2822 100644 +--- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,uos20 + + title: 'Disable Network Router Discovery Daemon (rdisc)' + +diff --git a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +index 41571146..c4e4f98e 100644 +--- a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable Red Hat Network Service (rhnsd)' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +index 90808749..4f46ef06 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +index 821cd138..55258192 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +index ab2a16f8..1df3b5ac 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +index 07163701..0362bc76 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +index 32c5f6f8..70301b54 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +index 2865d54d..d0b44aea 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns Crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +index 68ad645a..26220747 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +index 371fc9d3..12462d68 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +index f24897bd..b2e12919 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +index 187eec8e..0cc8b4e6 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +index f1d67d9b..92cb5bfb 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +index da2c8fad..03289905 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +index a9130cef..47be4540 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +index 514ec15e..59825e35 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +index 1a7934b2..3d837896 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +index b05c8eab..bb545f6d 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +index d5d4e8db..a4d5212c 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +index ffa87a27..a1cf9194 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +index 31a2180b..003121cf 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure that /etc/at.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +index 9fb0d5b3..fe12c98a 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Ensure that /etc/cron.deny does not exist' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +index ae516b96..dbb3b9c9 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +index 8879c0fa..c8da7589 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +index 9e667091..1f286938 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify User Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +index 279d3634..8e0f01f8 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on /etc/at.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +index adb16ec6..e1c5dbc1 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,sle15,ubuntu2004 + + title: 'Verify Permissions on /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +index de88deaa..00685ae2 100644 +--- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,uos20 + + title: 'Disable At Service (atd)' + +diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +index dbb7c7a0..527fab97 100644 +--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Enable cron Service' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +index 80465414..bdf1c136 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Uninstall DHCP Server Package' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +index 0eb3829b..b4727d05 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable DHCP Service' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +index bc2e7411..ac07854e 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,uos20 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004,uos20 + + title: 'Uninstall bind Package' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +index 2acaf85b..d0df6b1a 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable named Service' + +diff --git a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml +index e6837e5d..5871298e 100644 +--- a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml ++++ b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,rhel9,almalinux9 + + title: 'Configure Fapolicy Module to Employ a Deny-all, Permit-by-exception Policy to Allow the Execution of Authorized Software Programs.' + +diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +index 8be9f10a..23cd94b1 100644 +--- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml ++++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Install fapolicyd Package' + +diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +index 57e01f72..a0014c7c 100644 +--- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml ++++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Enable the File Access Policy Service' + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +index 4ce30c66..addc30af 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Uninstall vsftpd Package' + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +index 1b723ce7..b32b3cae 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable vsftpd Service' + +diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +index 72c9737e..9128397a 100644 +--- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Uninstall httpd Package' + +diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +index ade2d740..1a43bd9d 100644 +--- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable httpd Service' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +index d8631eb9..489b5b4b 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +index 5227203b..6c908c07 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +index 1af8689b..5b30b5bc 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +index 581ab6b3..308be592 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Uninstall dovecot Package' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +index 920de88b..b99a39e0 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable Dovecot Service' + +diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +index 17d742d9..c912c321 100644 +--- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml ++++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Remove the Kerberos Server Package' + +diff --git a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +index a4bd1fc3..e63a8ea8 100644 +--- a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml ++++ b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhel9 ++prodtype: rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall 389-ds-base Package' + +diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +index 646e63f4..cb346ebf 100644 +--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + + # Use LDAP for authentication +diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +index dad8eeeb..6d9b2151 100644 +--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure LDAP client is not installed' + +diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +index 95601fbd..17ca8aae 100644 +--- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Uninstall openldap-servers Package' + +diff --git a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +index 9780397e..8d4e2fea 100644 +--- a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9 ++prodtype: alinux2,alinux3,rhel8,rhel9,almalinux9 + + title: 'Disable LDAP Server (slapd)' + +diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +index 3674a860..dc926b10 100644 +--- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml ++++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Uninstall Sendmail Package' + +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +index e1c9d00d..df00159e 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +index bd6f4236..16f610e5 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + {{{ bash_instantiate_variables("var_postfix_inet_interfaces") }}} + +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +index e765efe0..cd6d0211 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Disable Postfix Network Listening' + +diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +index 4c42cfdb..26bf78a8 100644 +--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Prevent Unrestricted Mail Relaying' + +diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +index 1399f5d5..e8238f44 100644 +--- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml ++++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Enable Postfix Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +index 222dafa3..7b375ed4 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Disable rpcbind Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +index ed3d8881..9c4493d2 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable Network File System (nfs)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +index 9a95382a..38d69416 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Mount Remote Filesystems with Kerberos Security' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +index b112dfdc..a74b09e8 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Mount Remote Filesystems with nodev' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +index 16bef0bd..38b1fcab 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Mount Remote Filesystems with noexec' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +index d01106dc..219e5cd7 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Mount Remote Filesystems with nosuid' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +index 9176e00b..45eb07aa 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Use Kerberos Security on All Exports' + +diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +index 6dbd8d26..98d655b9 100644 +--- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Uninstall nfs-utils Package' + +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +index 524cdc7d..2678708d 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + + {{{ bash_replace_or_append(chrony_conf_path, '^port', '0', '%s %s') }}} +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +index 831ac3ad..28aefdc9 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable chrony daemon from acting as server' + +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +index 25b76868..a1e46bc1 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + + {{{ bash_replace_or_append(chrony_conf_path, '^cmdport', '0', '%s %s') }}} +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +index 00f8ef62..89fdda5a 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable network management of chrony daemon' + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml +index 6e827de0..0f0cdd09 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +index 972f6bec..5c0b1bd5 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_time_service_set_maxpoll") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +index f43d59b5..85d9ab8e 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure Time Service Maxpoll Interval' + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +index 63880e80..ef8d1836 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +@@ -5,7 +5,7 @@ + # disruption = low + + {{%- set ok_by_default = false %}} +-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} ++{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} + {{%- set ok_by_default = true %}} + {{%- endif %}} + +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh +index 46252803..da0f9330 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh +@@ -1,6 +1,6 @@ + # platform = multi_platform_all + {{%- set ok_by_default = false %}} +-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} ++{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} + {{%- set ok_by_default = true %}} + {{%- endif %}} + +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml +index f63c1e5a..23f17c50 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml +@@ -1,5 +1,5 @@ + {{%- set ok_by_default = false %}} +-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} ++{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} + {{%- set ok_by_default = true %}} + {{%- endif %}} + +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +index 8e52a1d8..284cc6c8 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +@@ -1,11 +1,11 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Ensure that chronyd is running under chrony user account' + + {{%- set ok_by_default = false %}} +-{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} ++{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} + {{%- set ok_by_default = true %}} + {{%- endif %}} + +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh +index edd19015..11fcd1bc 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = chrony + + +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh +index 83120046..12b9d1a4 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/empty_options.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = chrony + + +diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh +index 8b6d9296..215820a7 100644 +--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # remediation = none + + echo "" > {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh +index 74a0e407..402fc741 100644 +--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # remediation = none + + rm -f {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh +index e550b63f..d8a11b89 100644 +--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # remediation = none + + echo "some line" > {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh +index 03793b24..86cfab7a 100644 +--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # remediation = none + + sed -i "^pool.*" {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh +index ad7be896..bd280444 100644 +--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # remediation = none + + sed -i "^server.*" {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh +index 37e3ab12..ce20cbe2 100644 +--- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + sed -i "^pool.*" {{{ chrony_conf_path }}} + echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh +index 2ecb42a5..de9a3546 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh +index 8451a501..b5a5ef17 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + echo "pool 0.pool.ntp.org" > {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh +index 7de23047..c4e80dfa 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + echo "" > {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh +index 8faf6a6d..dade2502 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + rm -f {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh +index b2f2ede7..b4ac7d08 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + echo "some line" > {{{ chrony_conf_path }}} + echo "another line" >> {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh +index 6a6c5ad6..27ebedbc 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + echo "server 0.pool.ntp.org" > {{{ chrony_conf_path }}} + echo "server 1.pool.ntp.org" >> {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh +index 11dc1f5f..ca260458 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + echo "server " > {{{ chrony_conf_path }}} +diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +index 626333a6..f75036d8 100644 +--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Uninstall xinetd Package' + +diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +index 31145f7e..0aeca999 100644 +--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Disable xinetd Service' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +index 9be95ffe..0d13d904 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Remove NIS Client' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +index 0f7ad7c0..6a7be1a5 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Uninstall ypserv Package' + +diff --git a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +index 99e527ef..339a6ce1 100644 +--- a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel8,rhel9 ++prodtype: alinux2,alinux3,rhel8,rhel9,almalinux9 + + title: 'Disable ypserv Service' + +diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +index 3a98b094..bd5b8127 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +index 822b02f5..1ef91959 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Remove Host-Based Authentication Files' + +diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +index 6af0b573..713381d7 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +index 0108f8fd..ca94a1c8 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + find /root -xdev -type f -name ".rhosts" -exec rm -f {} \; + find /home -maxdepth 2 -xdev -type f -name ".rhosts" -exec rm -f {} \; +diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +index b7c88b07..a9c7c4e3 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +index 43da70e0..b67aa48d 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Remove User Host-Based Authentication Files' + +diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +index 11268858..0f46e7d4 100644 +--- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Uninstall rsh-server Package' + +diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +index b2453536..37d3746e 100644 +--- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Uninstall rsh Package' + +diff --git a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +index abaa36a1..71aef4b5 100644 +--- a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # potentially obsolete, rsh-server is not available in RHEL9 +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Disable rlogin Service' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +index e3e56f5e..8fa7b78b 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure rsyncd service is diabled' + +diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +index ba9a7f09..dfa53d05 100644 +--- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Uninstall talk-server Package' + +diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +index 7331593c..b1737d5c 100644 +--- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Uninstall talk Package' + +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +index 7996f31c..8b5f7155 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Uninstall telnet-server Package' + +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +index 9074cff2..0f7d9f3e 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Remove telnet Clients' + +diff --git a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +index e8f05f9a..97684507 100644 +--- a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Disable telnet Service' + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +index ebf414d3..eab3e569 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Uninstall tftp-server Package' + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +index cf3db885..4a432acf 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Remove tftp Daemon' + +diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +index 10ad8224..3c84d548 100644 +--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Ensure tftp Daemon Uses Secure Mode' + +diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +index bf9ddbb5..28ec1320 100644 +--- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml ++++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: alinux3,rhel7,rhel8,rhel9,almalinux9,sle15,ubuntu2004 + + title: 'Disable the CUPS Service' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +index 435eea5a..9145ca22 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Uninstall squid Package' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +index 3e3f0f4f..2c875fad 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable Squid' + +diff --git a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +index 7c01c09b..496e4d67 100644 +--- a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml ++++ b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Remove the FreeRadius Server Package' + +diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +index 8fa13460..41c4db8e 100644 +--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml ++++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Enable the Hardware RNG Entropy Gatherer Service' + +diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +index 4c37ae2f..90b713ae 100644 +--- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml ++++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall quagga Package' + +diff --git a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +index da59b70a..78f70b1f 100644 +--- a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Require Client SMB Packet Signing, if using mount.cifs' + +diff --git a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +index 1f7d56c1..3ce4e49e 100644 +--- a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Install the Samba Common Package' + +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +index a6606860..f25b9504 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +index 9e1f01f5..d7d4c265 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + ###################################################################### + #By Luke "Brisk-OH" Brisk + #luke.brisk@boeing.com or luke.brisk@gmail.com +diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +index baaee6d0..c1d49861 100644 +--- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Uninstall Samba Package' + +diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +index ee7b76b1..e6830a49 100644 +--- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable Samba' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +index 8e789e99..43ab45d2 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Uninstall net-snmp Package' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +index 0bd8a012..0b3dbec9 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,debian10,debian11,debian9,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Disable snmpd Service' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +index 3ff132df..cb146c90 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure SNMP Read Write is disabled' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +index 789f2264..d78f0f6d 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Configure SNMP Service to Use Only SNMPv3 or Newer' + +diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +index feed2148..854490fa 100644 +--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Group Who Owns SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +index f04aa556..37330333 100644 +--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Owner on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +index ddad4da4..e368706d 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify Permissions on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +index 36ac1f29..cff31808 100644 +--- a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml ++++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhel8,rhel9 ++prodtype: ol8,ol9,rhel8,rhel9,almalinux9 + + title: 'Install OpenSSH client software' + +diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +index b71bff62..19409c0e 100644 +--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml ++++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable the OpenSSH Service' + +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml +index afc6d539..8ebcfb5c 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure session renegotiation for SSH client' + +diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +index 5a97f74d..104b27f3 100644 +--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml +index e944f938..c4b455dc 100644 +--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml ++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml +@@ -82,7 +82,7 @@ + .xml + + +-{{% if product in ["fedora", "rhel9"] %}} ++{{% if product in ["fedora", "rhel9", "almalinux9"] %}} + + /etc/NetworkManager/system-connections +diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +index 77ba9d3c..9b9d6e5d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable SSH Server firewalld Firewall Exception' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +index 39102e5d..2dcfeeb0 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +index ba598762..d972650e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv + + + {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^Protocol', '2', '%s %s') }}} +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +index f8d422c6..aafcd046 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +index 7c01208c..8e6c9a53 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_sshd_disable_compression") }}} + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +index 228a1166..6ba91af4 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +index 5a1ec5cf..d240b471 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + + {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^RhostsRSAAuthentication', 'no', '%s %s') }}} +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_size_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_size_directory.fail.sh +index 88c6420c..1ef3a142 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_size_directory.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_size_directory.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + mkdir -p /etc/ssh/sshd_config.d + touch /etc/ssh/sshd_config.d/nothing +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_time_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_time_directory.fail.sh +index 3bb09260..071224dd 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_time_directory.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_time_directory.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + mkdir -p /etc/ssh/sshd_config.d + touch /etc/ssh/sshd_config.d/nothing +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/no_line_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/no_line_directory.fail.sh +index 00569de1..1f1531b0 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/no_line_directory.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/no_line_directory.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + mkdir -p /etc/ssh/sshd_config.d + touch /etc/ssh/sshd_config.d/nothing +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh +index 894c0ae4..fee90e6c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + sed -e '/RekeyLimit/d' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ok.pass.sh +index e183e898..4bf86cca 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ok.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel9_ok.pass.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + mkdir -p /etc/ssh/sshd_config.d +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +index 5b54ab89..4213bc15 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh +index 66b0d783..78adcaa6 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSHD_CONFIG_DIR="/etc/ssh/sshd_config.d" + SSHD_CONFIG="${SSHD_CONFIG_DIR}/good_config.conf" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh +index ea5e8f16..5df0dd4a 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSHD_CONFIG_DIR="/etc/ssh/sshd_config.d" + SSHD_CONFIG_BAD="${SSHD_CONFIG_DIR}/bad_config.conf" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh +index ead09cc2..c4dae825 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSHD_CONFIG_DIR="/etc/ssh/sshd_config.d" + SSHD_CONFIG="${SSHD_CONFIG_DIR}/bad_config.conf" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml +index b280e21e..8e1c1810 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh +index 3cfe760f..cba9bf0c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_sshd_set_keepalive") }}} + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh +index dae6c33a..e2fbd1c6 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # variables = var_sshd_set_keepalive=0 +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSHD_CONFIG="/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf" + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh +index 4fc6c331..f5756569 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # variables = var_sshd_set_keepalive=0 +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSHD_CONFIG="/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf" + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +index 16e31302..71125a8d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +index 3fceef26..af661e4c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("sshd_max_auth_tries_value") }}} + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh +index fcdb800c..77c3e82d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel, multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux, multi_platform_fedora + + #!/bin/bash + SSHD_CONFIG="/etc/ssh/sshd_config" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh +index 0e08a36d..da95aab4 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com", '%s %s') }}} +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh +index 1ac74ed4..aad9b777 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "wrong_value_expected_to_fail.com", '%s %s') }}} +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_directory_configuration/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_directory_configuration/rule.yml +index be7b2a19..34b5c40e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_directory_configuration/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_directory_configuration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol9,rhel9 ++prodtype: fedora,ol9,rhel9,almalinux9 + + title: 'Distribute the SSH Server configuration to multiple files in a config directory.' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +index 798c4043..322c83cd 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config + echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +index 19faca73..22bf6bdc 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +index 77330241..c5adffff 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config + echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +index 8d33596e..beafbd6d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +index 69f4b7c7..b33087e8 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + # TODO: The plan is not to need this for RHEL>=8.4 + # TODO: Compliant setting is SSH_USE_STRONG_RNG set to 32 or more +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'SSH server uses strong entropy to seed' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +index 49aede17..0a7ab5d4 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,ubuntu2004 + + title: 'Prevent remote hosts from connecting to the proxy display' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +index 202fc7f4..711cc57c 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +index 68a6a129..740c94e1 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + {{{ bash_instantiate_variables("var_sssd_ldap_tls_ca_dir") }}} + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +index 891b3e2f..6cb0bce2 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +index 5c83263b..91e28ba1 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + {{{ bash_sssd_ldap_config(parameter="ldap_tls_reqcert", value="demand") }}} +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +index b38bc41f..33c5c903 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +index 564e3281..02bed6db 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + {{{ bash_sssd_ldap_config(parameter="ldap_id_use_start_tls", value="true") }}} + +diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml +index 823c0f55..9f6ad853 100644 +--- a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh +index c3ad7e88..dcee4554 100644 +--- a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml +index bee86bc2..88c37373 100644 +--- a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Certificate status checking in SSSD' + +diff --git a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml +index c4fb7188..dda2e8b6 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Enable Certmap in SSSD' + +diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +index d233bc61..9e2c7d3b 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + SSSD_CONF="/etc/sssd/sssd.conf" + SSSD_CONF_DIR="/etc/sssd/conf.d/*.conf" +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +index fc9283a1..e59c3a35 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +@@ -34,7 +34,7 @@ + create: yes + mode: 0600 + +-{{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}} ++{{% if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9"] %}} + - name: '{{{ rule_title }}} - Check if system relies on authselect' + ansible.builtin.stat: + path: /usr/bin/authselect +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh +index 83df3388..298dab53 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh +@@ -6,7 +6,7 @@ + + {{{ bash_ensure_ini_config("/etc/sssd/sssd.conf", "pam", "pam_cert_auth", "True") }}} + +-{{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}} ++{{% if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9"] %}} + if [ -f /usr/bin/authselect ]; then + if authselect check; then + {{{ bash_enable_authselect_feature('with-smartcard') | indent(8) }}} +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml b/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml +index aa255be3..de963135 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/oval/shared.xml +@@ -5,7 +5,7 @@ + + +- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}} ++ {{% if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9"] %}} + + 1 + + +- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}} ++ {{% if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9"] %}} + +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +index 5e7299c5..338bf003 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Enable Smartcards in SSSD' + +@@ -11,7 +11,7 @@ description: |- +
[pam]
+     pam_cert_auth = True
+     
+- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}} ++ {{% if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9"] %}} + Add or update "pam_sss.so" line in auth section of "/etc/pam.d/system-auth" file to include + "try_cert_auth" or "require_cert_auth" option, like in the following example: +
+@@ -61,7 +61,7 @@ ocil: |-
+     If configured properly, output should be
+     
pam_cert_auth = True
+ +- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}} ++ {{% if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9"] %}} + To verify that smart cards are enabled in PAM files, run the following command: +
$ sudo grep -e "auth.*pam_sss.so.*\(allow_missing_name\|try_cert_auth\)" /etc/pam.d/smartcard-auth /etc/pam.d/system-auth
+ If configured properly, output should be +@@ -76,7 +76,7 @@ fixtext: |- + + pam_cert_auth = True + +- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}} ++ {{% if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9"] %}} + Enable the with-smartcard feature using the authselect command: + sudo authselect enable-feature with-smartcard + sudo authselect apply-changes -b +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh +index 3b5070ba..464369c9 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # remediation = none + + SSSD_FILE="/etc/sssd/sssd.conf" +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh +index 9469edff..4c22fe32 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh +index 9e17febc..f45333ef 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh +index ba04367c..66dd9d17 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh +index c36988aa..19a5a736 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh +index 8d06f45d..688b00ea 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSSD_FILE="/etc/sssd/sssd.conf" + echo "[pam]" > $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh +index d08ab39e..b75823b6 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,sssd +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSSD_FILE="/etc/sssd/sssd.conf" + rm -f $SSSD_FILE +diff --git a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml +index 4733dae8..3fcf05c9 100644 +--- a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhel9 ++prodtype: ol8,ol9,rhel9,almalinux9 + + title: 'SSSD Has a Correct Trust Anchor' + +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +index 7cfba003..fb36bb09 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +index d749de10..9ee21747 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}} + +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +index ebdf0136..73916d8d 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +index a7c8bedc..f255d3dd 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +index 45695598..d2e51712 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure SSSD to Expire Offline Credentials' + +diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +index ffb443d7..4444d8af 100644 +--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + MAIN_CONF="/etc/sssd/conf.d/ospp.conf" + +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +index 59968356..8fa06fa6 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +index 21e0b485..9658e047 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_instantiate_variables("var_sssd_ssh_known_hosts_timeout") }}} + +diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml +index 33162749..72a361b3 100644 +--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml +@@ -1,3 +1,3 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + {{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}} +diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +index 665fc9c7..0d64a22b 100644 +--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml ++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Log USBGuard daemon audit events using Linux Audit' + +diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml +index 9f18591b..b49d5217 100644 +--- a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +index 5b903676..3a722afa 100644 +--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml ++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install usbguard Package' + +diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml +index e9c55dfb..9be805c1 100644 +--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + metadata: +diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +index 6bae6e0f..48998ef2 100644 +--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml ++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Enable the USBGuard Service' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +index 095c6f0b..b26e0189 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Authorize Human Interface Devices in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml +index 5ef460be..8a12559f 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + {{% macro usbguard_hid_and_hub_config_source() %}} + allow with-interface match-all { 03:*:* 09:00:* } + {{%- endmacro -%}} +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +index be1a2d2d..9775e5a4 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +index a5ff5255..eda5cbf8 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Authorize USB hubs in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml +index aa7a3aa3..099e3f47 100644 +--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml ++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh +index 88d55f16..f2f33670 100644 +--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh ++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml +index 12361452..5ae064ea 100644 +--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Generate USBGuard Policy' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +index fd0b0f42..fb23fadb 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Remove the X Windows Package Group' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +index 9be857e9..9d78ff46 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Disable graphical user interface' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +index b2f44761..328f7cad 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Disable X Windows Startup By Setting Default Target' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +index 4f6d64fd..3c980eea 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +index ae7d79d3..a4eec5d3 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +index bbb16cd6..2c54da5f 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Modify the System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +index d804a28c..d2a1f1bc 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +index 1d9f9251..08b999cf 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +index cdc981fc..0e070cda 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Modify the System Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +index 2b9349f7..411530ff 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify permissions on System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +index f5d9279b..077db3a2 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify permissions on Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +index 5814a30b..aa4aa4c5 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +index 606951b3..54ee73bb 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Enable GNOME3 Login Warning Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +index 86aff54f..b295782b 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +index c4ef4d12..a4cf3163 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Set the GNOME3 Login Warning Banner Text' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml +index c5b62c25..66d3473b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Red Hat Virtualization 4 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +index cde0bd13..786aa440 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + + {{% if product in ["sle12", "sle15"] or "ubuntu" in product %}} + {{{ bash_ensure_pam_module_configuration('/etc/pam.d/login', 'session', 'required', 'pam_lastlog.so', 'showfailed', '', 'BOF') }}} +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh +index 745560a8..fe214e49 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh +index 5d5de96f..6802b547 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh +index 84b10027..b879061f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh +index fb1d07f7..088b552b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh +index e32983dd..8b980b2d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh +index b094c31c..07fb4fc5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh +index d0e9ebd6..9201bc22 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml +index d34f78c5..88daeb58 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,rhel9,almalinux9 + + title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml +index a2e72e0d..e43b9628 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,rhel9,almalinux9 + + title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml +index 64500547..9f0a8089 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,rhel9,almalinux9 + + title: 'An SELinux Context must be configued for the Faillock directory' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml +index ec1be903..edb2c532 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh +index 6c3b08a9..2a43f24a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +index 73f2afff..58a51d71 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Limit Password Reuse: password-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh +index 601400d7..3784299e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + remember_cnt=5 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh +index 70ffeb21..fe9e4ca0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh +index 95048760..1835633b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh +index 84b10027..b879061f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh +index a1f7ed3c..77f034e3 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + remember_cnt=5 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh +index 91953352..1696a6fb 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + remember_cnt=3 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml +index 61a83d7b..079800db 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh +index b7a5cedf..f158b651 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +index fd85b25e..8a19f868 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Limit Password Reuse: system-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh +index d0e5ea66..c87f837d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + remember_cnt=5 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh +index 3acc798e..a637aaf5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh +index 66005a37..ce12d821 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh +index 84b10027..b879061f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh +index 4891c441..efcb6d56 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + remember_cnt=5 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh +index 1523a9aa..a1825c63 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite + + remember_cnt=3 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +index ba2ff2fa..ec59e9bd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +index b0e7b27b..ddcf25ca 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_password_pam_unix_remember") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +index a00a273a..fbe1026a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Limit Password Reuse' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh +index 520ce05a..998c0f83 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_remember=5 + + remember_cnt=5 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh +index 9d150e25..436c7286 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_remember=5 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh +index ee762d86..66df5efd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_remember=5 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh +index 84b10027..b879061f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh +index 48138ce3..47b99015 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_remember=5 + + remember_cnt=3 +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +index fed1dea1..0c6a8c9b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +index f392618d..1f47e39b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +index 1edc61c6..900546ff 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Lock Accounts After Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh +index 1698c1c7..e6707a01 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh +index b844a27d..05cc0beb 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + pam_files=("password-auth" "system-auth") + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh +index 3ace8942..98948315 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + # variables = var_accounts_passwords_pam_faillock_deny=3 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh +index 1f3098d5..7e516583 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_deny=3 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh +index fd3ef218..a9b789ba 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_deny=3 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +index 7cc53fce..f5628ef3 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + # variables = var_accounts_passwords_pam_faillock_deny=3 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh +index fa81b645..a40f7a43 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_deny=3 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +index 18f1a23f..41d87be9 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +index bf493872..8c845063 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_pam_faillock_enable() }}} + {{{ bash_pam_faillock_parameter_value("even_deny_root", "") }}} +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +index 684e6f7e..34365dd1 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Configure the root Account for Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh +index 1698c1c7..e6707a01 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh +index 851beef5..a2a23918 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + pam_files=("password-auth" "system-auth") + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh +index cc8c766a..c0d1dc57 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh +index ce8ab690..a01d61e5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + + authselect select sssd --force + authselect enable-feature with-faillock +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +index d055d651..4e3503cf 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml +index fd8e4444..d30a92fd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh +index e9c09b71..ffbbb68c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + {{{ bash_pam_faillock_enable() }}} + {{{ bash_pam_faillock_parameter_value("local_users_only", "") }}} +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +index f495cc9c..311e9700 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Enforce pam_faillock for Local Accounts Only' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh +index 856bd56e..9f76150c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + + authselect select sssd --force + authselect disable-feature with-faillock +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh +index 075791de..899751de 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + + authselect select sssd --force + authselect enable-feature with-faillock +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +index 978cccce..a3e8b336 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh +index 053f9110..f294bc5a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + + # This test scenario manually modify the pam_faillock.so entries in auth section from +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +index ac3b9789..bf2620cc 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +index f6cb7304..8c2357ad 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_fail_interval") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +index 05c43275..9b6ae2c0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Set Interval For Counting Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh +index 1698c1c7..e6707a01 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh +index 5d2a2a5b..5f5be7e3 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + pam_files=("password-auth" "system-auth") + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh +index 03aa084e..cafbb0ce 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + # variables = var_accounts_passwords_pam_faillock_fail_interval=900 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh +index 33d3847d..400e4a12 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_fail_interval=900 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh +index 9ff681e5..b8d59a44 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_fail_interval=900 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +index 29f65d50..7311b372 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + # variables = var_accounts_passwords_pam_faillock_fail_interval=900 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh +index bcd46e74..d7f8ce57 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_fail_interval=900 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +index 32bf2c48..63d101b6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +index d1b2d7a6..6e60aaad 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +index 1d2af2b4..e6f32d4c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Set Lockout Time for Failed Password Attempts' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh +index 1698c1c7..e6707a01 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh +index f2afacec..9ffd1abd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect,pam +-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + pam_files=("password-auth" "system-auth") + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh +index d68ebfad..28b29282 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + # variables = var_accounts_passwords_pam_faillock_unlock_time=600 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh +index 2dc848cb..38008876 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_unlock_time=600 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh +index 38d95831..6e3645c8 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_unlock_time=600 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +index a4e91c71..8f972c65 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # remediation = none + # variables = var_accounts_passwords_pam_faillock_unlock_time=600 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh +index 5c59de7c..78b74502 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8 + # variables = var_accounts_passwords_pam_faillock_unlock_time=600 + + authselect select sssd --force +diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml +index b84185a6..4ff11f97 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Install pam_pwquality Package' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +index 857933a4..1845f9ce 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +index 67a5b70c..0ec3efa4 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +index 883ddd16..d74b4cea 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +index ae762335..d959ffba 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +index 19a61043..e9646e40 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +index 236048f7..9a63f086 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +index 768e70ef..6d91800a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +index 46af5fea..00f872bc 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Set Password Maximum Consecutive Repeating Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +index 37bd49f6..e2d28a3c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +index 3dc5600b..556fd930 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +index 380979e0..7ab7bb5f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml +index 276853c6..96b16f5d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh +index dfa1d523..a573c86a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit.so') }}} +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml +index 30384def..77d74d02 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Ensure PAM password complexity module is enabled in password-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh +index 3d696c36..8c13ba90 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh +index 04358992..5a7e11b8 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh +index 472616a5..ceb36c1d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh +index 59f9d6f7..fb0dd8af 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/password-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh +index a11a2ad0..3b1c7bf2 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml +index 97b26286..d9326cf0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh +index 2f01cf43..ef5c862a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_ensure_pam_module_configuration('/etc/pam.d/system-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit.so') }}} +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml +index 6e9caa72..0e57feb6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Ensure PAM password complexity module is enabled in system-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh +index 849f16d0..68bf761c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh +index 6a98c244..145202db 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh +index 6786f6c1..2a249ed2 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh +index b3d9e588..958e0425 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh +index 454b2e6a..0617033a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +index f972b328..fffcb129 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +index 4d1b5ebe..7fd8572d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh +index 7d6cc6c2..de9f4342 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # variables = var_password_pam_retry=3 + + CONF_FILE="/etc/security/pwquality.conf" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh +index 77d2df7b..eb3afb8b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # variables = var_password_pam_retry=3 + + CONF_FILE="/etc/security/pwquality.conf" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh +index b6ad5388..6ea6a40b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # variables = var_password_pam_retry=3 + + CONF_FILE="/etc/security/pwquality.conf" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh +index 1fb0d3a4..016fe326 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # variables = var_password_pam_retry=3 + + CONF_FILE="/etc/security/pwquality.conf" +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +index c965b058..1b0cc0af 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +index b3e32aa3..547d137b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +index d458790d..c4365552 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + LIBUSER_CONF="/etc/libuser.conf" + CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*' +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +index 5f887bb8..02fdccf3 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Set Password Hashing Algorithm in /etc/libuser.conf' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +index 8dedf993..51c76b11 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +index fb856a11..a440dba9 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +index 48eae25a..5a384089 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Password Hashing Algorithm in /etc/login.defs' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml +index 31c14211..be9f0464 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh +index 55f43ef9..2b993b52 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + + {{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'sufficient', 'pam_unix.so', 'sha512', '', '') }}} +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +index 7e10f93d..45dc62dd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: "Set PAM''s Password Hashing Algorithm - password-auth" + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh +index 9efa736f..e8b675b0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh +index 29d22728..86c3990a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh +index 5eccea5d..4bec6712 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + PASSWORD_AUTH_FILE="/etc/pam.d/password-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh +index 6b75ae8f..84e63772 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +index b35b01c4..ca91871f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: "Set PAM''s Password Hashing Algorithm" + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh +index efa05a74..8b1b3d17 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh +index 9d331106..792bafab 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh +index 7367965c..c0ab51c7 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh +index 14d947ad..de5362da 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + authselect create-profile hardening -b sssd + CUSTOM_PROFILE="custom/hardening" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml +index 91123acb..a09e3cd0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,sle12,sle15 ++prodtype: ol8,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Set Password Hashing Rounds in /etc/login.defs' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh +index 23edb3c9..daae2463 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu + + + {{{ bash_replace_or_append('/etc/systemd/system.conf', '^CtrlAltDelBurstAction=', 'none', '%s=%s') }}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +index 3045574e..7ce6bb46 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +index f5c59c10..74b7e894 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Disable Ctrl-Alt-Del Burst Action' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +index dac112a4..efda12b5 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + {{% if init_system == "systemd" -%}} + systemctl disable --now ctrl-alt-del.target + systemctl mask --now ctrl-alt-del.target +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml +index 517c83c6..041e9a29 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +index 5b3f8535..8b1a64e1 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Ctrl-Alt-Del Reboot Activation' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +index cf5da2ae..02fa6e50 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Verify that Interactive Boot is Disabled' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml +index 63202936..9d2b693a 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml +@@ -9,7 +9,7 @@ + create: yes + dest: /usr/lib/systemd/system/emergency.service + regexp: "^#?ExecStart=" +- {{% if product in ["fedora", "rhel8", "rhel9", "ol8","sle12", "sle15"] -%}} ++ {{% if product in ["fedora", "rhel8", "rhel9", "almalinux9", "ol8","sle12", "sle15"] -%}} + line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency" + {{%- else -%}} + line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +index 21e57df7..e98fcf88 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +@@ -2,7 +2,7 @@ + + service_file="/usr/lib/systemd/system/emergency.service" + +-{{% if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}} ++{{% if product in ["fedora", "rhel8", "rhel9", "almalinux9", "ol8", "sle12", "sle15"] -%}} + sulogin="/usr/lib/systemd/systemd-sulogin-shell emergency" + {{%- else -%}} + sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +index 37d64662..fda3e160 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +@@ -12,7 +12,7 @@ + + + + /usr/lib/systemd/system/emergency.service +- {{%- if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}} ++ {{%- if product in ["fedora", "rhel8", "rhel9", "almalinux9", "ol8", "sle12", "sle15"] -%}} + ^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency + {{%- else -%}} + ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +index 1a247ecf..fcc60be4 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +@@ -54,7 +54,7 @@ ocil: |- + To check if authentication is required for emergency mode, run the following command: +
$ grep sulogin /usr/lib/systemd/system/emergency.service
+ The output should be similar to the following, and the line must begin with +- {{% if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}} ++ {{% if product in ["fedora", "rhel8", "rhel9", "almalinux9", "ol8", "sle12", "sle15"] -%}} + ExecStart and /usr/lib/systemd/systemd-sulogin-shell. +
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
+ {{%- else -%}} +@@ -84,7 +84,7 @@ fixtext: |- + Configure {{{ full_name }}} to require authentication for system emergency mode. + + Add or edit the following line in "/usr/lib/systemd/system/emergency.service": +- {{% if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}} ++ {{% if product in ["fedora", "rhel8", "rhel9", "almalinux9", "ol8", "sle12", "sle15"] -%}} + ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency + {{%- else -%}} + ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh +index a8a5c8cc..ed4f4fe3 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + service_file="/usr/lib/systemd/system/emergency.service" + sulogin="/usr/lib/systemd/systemd-sulogin-shell" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh +index 96a0c842..048832a9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + service_file="/usr/lib/systemd/system/emergency.service" + sulogin="/bin/bash" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml +index fc278655..8485d603 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml +@@ -10,7 +10,7 @@ + create: yes + dest: /usr/lib/systemd/system/rescue.service + regexp: "^#?ExecStart=" +- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}} ++ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}} + line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue" + {{% elif product in ["rhel7"] %}} + line: 'ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +index 76a2664f..ea5700bb 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +@@ -4,7 +4,7 @@ + + service_file="/usr/lib/systemd/system/rescue.service" + +-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}} ++{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}} + sulogin="/usr/lib/systemd/systemd-sulogin-shell rescue" + {{%- elif product in ["rhel7"] -%}} + sulogin='/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml +index 6aeff3c5..2bca0287 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml +@@ -22,7 +22,7 @@ + {{%- if init_system == "systemd" -%}} + + + /usr/lib/systemd/system/rescue.service +- {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4", "sle12", "sle15"] -%}} ++ {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhcos4", "sle12", "sle15"] -%}} + ^ExecStart=\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue + {{%- else -%}} + ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +index 332712ea..ff589251 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Require Authentication for Single User Mode' + +@@ -60,7 +60,7 @@ ocil: |- + To check if authentication is required for single-user mode, run the following command: +
$ grep sulogin /usr/lib/systemd/system/rescue.service
+ The output should be similar to the following, and the line must begin with +- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4"] -%}} ++ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhcos4"] -%}} + ExecStart and /usr/lib/systemd/systemd-sulogin-shell. +
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
+ {{%- elif product in ["rhel7"] -%}} +@@ -96,7 +96,7 @@ fixtext: |- + + {{% if init_system == "systemd" -%}} + Add or update the following line in "/usr/lib/systemd/system/rescue.service": +- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}} ++ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}} + ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue + {{%- elif product in ["rhel7"] -%}} + ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +index 66d47a0e..df0ccaf6 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + service_file="/usr/lib/systemd/system/rescue.service" + sulogin="/usr/lib/systemd/systemd-sulogin-shell" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh +index d125b29e..6184023c 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + service_file="/usr/lib/systemd/system/rescue.service" + sulogin="/bin/bash" +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +index c9c637d7..96bf540e 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Support session locking with tmux' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +index dc63eb65..dc693130 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +index 52d2a778..50405532 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure tmux to lock session after inactivity' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +index e65a46f4..ba57e8fb 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure the tmux Lock Command' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +index 6b2d6cd5..c20712c9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +index 52cc12fc..51a0ba7a 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Prevent user from disabling the screen lock' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +index 006b5179..afd71adf 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install the tmux Package' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +index f95560e1..727187a4 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Configure opensc Smart Card Drivers' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +index c849940c..4e8292f7 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Force opensc To Use Defined Smart Card Driver' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +index 9b33ac18..49f01f4b 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +@@ -12,7 +12,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Install Smart Card Packages For Multifactor Authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +index 0c2be82d..eb985e24 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,ubuntu2004 + + title: 'Install the opensc Package For Multifactor Authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +index 3d81c490..f2d8b641 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install the pcsc-lite package' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +index 8d805140..7543f978 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Enable the pcscd Service' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml +index 58299265..2535b346 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh +index f114f680..45454868 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + {{% if "ubuntu" in product %}} + # packages = libpam-pkcs11 + {{% elif "rhel7" == product %}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh +index a41084c5..a6011cce 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + {{% if "ubuntu" in product %}} + # packages = libpam-pkcs11 + {{% elif "rhel7" == product %}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh +index d3493344..36309108 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + {{% if "ubuntu" in product %}} + # packages = libpam-pkcs11 + {{% elif "rhel7" == product %}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +index ff493491..082c8e61 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +index f232eb7e..121bc4a2 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Disable debug-shell SystemD Service' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +index 74598bc7..680caf4b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +index f299285d..52e841b6 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + + {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +index 0cb369e8..0baec5e4 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Account Expiration Following Inactivity' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml +index 6e0a907f..81f92171 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Assign Expiration Date to Emergency Accounts' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +index f709d300..358b490b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Assign Expiration Date to Temporary Accounts' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +index de96fd58..4227d274 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Ensure All Accounts on the System Have Unique User IDs' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml +index 2af99874..6fd5927c 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Only Authorized Local User Accounts Exist on Operating System' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh +index d942f81d..bcafb5e8 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh +@@ -1,5 +1,5 @@ + #! /bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$" + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +index 42a5c3a7..ca330311 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Ensure All Groups on the System Have Unique Group ID' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +index bed135a4..1df8f3a2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +index 0c81c0ee..29f31c65 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +index b04d7cdb..0d5a5831 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +index 23710fab..7f1f5642 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh +index c4704a6e..cbb1b605 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +index 9384d5a9..7cd91492 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Existing Passwords Maximum Age' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh +index 26b1216a..26f85c06 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +index 8e4beddc..0d002274 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Existing Passwords Minimum Age' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +index 3f697b24..acc0b212 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml +index 87619135..86d03536 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Verify All Account Password Hashes are Shadowed with SHA512' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +index 82110016..2a73ed38 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +index a4001071..d244fc54 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +index 015df146..82d8f7f3 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Set number of Password Hashing Rounds - password-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh +index 244ae3db..872b8d1a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh +index 8af81389..db232abe 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + ROUNDS=65536 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh +index 5af0640b..4bf1e1b1 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + # variables = var_password_pam_unix_rounds=65536 + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh +index 09e5ee93..4ebd4cb7 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + ROUNDS=65536 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh +index 10d83eac..e09123de 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + ROUNDS=4000 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +index c0b520bd..70ab14cb 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +index 8316e495..bf8a4c24 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +index cebea218..aeee01b2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Set number of Password Hashing Rounds - system-auth' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh +index 506a8075..3acc6291 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + authselect create-profile hardening -b sssd +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh +index 48c7f5a4..e2af1b04 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + ROUNDS=65536 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh +index d111f61e..5b1d75ca 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + # variables = var_password_pam_unix_rounds=65536 + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh +index 534d7145..d9e6cfc9 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + ROUNDS=65536 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh +index 3c25268d..30cedb99 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # variables = var_password_pam_unix_rounds=65536 + + ROUNDS=4000 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +index feb5366e..f94a8b0c 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +index e85580dc..13091118 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +index ad3133b1..eac1b843 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh +index 84b10027..b879061f 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = none + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh +index 5b628dac..d3a0bb5a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh +index 52ad383d..dc91056a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = authselect +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + + SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +index 264a8244..d23ba89a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/group' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +index aee6c69c..c60096d9 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/passwd' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +index 162280d2..1ba7188f 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/shadow' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +index cfdd0883..ae264dcc 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +index 8f87bf06..6bed5ef5 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +index af6e93eb..a0371299 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +index 5f9c92aa..119219eb 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +index 94594008..c71e3c69 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +index 7194be9c..33bf1622 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +index 96a41cad..5b36c8a7 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # uncomment the option if commented + sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +index 9213cc47..f0ed6ee0 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,ubuntu2004 + + title: 'Enforce usage of pam_wheel for su authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +index e5a34b8a..a5bf98db 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure Home Directories are Created for New Users' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +index 53b68079..2a6b6612 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol + # disruption = low + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +index 23e6f0dd..6055798d 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + + {{{ bash_instantiate_variables("var_accounts_fail_delay") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +index 536ac295..d1bff5ff 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +index 0005b2cc..0329d6cd 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle + + {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +index dc981774..c787bf67 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +index 978ddff0..8605f9ed 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Interactive Session Timeout' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +index 3f6dab47..f11c4d59 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'User Initialization Files Must Not Run World-Writable Programs' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +index 758315bf..c4bb37e2 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure that Users Path Contains Only Local Directories' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +index 666dbb81..fa427e7d 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'All Interactive Users Must Have A Home Directory Defined' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +index 57b60e60..dd5c626a 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'All Interactive Users Home Directories Must Exist' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +index 2bd171f3..fb4a7c93 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +index f4779007..0f2aa90f 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +index 1b2cdfbf..4627463b 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive' + +diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +index 4e7ea875..ecbce672 100644 +--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +index a1e47204..4192ec52 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +index df6ac070..fcf9ed67 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +index c22956c8..2aebc29e 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle15,ubuntu2004 + + title: 'Ensure the Default C Shell Umask is Set Correctly' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +index ea0edc6f..073a937f 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +index acb272c0..4582a801 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +index c468faee..33d916b9 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure the Default Umask is Set Correctly For Interactive Users' + +diff --git a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml +index afd65879..434645ce 100644 +--- a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/enable_authselect/rule.yml b/linux_os/guide/system/accounts/enable_authselect/rule.yml +index 3edb3642..2542cb84 100644 +--- a/linux_os/guide/system/accounts/enable_authselect/rule.yml ++++ b/linux_os/guide/system/accounts/enable_authselect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Enable authselect' + +diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh +index f07f5332..a33cfa52 100644 +--- a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh ++++ b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = authselect,pam + # remediation = none + +diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh +index f50d65ce..2ad066f4 100644 +--- a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh ++++ b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = authselect,pam + + authselect select minimal --force +diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh +index 331bdf2d..348ba4c3 100644 +--- a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh ++++ b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = authselect,pam + + rm -f /etc/pam.d/{fingerprint-auth,password-auth,postlogin,smartcard-auth,system-auth} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +index c56d9b45..400dafb2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +@@ -11,13 +11,13 @@ description: |- + startup (the default), add the following line to a file with suffix + .rules in the directory /etc/audit/rules.d: +
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+ If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+@@ -25,13 +25,13 @@ description: |- + utility to read audit rules during daemon startup, add the following line to + /etc/audit/audit.rules file: +
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+ If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +index 5b3cd1d8..5379a615 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +@@ -9,24 +9,24 @@ description: |- + startup (the default), add the following line to a file with suffix + .rules in the directory /etc/audit/rules.d: +
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the auditd daemon is configured to use the auditctl + utility to read audit rules during daemon startup, add the following line to + /etc/audit/audit.rules file: +
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +index 6cadcdfa..7688b9a1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +@@ -11,13 +11,13 @@ description: |- + startup (the default), add the following line to a file with suffix + .rules in the directory /etc/audit/rules.d: +
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+ If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+@@ -25,13 +25,13 @@ description: |- + utility to read audit rules during daemon startup, add the following line to + /etc/audit/audit.rules file: +
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+ If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +index 5fff88ef..5e7c1598 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +@@ -9,24 +9,24 @@ description: |- + startup (the default), add the following line to a file with suffix + .rules in the directory /etc/audit/rules.d: +
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the auditd daemon is configured to use the auditctl + utility to read audit rules during daemon startup, add the following line to + /etc/audit/audit.rules file: +
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +index 3708723e..f7ad7f4f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +@@ -10,13 +10,13 @@ description: |- + program to read audit rules during daemon startup (the default), add the + following line to a file with suffix .rules in the directory /etc/audit/rules.d: +
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+ If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+@@ -24,13 +24,13 @@ description: |- + utility to read audit rules during daemon startup, add the following line to + /etc/audit/audit.rules file: +
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} +

+ If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +index 1b3a9fff..c353925b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +@@ -9,24 +9,24 @@ description: |- + startup (the default), add the following line to a file with suffix + .rules in the directory /etc/audit/rules.d: +
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the auditd daemon is configured to use the auditctl + utility to read audit rules during daemon startup, add the following line to + /etc/audit/audit.rules file: +
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + If the system is 64 bit then also add the following line: +
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
+-{{%- if product in ["ol8", "rhel8", "rhel9"] %}} ++{{%- if product in ["ol8", "rhel8", "rhel9", "almalinux9"] %}} +
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
+ {{%- endif %}} + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +index cc49dba9..4c65d761 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Record Any Attempts to Run chacl' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +index c045e89b..ffa06f82 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Record Any Attempts to Run setfacl' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +index a04042e3..f129c4bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Any Attempts to Run chcon' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +index f02b13ad..9c8e8217 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Record Any Attempts to Run restorecon' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +index 3622ba4a..02e1a67a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Record Any Attempts to Run semanage' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +index ccefe566..33b7006a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Any Attempts to Run setfiles' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +index 137d22aa..6ab0947b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Record Any Attempts to Run setsebool' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +index 43d5bbb6..31eefb44 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +@@ -1,11 +1,11 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Any Attempts to Run seunshare' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +index 53e61fb2..e9a0edcd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation for the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +index 14e3d2e0..c2f48e91 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,uos20 + + title: 'Ensure auditd Collects File Deletion Events by User' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +index d3b01863..2d503440 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Record Successful Permission Changes to Files - chmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +index 241d1d63..4efe8c2c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Ownership Changes to Files - chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +index a1f8f395..f0302e35 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +index ce7070ed..50a9569e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +index 4b6cee01..f8cf2f9c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmodat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +index 6bc0b959..8582dea6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +index e882a57b..2c446650 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchownat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +index ee4ff3a8..bab37242 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - fremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +index d40bfdee..02d5fc6e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - fsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +index 4fe00220..1b9afe7d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +index 90873b10..424c85fe 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Ownership Changes to Files - lchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +index acbfbc0e..c47fe1e2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - lremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +index b669f750..2431cd5d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - lsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +index 9cc9ff86..515ac135 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +index 89a65e14..48177a51 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +index 38a00312..edd813ec 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +index 5ed132a5..f919dc38 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +index bef2d87a..1b8115b2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Successful Creation Attempts to Files - open O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +index 653e1d8e..72b85f51 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Successful Creation Attempts to Files - open O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +index 16e9b483..f811b2a0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +index 75ead44a..341983ea 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Successful Creation Attempts to Files - openat O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +index 13ff5e23..a363720d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +index 7d7e3ebe..f86b23f9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - removexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +index 82d103ec..d888a14c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Delete Attempts to Files - rename' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +index 1736c971..b70824cf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Delete Attempts to Files - renameat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +index 75809f4a..8e0523a3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Permission Changes to Files - setxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +index 4d850dc8..547137e4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +index 91e8f67b..90b300d3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlink' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +index a11b195b..f8938583 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlinkat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +index 8a48783f..b846f811 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +index ab60d663..3847822f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +index cb0b6500..d6932ec4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - chmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +index 45fc2028..cb9371bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Ownership Changes to Files - chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +index 3e28446e..c040b621 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +index e30a1d2f..bb3efc08 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - fchmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +index e3c7fa19..268e2992 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - fchmodat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +index 59da9d0a..36d81aee 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Ownership Changes to Files - fchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +index 0fb28cfa..f57a5d62 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Ownership Changes to Files - fchownat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +index ec572f51..ee094b72 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - fremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +index 66fc4c74..50d3b412 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - fsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +index 32ef1257..e4ded3b6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +index 4a5d13bb..dd97a89c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Ownership Changes to Files - lchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +index 38e0558c..042740ed 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - lremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +index b91a2e54..f1efa2c5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - lsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +index 15876627..2b897421 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +index 3738f202..8c5248d1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +index c1352ae3..31de4374 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +index 29cc51e5..db0d8529 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +index c1352ae3..31de4374 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +index 1139d3d4..edeedbe5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +index c944fb9e..b506644a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +index f6778ff2..9d64944d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +index c1352ae3..31de4374 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +index fc832a32..a4969dfb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +index c1352ae3..31de4374 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +index 77c90c55..f4666999 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +index c944fb9e..b506644a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +index 1cf66b9e..2cf84fbd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +index 61f278a9..952003c7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +index c1352ae3..31de4374 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +index e699454e..0e618322 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +index c1352ae3..31de4374 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +index b9aa00b6..47b06954 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +index c944fb9e..b506644a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +index 46851bf6..9043dd84 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +index 73941532..0b9f7477 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - removexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +index e99c7859..28c4d91f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Record Unsuccessful Delete Attempts to Files - rename' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +index 94091c13..e569dc96 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Record Unsuccessful Delete Attempts to Files - renameat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +index 3b6ce383..96bece7f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Unsuccessful Permission Changes to Files - setxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +index 0a1e39df..9332cdc0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Unsuccessful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +index 96906848..200b45b8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Record Unsuccessful Delete Attempts to Files - unlink' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +index cc76dfee..c419b69e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Record Unsuccessful Delete Attempts to Files - unlinkat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +index 4c659a70..b968e941 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +index ac639d5b..b6e4dfc1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +index b4d1eb01..0f8fabc7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +index 51a61028..71df13a4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +index 56463078..9fc10dd5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +index a0a6793b..8c313b28 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +index 90d7d43d..818c3cad 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +index c3e5d7a7..8119df0a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +index e1bf467c..dd089ccd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +index 2fb9a7ff..7cef862d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +index 334165f7..971ace46 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +index 32ef6d31..e9b9ff62 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +@@ -1,8 +1,8 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + +-{{% if product in ["rhel8", "rhel9"] %}} ++{{% if product in ["rhel8", "rhel9", "almalinux9"] %}} + {{% set faillock_path = "/var/log/faillock" %}} + {{% else %}} + {{% set faillock_path = "/var/run/faillock" %}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml +index c9fea115..bf2722a7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml +@@ -1,10 +1,10 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Record Attempts to Alter Logon and Logout Events' + +-{{% if product in ["rhel8", "rhel9"] %}} ++{{% if product in ["rhel8", "rhel9", "almalinux9"] %}} + {{% set faillock_path = "/var/log/faillock" %}} + {{% else %}} + {{% set faillock_path = "/var/run/faillock" %}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh +index 826a25bd..4387f378 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh +@@ -2,7 +2,7 @@ + # packages = audit + # remediation = bash + +-{{% if product in ["rhel8", "rhel9"] %}} ++{{% if product in ["rhel8", "rhel9", "almalinux9"] %}} + {{% set faillock_path="/var/log/faillock" %}} + {{% else %}} + {{% set faillock_path="/var/run/faillock" %}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +index 90edf3ac..c652fd14 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +@@ -1,11 +1,11 @@ +-{{% if product in ["ol8","ol9","rhel8", "rhel9"] %}} ++{{% if product in ["ol8","ol9","rhel8", "rhel9", "almalinux9"] %}} + {{% set faillock_path = "/var/log/faillock" %}} + {{% else %}} + {{% set faillock_path = "/var/run/faillock" %}} + {{% endif %}} + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Record Attempts to Alter Logon and Logout Events - faillock' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +index 7337aa41..84e5752f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Attempts to Alter Logon and Logout Events - lastlog' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +index 54856261..bfb73f02 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Attempts to Alter Logon and Logout Events - tallylog' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml +index 979373bc..8701ec9d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Record Attempts to Alter Logon and Logout Events' + +-{{% if product in ["rhel8", "rhel9"] %}} ++{{% if product in ["rhel8", "rhel9", "almalinux9"] %}} + {{% set faillock_path = "/var/log/faillock" %}} + {{% else %}} + {{% set faillock_path = "/var/run/faillock" %}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +index 68c8497c..83094aae 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +index 3d7bcfa8..1df0dff7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_perform_audit_rules_privileged_commands_remediation("auditctl", auid) }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +index 9ab12a24..514b7ba4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +index f00b43da..c42db9c6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +index b4ef8a6b..af0b6308 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +index 5cc83a5b..dfdfa96f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +index 79e1ae16..de6c7c3e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +index 5baa999e..cb49a4d7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +index f9cbf11b..02cfce0d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +index 721c082b..4770cfc1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +@@ -10,7 +10,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - kmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +index 8f61ee32..07ddf429 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +index ed9771d0..665d2cc0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +index 92ffffc2..078ab659 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +index 5a14e1ef..a9a8e979 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +index bf257618..40b8f94b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +index 04e870ab..5822ca9d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +index 8c8c9e60..d3f13e3b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +@@ -1,5 +1,5 @@ + +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + +@@ -11,7 +11,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +index fa89ec6e..0cc45a8c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +index ca767a82..9725c48c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +index 51aaec95..f9e637db 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +index 99ea9ba4..9cd9a2ba 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +index f3c3324e..d5545d32 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +index cab3cb16..d895a1d3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +index 03fd86df..fe8fc938 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Record Any Attempts to Run ssh-agent' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +index 28185012..f7b2584a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +@@ -1,4 +1,4 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + +@@ -10,7 +10,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +index 33e174cf..1a31c6d9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +index f384c1bf..4919ddf5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +index 627aa69b..92f12e79 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +index 733f1062..4662d11d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +index fc71d402..da79a174 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +index 2478dba5..fcd15af5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_update' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +index bd496cfb..e1c9765a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +index 4d01b662..b75dcbdf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usermod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +index 152ac4f7..3eec8f8c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +@@ -1,10 +1,10 @@ +-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} ++{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x="-F perm=x " %}} + {{%- endif %}} + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +index 4fd5bef0..c582d439 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +index 79dc227e..4a279b5f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +index e1221d1a..6decde5e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +index 84d77e89..71551300 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +index 3c8971e4..6a656d46 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +index 6ee8ef91..d7b5464c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +index 449fe58e..c2fd43d7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +index 37094bd4..4158f565 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +index ee516082..2d746234 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +index 01b22ecb..f65c0e09 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +index 0eaf7977..bbd3c7d8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +index a1a40472..0b4a5846 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +index b9daadd7..514f4744 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Traverse all of: + # +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +index 26d02c24..28daa910 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +index e55119fd..2e7514b5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +index 632149b9..038c574b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +index 4534624b..7d1db5bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +index 3c1ca33a..fdb0252c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot =false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +index 352d01bd..a3b0b525 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +index 7f2f4e29..7ad5c59a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +index d01b505a..8cce3781 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +index 1decbff9..083f80bd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +index c3a0dd19..9142d2ee 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +index c6a38f0d..c048d725 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +index 9583a47b..b68aa06b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +index ae7c6765..8b688ff9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +index b421cbf2..c8105798 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Record Events When Privileged Executables Are Run' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +index 63fd5601..d7917e09 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/etc/sudoers", "wa", "actions") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +index 5c99e72f..88c36f80 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +index 22ee4995..3fec6831 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Shutdown System When Auditing Failures Occur' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +index 07965e2c..908fa6e5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/etc/group", "wa", "audit_rules_usergroup_modification") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +index 14503bf7..ff8ece28 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Events that Modify User/Group Information - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +index b4290f40..5a9020f0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Events that Modify User/Group Information - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +index 26134e32..a8273188 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +index 73dfc045..3ecc4776 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Events that Modify User/Group Information - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +index abd678fc..8e50c36a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Record Events that Modify User/Group Information - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +index e829590e..e72d090f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +index 3fbd4948..27378a92 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +index 1dd7cb10..9c43228d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +index 18bb2671..8f0bffdd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +index e829590e..e72d090f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +index e2f2d649..bd5c2434 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +index e829590e..e72d090f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +index 7ea72adf..28662fe8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +index 742bbfc4..e9db1df7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + {{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +index ac72267a..67ee8659 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +index ec17adf5..0ecb4079 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +index dc0db28a..4b90cb14 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'System Audit Directories Must Be Group Owned By Root' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +index 09d4e8ff..6a8e8bda 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + groupadd group_test + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +index f040c0d2..7f2dfd92 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'System Audit Directories Must Be Owned By Root' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +index 0dad1bfe..29632f72 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu + + if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then + DIR=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ' | rev | cut -d"/" -f2- | rev) +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh +index 7e8c4912..999d914c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + source common_0700.sh + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh +index 7cfadc19..3bb0cefb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + source common_0700.sh + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh +index 3654389e..64e3e8eb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + source common_0700.sh + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh +index b93254a4..c7d66ccb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + source common_0700.sh + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +index dd63b930..b2c193e5 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'System Audit Logs Must Be Group Owned By Root' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +index 8639ae24..101a93bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +@@ -4,7 +4,7 @@ + {{% else %}} + # packages = audit + {{% endif %}} +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + if grep -iwq "log_file" /etc/audit/auditd.conf; then + FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh +index 7e6a2a01..79e18f2e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh +@@ -4,7 +4,7 @@ + {{% else %}} + # packages = audit + {{% endif %}} +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + if grep -iwq "log_file" /etc/audit/auditd.conf; then + FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml +index d957b1c0..473cf511 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'System Audit Logs Must Be Owned By Root' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh +index 3a0d9a4e..ab43ceb2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/correct_value_default_file.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + #!/bin/bash + + sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh +index 1879113b..8798ae1a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/tests/wrong_value_default_file.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + #!/bin/bash + + sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +index f97a559e..de977798 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then + FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +index e5e64131..5e67c19a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu2004 + + title: 'System Audit Logs Must Have Mode 0640 or Less Permissive' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh +index 15023ca7..488ef3e3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # packages = audit + + source common_0600.sh +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh +index 04d76809..6475f83a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/correct_value_default_file_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # packages = audit + + source common_0600.sh +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh +index aea9d1b1..3f045e4c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_0600.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # packages = audit + + source common_0600.sh +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh +index 003e3330..368540ad 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/tests/incorrect_value_default_file_0600.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # packages = audit + + source common_0600.sh +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +index 1e0529f0..9ed9948a 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +index 53a56e25..55479973 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_audispd_remote_server") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +index 64c64fe6..5828123b 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure audispd Plugin To Send Logs To Remote Server' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml +index 35756675..93d75bae 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Configure a Sufficiently Large Partition for Audit Logs' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml +index 8ccde192..417313af 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml +index 637683d6..b9202b70 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Encrypt Audit Records Sent With audispd Plugin' + +@@ -57,7 +57,7 @@ ocil: |- + + fixtext: |- + Configure {{{ full_name }}} to encrypt audit records sent with audispd plugin. +-{{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "rhel9", "almalinux9", "fedora", "ol8", "rhv4"] %}} + Set the "transport" option in "{{{ audisp_conf_path }}}/audisp-remote.conf" to "KRB5". + {{% else %}} + Uncomment the "enable_krb5" option in "{{{ audisp_conf_path }}}/audisp-remote.conf", +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml +index 71fc8168..83540271 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh +index d1a51360..8ca091be 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_audispd_network_failure_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml +index 0a3db320..df5c9b6f 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Configure audispd''s Plugin network_failure_action On Network Failure' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh +index d244d4bd..ec516de8 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh +index af96da87..3bcbba05 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh +index d1f708e6..c84612b8 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = bash + + . $SHARED/auditd_utils.sh +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh +index b370dda3..6ba8a104 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = bash + + . $SHARED/auditd_utils.sh +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh +index 1184212b..27584dca 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora + # remediation = bash + + . $SHARED/auditd_utils.sh +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml +index b075778f..d9baf1b4 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh +index d0065b38..7027992a 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml +index 06f4a10c..ba788edb 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh +index 78726bbc..0a36846a 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml +index 55f407e0..b9084af2 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml +index 0adf2b53..37695252 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh +index ce4f4d02..6ab8e06d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml +index 61cc4751..7f66a5c1 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh +index 8ab6e16a..11021155 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml +index 55f407e0..b9084af2 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml +index b82e6d17..717e52b9 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh +index 464c566e..43adf8bf 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml +index 9efd2d5e..95c46c53 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh +index 095b279f..efcddf50 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml +index 9c8afcfa..53a6da7e 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh +index 79b91655..40632d09 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_auditd_flush") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml +index ce94d5f5..5aa4a2f8 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Configure auditd flush priority' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh +index da07f56c..90ebe810 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh +index 013ac37d..97c4125f 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh +index fca91d8e..9bcfaa3d 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh +index 679ed1d9..79155fb0 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh +index 17275563..8f1d103c 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh +index c5b4b4a9..74580039 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # profiles = xccdf_org.ssgproject.content_profile_ospp + # remediation = bash + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml +index c70cd104..c97fbf56 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh +index 8ac93789..e8a6dab1 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_auditd_max_log_file") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml +index 69ae3cb8..f48f3656 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh +index 3a69df68..67d60999 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh +index 9e8d8ac9..cfdbd912 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = audit + # profiles = xccdf_org.ssgproject.content_profile_stig +-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9, multi_platform_fedora + + . $SHARED/auditd_utils.sh + prepare_auditd_test_enviroment +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml +index 69ae3cb8..f48f3656 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh +index 4609f8ec..f4b4664e 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml +index 55f407e0..b9084af2 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml +index 7deaa060..748a59d8 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml +index ab0bea58..a6158699 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh +index a53f062b..e0200450 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_auditd_space_left") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +index 62e76a51..096d5c0f 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Configure auditd space_left on Low Disk Space' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml +index 46560f89..123e5ef3 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh +index 870f6619..a1dc8844 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu + + {{{ bash_instantiate_variables("var_auditd_space_left_action") }}} + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml +index 58d15697..cb9ab528 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol8,rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Configure auditd space_left on Low Disk Space' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml +index 12d8541c..a3d1c459 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh +index f308bd67..e9789ea2 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +index c865ad76..f226ae34 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +index 16a637ef..76a77b98 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml ++++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon' + +diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +index b729deb4..7a571446 100644 +--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml ++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Extend Audit Backlog Limit for the Audit Daemon' + +diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +index e2d2b7fd..122741d8 100644 +--- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml ++++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install audispd-plugins Package' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml +index e3314050..603abfb9 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml +index 992bf062..60e5c921 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file accesses' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml +index f29a4afc..26ac0688 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/rule.yml +index 54bfe2a2..1f65bfb7 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file accesses (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml +index 412c67f1..ec146740 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/rule.yml +index 222290c9..d3db3edf 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file accesses (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +index 41329308..3f8c50a3 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml +index 8000a1a6..529eb715 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of successful file accesses' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml +index 1d08bae3..3e230044 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/rule.yml +index 7c8ae657..d3769eff 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file accesses (AArch64' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml +index 372b7c27..4e2ce77e 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/rule.yml +index 0091db46..11f78d83 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file accesses (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +index f6242690..bd3ddd10 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml +index 28500f9d..3774a64b 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure basic parameters of Audit system' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml +index 981a0c86..ab7d657c 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml +index 08bff713..d4b1922b 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file creations' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml +index c26dc39b..d32b854f 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/rule.yml +index b7c97321..40e07db9 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file creations (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml +index 08c8dc85..e9277f26 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/rule.yml +index c85274a3..29db3860 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file creations (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml +index 7532b0bf..211e0d29 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of successful file creations' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success_aarch64/rule.yml +index b79b8005..cf1eee86 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file creations (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success_ppc64le/rule.yml +index 54eb4be9..f86acf23 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file creations (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +index 023388b6..655883af 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml +index 6280008f..3bb2f8c8 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file deletions' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml +index 22d3990f..ed4f8bce 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/rule.yml +index 1a8d1eda..69fd62d4 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file deletions (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml +index 2fb2c25a..e182781c 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/rule.yml +index 123a38cc..66b59b5d 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file deletions (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +index 6c42b726..1da7bb5f 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml +index c95d8aab..2a150e6a 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of successful file deletions' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml +index 0314988d..25f2c5ae 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/rule.yml +index 2859e69b..0f1f12c2 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file deletions (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml +index 3734328c..1ff00c4e 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + + {{% set file_contents = """## Successful file delete + -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete""" -%}} +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/rule.yml +index f127ee47..0e7f8942 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file deletions (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +index 4b611673..42e1c3da 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +index 4a697054..432d6ef3 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure immutable Audit login UIDs' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +index 2d927984..ec647737 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml +index 23d3209c..087b82a1 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file modifications' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml +index dae46600..527bc848 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/rule.yml +index 6aa7b208..75e9a8d2 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file modifications (AARch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml +index f07ff360..62de7826 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/rule.yml +index 22a90d64..00b3a653 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful file modifications (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +index c6f79696..7a6e545c 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml +index 82ac3226..f05e04f0 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of successful file modifications' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml +index 212ec4ba..62e1ee6d 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/rule.yml +index 69bfae6a..27760434 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file modifications (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml +index 92310b97..e76e314a 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/rule.yml +index 94b15c57..966a7d78 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful file modifications (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +index f8cd8b73..090554c0 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml +index b04d879a..fc96fb8b 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of loading and unloading of kernel modules' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml +index 231034a9..460877ce 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/rule.yml +index 486f0ba2..670ed557 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of loading and unloading of kernel modules (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +index a93771e8..22e9b17b 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml +index 878b95ea..616e9d45 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Perform general configuration of Audit for OSPP' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml +index 6b943ce0..5b19b70b 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/rule.yml +index 80447e62..b7e90dcb 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Perform general configuration of Audit for OSPP (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml +index fa81ece0..7a26684d 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/rule.yml +index cb712714..7572ecf3 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Perform general configuration of Audit for OSPP (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml +index 9e8afab0..e2c7d9cb 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful ownership changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_aarch64/rule.yml +index a68a2ba7..beb9ead4 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful ownership changes (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_ppc64le/rule.yml +index f0a7c78d..ccbdef33 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful ownership changes (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml +index 7ba36791..ec26a753 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of successful ownership changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_aarch64/rule.yml +index a5dbe26e..68142509 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful ownership changes (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_ppc64le/rule.yml +index dd0cf8d7..4f3fbd68 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful ownership changes (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml +index 414cfba0..6091bc28 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful permission changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_aarch64/rule.yml +index 95fd956e..d1f0feea 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful permission changes (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_ppc64le/rule.yml +index 71e53547..79f78c19 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of unsuccessful permission changes (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml +index c01c37bd..4b8ddb33 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure auditing of successful permission changes' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_aarch64/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_aarch64/rule.yml +index edc95c19..64561b4e 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_aarch64/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_aarch64/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful permission changes (AArch64)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_ppc64le/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_ppc64le/rule.yml +index 282a2e31..1825b6f3 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_ppc64le/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success_ppc64le/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure auditing of successful permission changes (ppc64le)' + +diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml +index 8461089f..c2f64018 100644 +--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml ++++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Configure audit according to OSPP requirements' + +diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml +index 89d6152d..7afbf02b 100644 +--- a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml +index 650754d7..db936285 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_init_on_alloc_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol9,rhel9 ++prodtype: ol9,rhel9,almalinux9 + + title: 'Configure kernel to zero out memory before allocation' + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml +index d6bfc02f..2e7e7db3 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Configure kernel to trust the CPU random number generator' + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value_entries.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value_entries.fail.sh +index 00942724..f6884539 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value_entries.fail.sh ++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value_entries.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # Based on shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Breaks argument in kernel command line in /boot/loader/entries/*.conf + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml +index d599ebc9..938a3ef0 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_mds_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel9 ++prodtype: fedora,rhel9,almalinux9 + + title: 'Configure Microarchitectural Data Sampling mitigation' + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml +index 9c8723e7..afc2a1b3 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_page_alloc_shuffle_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol9,rhel9 ++prodtype: ol9,rhel9,almalinux9 + + title: 'Enable randomization of the page allocator' + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +index 249e7912..d96e7650 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Enable Kernel Page-Table Isolation (KPTI)' + +diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +index 9a0f0d21..51ec8d39 100644 +--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable vsyscalls' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +index ca391cc1..73ad3a57 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +index 40a8b787..ef4e237c 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +index e4a08f58..9b41cf57 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +index 540ea3dd..7dcfb48d 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Set the Boot Loader Admin Username to a Non-Default Value' + +diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +index 28adf230..e6221128 100644 +--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set Boot Loader Password in grub2' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +index 348a0fe2..f453b24f 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + + title: 'Verify the UEFI Boot Loader grub.cfg Permissions' +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml +index 24ccca39..3cb72682 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Set the UEFI Boot Loader Admin Username to a Non-Default Value' + +diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +index ecfee6ad..b64bae27 100644 +--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml ++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Set the UEFI Boot Loader Password' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml +index 82178171..24a4a8eb 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9,ubuntu2004 ++prodtype: rhcos4,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml +index 7396b916..295f9beb 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9,ubuntu2004 ++prodtype: rhcos4,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml +index 56b634d4..b4da3cff 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9 ++prodtype: rhcos4,rhel8,rhel9,almalinux9 + + title: 'Ensure all zIPL boot entries are BLS compliant' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml +index 6c7e3396..026da9c6 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9 ++prodtype: rhcos4,rhel8,rhel9,almalinux9 + + title: 'Ensure zIPL bootmap is up to date' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml +index a763429f..6de95147 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9 ++prodtype: rhcos4,rhel8,rhel9,almalinux9 + + title: 'Ensure SELinux Not Disabled in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/rule.yml +index fa272250..70d5146b 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Configure kernel to zero out memory before allocation in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh +index 50cf1b78..cc8c2577 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Make sure boot loader entries contain init_on_alloc=1 + for file in /boot/loader/entries/*.conf +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh +index 7c0d9154..0490eed8 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Make sure boot loader entries contain init_on_alloc=1 + for file in /boot/loader/entries/*.conf +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh +index 9d330c91..bac0815e 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Remove init_on_alloc=1 from all boot entries + sed -Ei 's/(^options.*\s)init_on_alloc=1(.*?)$/\1\2/' /boot/loader/entries/* +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_alloc_shuffle_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_alloc_shuffle_argument/rule.yml +index 5179b19f..a5d5ffce 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_page_alloc_shuffle_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_page_alloc_shuffle_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Enable randomization of the page allocator in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml +index 0cd61ae2..f6e29d38 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9 ++prodtype: rhcos4,rhel8,rhel9,almalinux9 + + title: 'Enable page allocator poisoning in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml +index df0f6c3e..df74834f 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9 ++prodtype: rhcos4,rhel8,rhel9,almalinux9 + + title: 'Enable SLUB/SLAB allocator poisoning in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml +index 790dd88b..6a2beea6 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # reboot = true + # strategy = configure + # complexity = medium +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh +index 0d90d58d..de4f6c4c 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh ++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Correct BLS option using grubby, which is a thin wrapper around BLS operations + grubby --update-kernel=ALL --remove-args="systemd.debug-shell" +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/rule.yml +index 3a442c4e..e3d440a5 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_systemd_debug-shell_argument_absent/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9 ++prodtype: rhcos4,rhel8,rhel9,almalinux9 + + title: 'Ensure debug-shell service is not enabled in zIPL' + +diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml +index 9d645c88..c5dd01bc 100644 +--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml ++++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel8,rhel9 ++prodtype: rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable vsyscalls in zIPL' + +diff --git a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml +index 0eec9c5b..d6a71fe5 100644 +--- a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Generate some entropy during boot and runtime' + +diff --git a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_randstruct/rule.yml b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_randstruct/rule.yml +index b50ba51b..6e716446 100644 +--- a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_randstruct/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_randstruct/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel9 ++prodtype: fedora,rhel9,almalinux9 + + title: 'Randomize layout of sensitive kernel structures' + +diff --git a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_stackleak/rule.yml b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_stackleak/rule.yml +index 9a0a9794..334ec502 100644 +--- a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_stackleak/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_stackleak/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel9 ++prodtype: fedora,rhel9,almalinux9 + + title: 'Poison kernel stack before returning from syscalls' + +diff --git a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml +index 49a14751..4f658e21 100644 +--- a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Force initialization of variables containing userspace addresses' + +diff --git a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak_byref_all/rule.yml b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak_byref_all/rule.yml +index f65fcd76..4c278013 100644 +--- a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak_byref_all/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak_byref_all/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel9 ++prodtype: fedora,rhel9,almalinux9 + + title: 'zero-init everything passed by reference' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml +index 58e68845..a7b59a95 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Emulate Privileged Access Never (PAN)' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml +index 33e0ef48..7965df64 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Trigger a kernel BUG when data corruption is detected' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml +index 96344b8b..37acfd3d 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Warn on W+X mappings found at boot' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml +index d9ba9ef4..e8421eea 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Harden common str/mem functions against buffer overflows' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml +index 41bc3b9b..6147c40e 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Harden memory copies between kernel and userspace' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml +index f0437d60..a0ef6f9e 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Do not allow usercopy whitelist violations to fallback to object size' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml +index af38cc1c..79880ffe 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Disable vsyscall emulation' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml +index fa2b3b6d..2679651b 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Disable vsyscall mapping' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_xonly/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_xonly/rule.yml +index 5868bb34..157c8a3e 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_xonly/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_xonly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel9 ++prodtype: fedora,rhel9,almalinux9 + + title: 'Disable vsyscall emulate execution only' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml +index ab30078a..c4f72870 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Disable the LDT (local descriptor table)' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml +index 016c1e2c..44721712 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Enable poison of pages after freeing' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml +index 8868e173..89c78097 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Perform full reference count validation' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml +index 6a891f41..408fada0 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Detect stack corruption on calls to schedule()' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml +index 53c97047..fa1e62f4 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Harden slab freelist metadata' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml +index 6813ea28..3ca5c6c8 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Randomize slab freelist' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml +index 7518f1d0..336a5d16 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Disallow merge of slab caches' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml +index 50ef83cc..39912cfd 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Stack Protector buffer overlow detection' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml +index b9c47058..d3fb20b7 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Strong Stack Protector' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml +index 1ff97ebf..f7935fce 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Make the kernel text and rodata read-only' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml +index 6a6fdb04..c4fce238 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Make the module text and rodata read-only' + +diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml +index a406bbe4..4d09b690 100644 +--- a/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml ++++ b/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'User a virtually-mapped stack' + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh +index 868fd1e1..f6db10a8 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then + mkdir -p /etc/rsyslog.d +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +index ff71cadd..f426e04e 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Ensure cron Is Logging To Rsyslog' + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml +index 4e321fec..2818c4ca 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh +index 3933f28b..d71a075f 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh +index 575530ef..d6d0b31c 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check rsyslog.conf with root group-owner log from rules and + # non root group-owner log from $IncludeConfig fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh +index 39efc1a4..2c9d68d8 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check rsyslog.conf with root group-owner log from rules and + # root group-owner log from $IncludeConfig passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh +index c7c01132..43deebea 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check if log file with non root group-owner in rsyslog.conf fails. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh +index 0ecbb35b..b67836e3 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check if log file with root group-owner in rsyslog.conf passes. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh +index 6c82a194..a28595e7 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check rsyslog.conf with root user log from rules and + # non root user log from $IncludeConfig fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh +index b24e5e16..8bc9b6cc 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check rsyslog.conf with root user log from rules and + # root user log from $IncludeConfig passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh +index 7edbb17e..bcd74022 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check if log file with non root user in rsyslog.conf fails. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh +index e0e518bc..0586491a 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check if log file with root user in rsyslog.conf passes. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml +index 635b72f7..71d2b07d 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh +index b794ea8d..7858f420 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + # List of log file paths to be inspected for correct permissions + # * Primarily inspect log file paths listed in /etc/rsyslog.conf +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh +index c27e7874..ca534ae7 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0600 from $IncludeConfig passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh +index 124b5e86..d0272377 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_glob_perms_0601.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0601 from $IncludeConfig fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh +index a6ff6a11..22503b19 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0600 from $IncludeConfig passes. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh +index 2ae5c89a..f4133e40 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Check rsyslog.conf with log file permissions 0600 from rules and + # log file permissions 0601 from $IncludeConfig fails. +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh +index fbdcd18f..10dac763 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check if log file with permissions 0600 in rsyslog.conf passes. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh +index 75e9558c..ce301226 100755 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + # Check if log file with permissions 0601 in rsyslog.conf fails. + +diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml +index 4db3af15..b1d1dc01 100644 +--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml ++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Ensure remote access methods are monitored in Rsyslog' + +diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml +index 39d727ba..04cc047d 100644 +--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: Ensure journald is configured to compress large log files + +diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml +index ca35dd93..4d2857eb 100644 +--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9 ++prodtype: alinux3,rhel7,rhel8,rhel9,almalinux9 + + title: Ensure journald is configured to send logs to rsyslog + +diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml +index 81767015..3f6a2e27 100644 +--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml ++++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux3,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: Ensure journald is configured to write log files to persistent disk + +diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml +index 859ea93e..9b9ea07f 100644 +--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml ++++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml +index fe112b71..dccd491e 100644 +--- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml ++++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Ensure rsyslog-gnutls is installed' + +diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml +index 912b94f3..1c06b581 100644 +--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server' + +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml +index f2d14ecf..4cd3e5db 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh +index 94defce8..c9ccb28f 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_instantiate_variables("rsyslog_remote_loghost_address") }}} + +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml +index 86c0988c..51f084a3 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Configure TLS for rsyslog remote logging' + +diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml +index 618c6c43..74d85870 100644 +--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml ++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Configure CA certificate for rsyslog remote logging' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml +index 9ea75642..801ab0f4 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhel8,rhel9 ++prodtype: ol8,ol9,rhel8,rhel9,almalinux9 + + title: 'Configure Firewalld to Use the Nftables Backend' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +index 10750e14..1b4ff1fa 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Install firewalld Package' + +diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +index 5b437375..97003859 100644 +--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Verify firewalld Enabled' + +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml +index fdf69351..8ad48324 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Configure the Firewalld Ports' + +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml +index b92f6f56..8bfedc19 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,rhel9,almalinux9 + + title: 'Firewalld Must Employ a Deny-all, Allow-by-exception Policy for Allowing Connections to Other Systems' + +diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +index 343370dc..c3982fca 100644 +--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml ++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Set Default firewalld Zone for Incoming Packets' + +diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml +index 7a9e8cc6..cecf2c99 100644 +--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml ++++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Verify Any Configured IPSec Tunnel Connections' + +diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +index 6f110d67..108be143 100644 +--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml ++++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,uos20 + + title: 'Install libreswan Package' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh +index d787fbbb..d209806d 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + # enable randomness in ipv6 address generation + for interface in /etc/sysconfig/network-scripts/ifcfg-* +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml +index 87306fed..88e2884b 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +index 6118cd92..54c10556 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml +index 7e0a9a8e..b5f53543 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml +index ce7b53a9..bbf18f18 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml +index 601c69d0..1b3ee91d 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml +index 8792fc66..2c7c4b02 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +index 777bd7c7..639c856a 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml +index e222b1c8..85b92ce9 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +index ce64d6e6..032ce908 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml +index d10a9722..c59e2340 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: Configure Auto Configuration on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +index b4c1f42b..1d062e03 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for IPv6 Forwarding' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml +index 0fc424cd..7e462eaf 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml +index 827e9972..a3fabe43 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Configure Denying Router Solicitations on All IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml +index 4ed2c480..f59b6d7c 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +index d45ca63c..bae5e8f2 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml +index 5b1fc0dd..72c09be5 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml +index a1491142..1f5486a0 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml +index adad48f6..2a5d98ab 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml +index 845b013e..063776b8 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +index a42ca189..f532bc56 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml +index e2951d84..0335df12 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +index 49d059cc..f2ce1c72 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml +index 571a8476..540dd867 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Auto Configuration on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml +index cda58664..53d4bf55 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default + +diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml +index adbe106a..abd126a9 100644 +--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Configure Denying Router Solicitations on All IPv6 Interfaces By Default' + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml +index 9e1ca48e..157bb750 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure IPv6 is disabled through kernel boot parameter' + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel9.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel9.fail.sh +index fc649d74..2fa1114d 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel9.fail.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel9.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Removes ipv6.disable argument from kernel command line in //boot/loader/entries/*.conf + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel9.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel9.fail.sh +index 3c1cde1d..a57a1eae 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel9.fail.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel9.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Break the ipv6.disable argument in kernel command line in /boot/loader/entries/*.conf + +diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh +index 2bd1bdbc..63ab3fe5 100644 +--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh ++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC + # services for NFSv4 from attempting to start IPv6 network listeners +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml +index 6bb6de13..1f0664a0 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +index 9a2c88cd..5aa31389 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml +index b3d72bb4..b89b8a35 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +index e4e87ff1..7eb3ddea 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml +index 55a35774..4c2a763c 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,rhel9,almalinux9 + + title: 'Drop Gratuitious ARP frames on All IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml +index 70e767cc..fbe1a27a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +index aeecbae5..423db3d7 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml +index c64da37a..08535e5a 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +index 496a8491..6c1fd15d 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml +index 8b075d55..0dd17a34 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +index abe92e65..8ddbcd3b 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml +index 2bfbd9e4..8ea37100 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +index 47abcc22..746fdf16 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml +index aa7d1562..08668d03 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +index 043f16e2..1579f086 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml +index 3a60ab17..728ddb81 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +index 38602c00..8d359a86 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml +index b6e53de3..0b652c7c 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +index 09ff6023..94cb57d2 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml +index aeb67c4e..f47a8ab6 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +index f21dfa91..647ed85f 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml +index 52d74441..08c8c256 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +index d45ebce6..19b99da2 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml +index 9e3a85af..d4f4d31c 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +index 4f552dfc..9c23788f 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml +index d9154483..35309448 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Set Kernel Parameter to Increase Local Port Range' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml +index 3104be90..58518f41 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml +index 3799d269..a5963d89 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml +index 0c8dae78..a26df0c5 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +index e87793d5..231c7901 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml +index ea1db12f..5d8b19f6 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +index e44509ea..72dc5721 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml +index b54e3d12..125464d7 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +index b3534eb7..edb3403d 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default' + +diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +index 5c449db7..4aaacf80 100644 +--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml ++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml +index 7d08edf8..f83779e3 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml +index afe2b774..1cd6802e 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable ATM Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml +index 6f5805e5..0ca4ab3b 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml +index 420485c1..3d460697 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable CAN Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +index 20878340..3bc38c92 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable DCCP Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml +index 61aed859..03f41b72 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml +index 9d9ef3ac..30de7a9a 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable IEEE 1394 (FireWire) Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml +index 28b8952d..6e3e064a 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +index f8b020fc..fd0141b4 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable SCTP Support' + +diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml +index 9761ea78..b98652b4 100644 +--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml +index 5aaafd12..9d05d0c5 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml +index 847d2123..ef4903ca 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable Bluetooth Kernel Module' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml +index 5d316177..a7f44281 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel8,rhel9 ++prodtype: fedora,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable Kernel cfg80211 Module' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml +index 25123181..44ebf869 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel8,rhel9 ++prodtype: fedora,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable Kernel iwlmvm Module' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml +index 2ae0cd34..2da591c9 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel8,rhel9 ++prodtype: fedora,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable Kernel iwlwifi Module' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml +index 409baf90..c56beebe 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel8,rhel9 ++prodtype: fedora,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable Kernel mac80211 Module' + +diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +index b3e20e7b..d5c7a557 100644 +--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml ++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Deactivate Wireless Network Interfaces' + +diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml +index 50ec8c5c..5095e298 100644 +--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml ++++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Configure Multiple DNS Servers in /etc/resolv.conf' + +diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh +index 0f2d1597..27572472 100644 +--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh ++++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + source common.sh +diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh +index 469db24e..671a4d01 100644 +--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh ++++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + source common.sh + +diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml +index 63fa589f..4c97e298 100644 +--- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml ++++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli' + +diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +index faf4d69a..6d647fbd 100644 +--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml ++++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure System is Not Acting as a Network Sniffer' + +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml +index 46680c47..d87e2223 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure All World-Writable Directories Are Owned by root user' + +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml +index e807cbfe..79482556 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh +index b3395bea..56ff803b 100644 +--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + df --local -P | awk '{if (NR!=1) print $6}' \ + | xargs -I '{}' find '{}' -xdev -type d \ + \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \ +diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml +index 04e6f122..e3a2efd9 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Verify Permissions on /etc/audit/auditd.conf' + +diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml +index 459085a4..e2ca3b90 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Verify Permissions on /etc/audit/rules.d/*.rules' + +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +index f23bcd31..6126eaeb 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SGID Executables Are Authorized' + +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,uos20 + + description: |- + The SGID (set group id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +index 73d98ee1..0f71a678 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure All SUID Executables Are Authorized' + +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20 ++prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,uos20 + + description: |- + The SUID (set user id) bit should be set only on files that were +diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +index 123f967d..6b00798c 100644 +--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml ++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure All Files Are Owned by a Group' + +diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +index 95c5bc04..8b70ebdc 100644 +--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml ++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure All Files Are Owned by a User' + +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml +index e95ddbca..775c142b 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Verify that Shared Library Directories Have Root Group Ownership' + +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh +index a0d49905..396f228e 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + DIRS="/lib /lib64 /usr/lib /usr/lib64" + for dirPath in $DIRS; do + find "$dirPath" -type d -exec chown root '{}' \; +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh +index f366c2d7..e8291c26 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + groupadd nogroup + DIRS="/lib /lib64" + for dirPath in $DIRS; do +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh +index 6e957c30..3743441b 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + DIRS="/lib /lib64 /usr/lib /usr/lib64" + for dirPath in $DIRS; do + find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \; +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh +index 55ff9ceb..93e11a14 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + DIRS="/lib /lib64 /usr/lib /usr/lib64" + for dirPath in $DIRS; do + chmod -R 755 "$dirPath" +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh +index c2b5b6bf..c6d40fa0 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + DIRS="/lib /lib64" + for dirPath in $DIRS; do + mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme" +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh +index 40e6c42c..8634e33c 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux + DIRS="/usr/lib /usr/lib64" + for dirPath in $DIRS; do + mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme" +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml +index eec7485f..698722f7 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh +index e352dd34..dc8fa8b2 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin + do +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml +index 74da4ed6..6c6556be 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Verify that system commands files are group owned by root or a system account' + +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml +index 04178f48..ce116710 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh +index 5471f360..1a2c2a9f 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + find /bin/ \ + /usr/bin/ \ + /usr/local/bin/ \ +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh +index 92c6a088..f5601ebd 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64 + do +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh +index 84da71f4..f52ddfbb 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + useradd user_test + for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh +index b6f16343..a6af7d5a 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + useradd user_test + +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh +index ed21ba99..b3c54c42 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu + + useradd user_test + +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml +index 33196965..b0572f9d 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh +index ab89b277..f4a7c33a 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu + DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec" + for dirPath in $DIRS; do + find "$dirPath" -perm /022 -exec chmod go-w '{}' \; +diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml +index ac901a98..526391bf 100644 +--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml ++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: |- + Verify the system-wide library files in directories +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml +index 3e8908c8..130a99b3 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_fifos/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel9 ++prodtype: fedora,rhel9,almalinux9 + + title: 'Enable Kernel Parameter to Enforce DAC on FIFOs' + +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml +index b0d59400..4a71eccd 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml +index 39d81abf..3199439c 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_regular/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel9 ++prodtype: fedora,rhel9,almalinux9 + + title: 'Enable Kernel Parameter to Enforce DAC on Regular files' + +diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml +index 5ce0decb..b7a4243e 100644 +--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml +index 44c5bffe..2eb544c7 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml +index 6a44cf81..d911f228 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu1804,ubuntu2004 + + title: 'Disable Mounting of cramfs' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml +index f53ca7e3..7decd700 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml +index 74729708..6973ee49 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu1804,ubuntu2004 + + title: 'Disable Mounting of freevxfs' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml +index ef0e24a3..829121c2 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml +index fd08e9fa..0f371ae5 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004 ++prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu1804,ubuntu2004 + + title: 'Disable Mounting of hfs' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml +index a20bc997..8106f54c 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml +index 74f69a23..a0966f87 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004 ++prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu1804,ubuntu2004 + + title: 'Disable Mounting of hfsplus' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml +index 38f3af39..cddf456b 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml +index 47df625c..5dafdd00 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,ubuntu1804,ubuntu2004 + + title: 'Disable Mounting of jffs2' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml +index febfd573..e2f255a6 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml +index bfbd077b..41621efe 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Disable Mounting of squashfs' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml +index ba69e9bf..615e5db4 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml +index 5e03e552..1952bea8 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004 ++prodtype: alinux3,fedora,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804,ubuntu2004 + + title: 'Disable Mounting of udf' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml +index 32e39f20..a00da355 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +index 7b7fe43e..2ac9c2f3 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Disable Modprobe Loading of USB Storage Driver' + +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml +index 2be4cc35..a50aa726 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml +index f07a4256..4f448170 100644 +--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Disable Mounting of vFAT filesystems' + +diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml +index 41352695..8b69802a 100644 +--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +index c774309f..7bfd26c5 100644 +--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,uos20 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,uos20 + + title: 'Disable the Automounter' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml +index 60aab47f..14fcab86 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Add nosuid Option to /boot/efi' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml +index e7e5ef07..9a2eee48 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Add noauto Option to /boot' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml +index 9ea1c41e..e46e1e76 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add nodev Option to /boot' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml +index fab17c24..0abcc6b5 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Add noexec Option to /boot' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml +index 41e3dbf4..39eb3f53 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Add nosuid Option to /boot' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml +index e857937b..3a35022d 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804,ubuntu2004 + + title: 'Add noexec Option to /dev/shm' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml +index 72ddb44c..31bce4ec 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804 + + title: 'Add nodev Option to /home' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml +index 87f38a62..c388c4fd 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Add noexec Option to /home' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +index 06f1aad1..08d5a0c1 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Add nosuid Option to /home' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml +index 06953551..e6405aa9 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Add nodev Option to Non-Root Local Partitions' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +index a1f12552..70bd78a9 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu1804 + + title: 'Add nodev Option to Removable Media Partitions' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +index 3e22d3ab..7c95e7af 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu1804 + + title: 'Add noexec Option to Removable Media Partitions' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +index 79fd7fd9..42c112b3 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu1804 + + title: 'Add nosuid Option to Removable Media Partitions' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml +index 307c0855..2c0aeed0 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Add nosuid Option to /opt' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml +index 9d56bdd5..a812c5a7 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add hidepid Option to /proc' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml +index bdd13365..47426497 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Add nosuid Option to /srv' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml +index 45a73e02..f4b7b8a7 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804 + + title: 'Add nodev Option to /tmp' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml +index 7356183b..57fbb75a 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Add noexec Option to /tmp' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml +index d153b869..dbc586ed 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804 + + title: 'Add nosuid Option to /tmp' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml +index ff573f2b..037f70cb 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add nodev Option to /var/log/audit' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml +index f9c908f5..5066d875 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add noexec Option to /var/log/audit' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml +index b3de16c3..e213a55b 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add nosuid Option to /var/log/audit' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml +index 893e713b..ca8f5a94 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add nodev Option to /var/log' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml +index 632ec13e..be660d3e 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add noexec Option to /var/log' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml +index 98c7f99f..5fa3ddb3 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add nosuid Option to /var/log' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml +index e5095b10..36e3e6b9 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add nodev Option to /var' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml +index 46e96325..d663c0d2 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Add noexec Option to /var' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml +index 436aa48e..0da9d433 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Add nosuid Option to /var' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh +index 59e39270..5c154d33 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + # Delete particular /etc/fstab's row if /var/tmp is already configured to + # represent a mount point (for some device or filesystem other than /tmp) +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml +index 133e7727..93892b45 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Bind Mount /var/tmp To /tmp' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml +index 8ee8c8b1..7777cec2 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804 + + title: 'Add nodev Option to /var/tmp' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml +index 39fd458e..d03eb24d 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804 + + title: 'Add noexec Option to /var/tmp' + +diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml +index 349f3348..bc58dca7 100644 +--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml ++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804 + + title: 'Add nosuid Option to /var/tmp' + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml +index d9480227..554e34e0 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml +index d9480227..554e34e0 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh +index e4cd7c96..7d53cfb5 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + SECURITY_LIMITS_FILE="/etc/security/limits.conf" + + if grep -qE '^\s*\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml +index 41cbd119..481afa58 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +index c2c0f05d..96f021b2 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Disable Core Dumps for All Users' + +diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml +index 61030d4d..bd5153d1 100644 +--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable acquiring, saving, and processing core dumps' + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml +index 8e469834..bd8d043d 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Enable ExecShield via sysctl' + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml +index 415b0486..02b1e991 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml +index 7a4c107b..22e20912 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml +index bcb6532d..c0ef877e 100644 +--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Enable NX or XD Support in the BIOS' + +diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh +index 2df5dfbe..bfb97daf 100755 +--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # remediation = none + + cp /proc/cpuinfo /tmp/cpuinfo +diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh +index 37f4870f..1d82fec3 100755 +--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # remediation = none + + cp /proc/cpuinfo /tmp/cpuinfo +diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml +index b79d960b..9afb1023 100644 +--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable page allocator poisoning' + +diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml +index c009e571..fde832a4 100644 +--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable SLUB/SLAB allocator poisoning' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml +index 88c68344..fa9b2020 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +index e3698540..d42de7a5 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable storing core dumps' + +@@ -13,7 +13,7 @@ rationale: |- + + severity: medium + +-{{% if product in ["rhel9"] %}} ++{{% if product in ["rhel9", "almalinux9"] %}} + conflicts: + - sysctl_kernel_core_pattern_empty_string + {{% endif %}} +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml +index 2babb28e..bf1cca4b 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Disable storing core dumps' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_uses_pid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_uses_pid/rule.yml +index 8f51f97c..93f9398c 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_uses_pid/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_uses_pid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Configure file name of core dumps' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml +index 36e025cc..e97acde1 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +index a6f11a47..aa6a06fc 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Restrict Access to Kernel Message Buffer' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml +index 505b3c12..cdf18e6d 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml +index 4e68361c..cb1900ac 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable Kernel Image Loading' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml +index 1722b937..6a1b5154 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable loading and unloading of kernel modules' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml +index 52456967..9a9b5846 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Limit CPU consumption of the Perf system' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml +index f78db1b0..c5fcf560 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Limit sampling frequency of the Perf system' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml +index 0541e59a..50020c28 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml +index 16d4b236..00d5035a 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disallow kernel profiling by unprivileged users' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml +index 4299f35b..ecd3bb57 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Configure maximum number of process identifiers' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml +index f17eeb7a..270113c8 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disallow magic SysRq key' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml +index 2e24d921..7b706bb3 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml +index 9e5920b0..061ebe23 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/rule.yml +index 259d1f90..86446d15 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel9 ++prodtype: rhel9,almalinux9 + + title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh +index b9776227..f58a7ac9 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/system_default.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh +index 9f19e014..b6f94e4b 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_0.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh +index e976db59..073e9fda 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_1.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh +index b1537175..d1f7474e 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled_accept_default/tests/value_2.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Clean sysctl config directories + rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/* +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml +index ceafd483..7006e206 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +index 7902e247..d6e36134 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Restrict usage of ptrace to descendant processes' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml +index 7519b774..af6c30ab 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml +index 1c1907f0..2cd9ed6a 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Harden the operation of the BPF just-in-time compiler' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml +index fdd4fb83..3274d5b3 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml +index 2932ebe2..61abbf26 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9 + + title: 'Disable the use of user namespaces' + +diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml +index 93a11ee5..bce17075 100644 +--- a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml ++++ b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Prevent applications from mapping low portion of virtual memory' + +diff --git a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml +index 352e1c4e..411a0651 100644 +--- a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml ++++ b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure SELinux Not Disabled in the kernel arguments' + +diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml +index e9ff094d..f0a8bcdb 100644 +--- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh +index 735354a2..0c13b196 100644 +--- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15 + + sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* + sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/* +diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml +index 173fcf3f..b25fc77c 100644 +--- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml ++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure SELinux Not Disabled in /etc/default/grub' + +diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +index 6a76f919..a181f2d8 100644 +--- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml ++++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Install libselinux Package' + +diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh +index ea0437f5..8759a6ce 100644 +--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh ++++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + # Package libselinux cannot be uninstalled normally + # as it would cause removal of sudo package which is +diff --git a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml +index 88d890f4..d845a259 100644 +--- a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml ++++ b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Uninstall mcstrans Package' + +diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml +index eb5f39b4..9cadeabd 100644 +--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml ++++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhel8,rhel9 ++prodtype: ol8,ol9,rhel8,rhel9,almalinux9 + + title: 'Install policycoreutils-python-utils package' + +diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml +index b17c711e..b8515987 100644 +--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml ++++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install policycoreutils Package' + +diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml +index d20c1116..1fe08908 100644 +--- a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml ++++ b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall setroubleshoot-plugins Package' + +diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml +index c5fec06d..adf5d424 100644 +--- a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml ++++ b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall setroubleshoot-server Package' + +diff --git a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml +index 04ee5b2b..7df0b3b2 100644 +--- a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml ++++ b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Uninstall setroubleshoot Package' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml +index 9059fdf0..8c87bfe0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the antivirus_can_scan_system SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml +index ebbce6ed..2ebde0a5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the antivirus_use_jit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml +index ad4e91f5..cb17fe2b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the auditadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml +index 1de5f715..fe6aca54 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the authlogin_nsswitch_use_ldap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml +index 57cb33c8..75eefb4b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the authlogin_radius SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml +index fc7a5770..f49db4af 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the authlogin_yubikey SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml +index e6c6bbe3..0de55d55 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the awstats_purge_apache_log_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml +index 8cba7a6c..fe251376 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the boinc_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml +index 6d1ab1fb..fd1b7009 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cdrecord_read_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml +index d38be936..ed587e35 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cluster_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml +index a6558b75..8e554472 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cluster_manage_all_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml +index 4dba59fc..abb6956e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cluster_use_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml +index 9c405241..909996ef 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cobbler_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml +index 96c0e256..ddfb9c7e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cobbler_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml +index 93bdc97c..953451b8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cobbler_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml +index a7d6e9e7..f8ab9378 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cobbler_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml +index d2c8b686..c68bf908 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the collectd_tcp_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml +index 1f560285..6f9d60a9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the condor_tcp_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml +index c880bf74..1ccfe15a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the conman_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml +index e9051bb9..3c18677a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the container_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml +index f01af3d6..24a52cd6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the cron_can_relabel SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml +index c1d20f8e..ac0e0def 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the cron_system_cronjob_use_shares SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml +index f4daf0a6..aab6e8f8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the cron_userdomain_transition SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml +index d1d7ded6..a505ee03 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cups_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml +index af5727d6..9716421d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the cvs_read_shadow SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml +index e2f136bf..0f05a756 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the daemons_dump_core SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml +index 07ef4320..2ed8dac4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the daemons_enable_cluster_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml +index f8442291..275327d1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the daemons_use_tcp_wrapper SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml +index 02622dcd..61796c92 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the daemons_use_tty SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml +index c75cce8a..1e6098c3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the dbadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml +index 2b9a11ba..218512e6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the dbadm_manage_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml +index 707d7113..02def382 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the dbadm_read_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml +index 04d2464c..95393472 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the deny_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml +index 89693152..a5055170 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the deny_ptrace SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml +index 9b4bfe10..372c9ba3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the dhcpc_exec_iptables SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml +index 75f044c4..cc399eac 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the dhcpd_use_ldap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml +index 5afdc364..70893487 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the domain_fd_use SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml +index 90f835f0..f3d8593b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the domain_kernel_load_modules SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml +index 2c75b117..8a7df966 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the entropyd_use_audio SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml +index 12305e08..27716b9e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the exim_can_connect_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml +index 2d54130d..e5c9af8e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the exim_manage_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml +index b240c116..8f10bb00 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the exim_read_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml +index 9b3cf756..c6a32cf1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the fcron_crond SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml +index 1f71bedb..79ca65b5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the fenced_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml +index cac41de7..4068f9e3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the fenced_can_ssh SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml +index 57686707..0509cf9f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the fips_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml +index dbf31b53..2575707e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml +index 579ac3f5..0f236f9a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_connect_all_unreserved SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml +index f2d973ba..98afe646 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_connect_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml +index cf9e7826..8bb6ba21 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_full_access SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml +index 14b1f752..797f97e8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml +index 6cb9d9df..51264cf5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml +index 4035d4f8..97459b4e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml +index c1236064..6ac9c113 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ftpd_use_passive_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml +index 47e9b420..c9c17dfc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_cgi_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml +index ca5a2bcd..c21011bb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_cgi_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml +index f8b5c912..fb438175 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_cgi_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml +index 8dffa1dd..cfe12f9f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_session_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml +index f4dca61a..bcaaf61a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_session_users SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml +index 170fcfdf..04b0c266 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_system_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml +index c46e622e..83eb41bc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_system_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml +index b149744b..bf6b24a9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the git_system_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml +index 2fa3db75..28827adf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the gitosis_can_sendmail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml +index f8324918..bd532ae6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the glance_api_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml +index ee835d3e..a36f67d8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the glance_use_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml +index 70546358..1db3f82d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the glance_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml +index 12cb7bdc..a6468f01 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the global_ssp SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml +index 19903fc9..1b2d7d37 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the gluster_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml +index c586752c..78ed96d1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the gluster_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml +index 953d6f51..b1c55efe 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Configure the gluster_export_all_rw SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml +index d5d68c10..63226319 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the gpg_web_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml +index 9cf94d26..0dd9c4c0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the gssd_read_tmp SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml +index d889a510..baf11579 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the guest_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml +index f5e5a38e..33602565 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the haproxy_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml +index 7ac8bcac..7e95a9cf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml +index 9d1fbe43..683d5538 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Configure the httpd_builtin_scripting SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml +index f08b0711..0409a6b7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_check_spam SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml +index 6511bfe2..ec0dde96 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_connect_ftp SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml +index 9d088182..1f302780 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_connect_ldap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml +index fe8400ee..ca2115fb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_connect_mythtv SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml +index d8282606..181e1de9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_connect_zabbix SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml +index 51f2d075..4ebb1b8c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml +index 04ffe7de..9e47001c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_network_connect_cobbler SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml +index 38b2cbfe..91af7c33 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_network_connect_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml +index d844dcdb..0823b645 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_network_memcache SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml +index bff3c8ce..2607875f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_network_relay SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml +index 8d73dd26..9d3aef31 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_can_sendmail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml +index 3cfbca8a..a9d6863a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_dbus_avahi SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml +index da62291c..93fcb742 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_dbus_sssd SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml +index dc9651f9..30fe62db 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_dontaudit_search_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml +index 63eb6e1e..3e8b3557 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Configure the httpd_enable_cgi SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml +index 677ed3ce..0ffe7048 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_enable_ftp_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml +index a2b05231..f8ed5f62 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml +index ee05eba7..d249a49f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml +index b5a42076..6dcf3019 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the httpd_graceful_shutdown SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml +index d8453a7d..5216f592 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_manage_ipa SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml +index 0b2ad316..a4d73e50 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml +index eaf8ea4d..716aca49 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_mod_auth_pam SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml +index e258ff54..6030e8ed 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_read_user_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml +index d8b3f4e6..1acc360f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_run_ipa SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml +index 413472cb..63fda6cd 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_run_preupgrade SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml +index 4cc54284..094a31d7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_run_stickshift SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml +index 27a979c8..cf14e746 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_serve_cobbler_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml +index e09231f7..c5a21027 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_setrlimit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml +index 81ee3798..2959a886 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_ssi_exec SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml +index 61140b8d..afe68c7c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_sys_script_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml +index ad6c2ea7..9709e422 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_tmp_exec SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml +index 12b4dcc1..2217448a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_tty_comm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml +index ffcda8a2..4e2d85a2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_unified SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml +index 4a5c7bdc..4c108c15 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml +index 79c4149f..90e1e61f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml +index d022811e..5145fb03 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_use_gpg SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml +index 4080ca05..89d98670 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml +index dbbb07cf..3993dc8b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_use_openstack SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml +index fe0840e2..50e77580 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_use_sasl SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml +index 61def0aa..51cc4240 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the httpd_verify_dns SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml +index 724cbbce..1f273623 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the icecast_use_any_tcp_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml +index a7da73c3..f2a42a61 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the irc_use_any_tcp_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml +index d82f9ff2..5962ef56 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the irssi_use_full_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml +index fdb0a982..63764f26 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the kdumpgui_run_bootloader SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml +index 37235acc..32e39027 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the kerberos_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml +index eb32deaf..a4ff48f7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ksmtuned_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml +index 86376cba..b172ec90 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the ksmtuned_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml +index 5b5dd95a..e68d0977 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the logadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml +index b515961c..8d3f7cbb 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the logging_syslogd_can_sendmail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml +index 3c520540..5a35e816 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the logging_syslogd_run_nagios_plugins SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml +index 7b90abe8..49773332 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the logging_syslogd_use_tty SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml +index 3112822f..0b3406a4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the login_console_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml +index 8e327772..46cd60a7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the logrotate_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml +index d5e181b9..fb6c8962 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the logwatch_can_network_connect_mail SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml +index 4d3c7838..0cc6a3ae 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the lsmd_plugin_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml +index 6dfb2e01..3e3df051 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mailman_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml +index d235fe6f..17e6ca07 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mcelog_client SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml +index 46c9d61a..b45fceb4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the mcelog_exec_scripts SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml +index 80757940..8246c4d2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mcelog_foreground SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml +index 48cc45cb..73604816 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mcelog_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml +index 040edc1f..afabbb61 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the minidlna_read_generic_user_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml +index 9429d943..156742e3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the mmap_low_allowed SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml +index 7f95fd02..38a7b28f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the mock_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml +index 3fa8cfdf..bde8e8db 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the mount_anyfile SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml +index a461e301..af3350b5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml +index b544dd12..06935eb0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mozilla_plugin_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml +index 878c10bd..bf7d7607 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mozilla_plugin_use_bluejeans SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml +index eba60ff3..6a8f56f0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mozilla_plugin_use_gps SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml +index a5655a34..5de394a4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mozilla_plugin_use_spice SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml +index 8d8407db..46e27563 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mozilla_read_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml +index db538e06..25957400 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mpd_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml +index 5bff3c99..6d506c62 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mpd_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml +index 97140465..660abd3a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mpd_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml +index bb5e5948..28cb5c61 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mplayer_execstack SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml +index 98a1ebcf..b2abe005 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the mysql_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml +index 70347807..eb678c12 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the nagios_run_pnp4nagios SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml +index 489a099a..40ae1a43 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the nagios_run_sudo SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml +index a51fbbea..f7522286 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the named_tcp_bind_http_port SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml +index c9d54a98..f76af6b6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the named_write_master_zones SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml +index b543c733..30ee879c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the neutron_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml +index c0718a62..c12b446f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the nfs_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml +index 0355bad7..3295527d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the nfs_export_all_rw SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml +index 8d21a80b..7e6f439b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the nfsd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml +index 9ae527ee..792a6b81 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the nis_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml +index 2223ef84..6f1906d1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the nscd_use_shm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml +index 1c4fa8c1..f212384c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the openshift_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml +index affa929a..9888521b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the openvpn_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml +index 425be626..220c5faa 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the openvpn_enable_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml +index 8ebfe542..1aacfbe9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the openvpn_run_unconfined SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml +index c1a13523..e5c5437e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the pcp_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml +index 9f902520..62cb9054 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the pcp_read_generic_logs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml +index bf1ea51c..214b4916 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the piranha_lvs_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml +index 7e628966..a58258b0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the polipo_connect_all_unreserved SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml +index fa974402..1ed8e627 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml +index f2f93ba3..28ef12d0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the polipo_session_users SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml +index 0f0fe5d6..7a5a8e9e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the polipo_use_cifs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml +index 1c1d302e..908605bd 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the polipo_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml +index 29bba145..9e9c55da 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Disable the polyinstantiation_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml +index 1c061280..c138f89c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the postfix_local_write_mail_spool SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml +index 2d4f2e59..9b0ab797 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the postgresql_can_rsync SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml +index f7fdf042..90116430 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the postgresql_selinux_transmit_client_label SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml +index e4e888a8..a266c60d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml +index 215daf93..8ed6eb0f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the postgresql_selinux_users_ddl SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml +index 9ff99173..c13494ff 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the pppd_can_insmod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml +index ef5d648f..ae0700da 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the pppd_for_user SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml +index b9f04990..883e4dd3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the privoxy_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml +index ec8fa105..f05a79bf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the prosody_bind_http_port SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml +index ce7bc2f5..39bf213f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the puppetagent_manage_all_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml +index 894fed16..ae9650af 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the puppetmaster_use_db SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml +index 2cae0d28..7f2ed321 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the racoon_read_shadow SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml +index 8720c030..11a61d7b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the rsync_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml +index 58878837..830f4e05 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the rsync_client SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml +index 154646cf..7918c93e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the rsync_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml +index 832dfa25..1a4cdf4e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the rsync_full_access SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml +index 85b65a88..a504df61 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_create_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml +index c67f1f86..c5735d76 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_domain_controller SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml +index 1698ed1d..633c887b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_enable_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml +index 9a21f5f6..fcf57ba0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_export_all_ro SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml +index fd52c836..55af70a0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_export_all_rw SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml +index 826beddf..230f1afc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_load_libgfapi SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml +index d901e686..b0a21c06 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_portmapper SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml +index c409c6bb..36a39063 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_run_unconfined SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml +index cc2efcfb..83fbcd12 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_share_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml +index 085f7118..fd199098 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the samba_share_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml +index 07428064..4d4a616b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the sanlock_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml +index c1a64ba8..839a502b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the sanlock_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml +index c413f111..798d19ee 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the sanlock_use_samba SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml +index f0d4bbc9..f250e7a1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the saslauthd_read_shadow SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml +index d781baab..29197b2b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the secadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml +index 36c8756d..29a33a73 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the secure_mode SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml +index 428bb90b..c6bc0115 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the secure_mode_insmod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml +index 062b9686..829b3907 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the secure_mode_policyload SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml +index 7e58c5f2..53edcf95 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Configure the selinuxuser_direct_dri_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml +index dd87bfe5..21433e1a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Disable the selinuxuser_execheap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml +index 26617b23..e70ce009 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Enable the selinuxuser_execmod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml +index 4a78c892..31d643d6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'disable the selinuxuser_execstack SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml +index 88a2a92d..b238e78f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the selinuxuser_mysql_connect_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml +index 79b96246..21b5d26e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the selinuxuser_ping SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml +index 6d70e9d5..b0ebf970 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml +index 7092bbff..fa8798b7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the selinuxuser_rw_noexattrfile SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml +index fb492e6d..136ac7f7 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the selinuxuser_share_music SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml +index 3dcf7544..014cc650 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the selinuxuser_tcp_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml +index 89bb3dc5..0fa91f4d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the selinuxuser_udp_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml +index 518bd174..3bb6cdf9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the selinuxuser_use_ssh_chroot SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml +index 17054b75..98f00b4d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the sge_domain_can_network_connect SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml +index df44870b..f8d8c50d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the sge_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml +index 03a20026..4f2841ef 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the smartmon_3ware SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml +index a597045a..d1e0e1a6 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the smbd_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml +index 04514bde..61c0e9f9 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the spamassassin_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml +index 3f743cbf..21caa6b8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the spamd_enable_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml +index ec5c45e7..92fc9bb1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the squid_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml +index dd156deb..e08c8d5c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the squid_use_tproxy SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml +index df38b35f..f903835c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the ssh_chroot_rw_homedirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml +index 60b99ed0..f9e5f179 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the ssh_keysign SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml +index b92dd7c1..14d1630d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the ssh_sysadm_login SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml +index 2292c61e..b82a6247 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the staff_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml +index 4cb6582d..2b16a69f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the staff_use_svirt SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml +index 60ac4523..78ecd5ab 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the swift_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml +index 0fc83bc1..7c540e29 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the sysadm_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml +index d4d469d2..a68b4768 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the telepathy_connect_all_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml +index 1321809a..efc17902 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml +index 7d8a2cc2..ae954e3c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the tftp_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml +index 9b553ff7..e1fe061d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the tftp_home_dir SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml +index 1d6ea593..d157d622 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the tmpreaper_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml +index 0981d8bb..e23d3a51 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the tmpreaper_use_samba SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml +index df86f451..524358bf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the tor_bind_all_unreserved_ports SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml +index 86e08e38..d572a7ce 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the tor_can_network_relay SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml +index f0556d17..cc9bd332 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the unconfined_chrome_sandbox_transition SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml +index 839767ab..d99e0b5f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the unconfined_login SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml +index d8f69ced..d0b2c343 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the unconfined_mozilla_plugin_transition SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml +index b9ea2bbe..3a0c854f 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the unprivuser_use_svirt SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml +index 74b827fc..d88ee8e0 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the use_ecryptfs_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml +index 0b74be73..d14176ed 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the use_fusefs_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml +index ec79d2ec..58afa0a4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the use_lpd_server SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml +index fdfad24e..bbf63d1b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the use_nfs_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml +index 4da19ea4..889ac06a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the use_samba_home_dirs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml +index 2ba42daf..48d888b1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Enable the user_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml +index 0b2097dc..cb830109 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the varnishd_connect_any SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml +index 7899bd3b..1f845aae 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_read_qemu_ga_data SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml +index 822b9894..c2741632 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_rw_qemu_ga_data SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml +index df5c0c82..a467c1b8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_sandbox_use_all_caps SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml +index f0009fe4..4fe4cc33 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the virt_sandbox_use_audit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml +index 03b024c0..13c18a91 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_sandbox_use_mknod SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml +index 1891511d..68b1502c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_sandbox_use_netlink SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml +index b7fcd58a..25bbba0e 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_sandbox_use_sys_admin SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml +index 3a54abbb..16c79c80 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_transition_userdomain SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml +index bef0f9a8..c1b60f1d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_comm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml +index b4c890c4..403009c2 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml +index f92f814f..80087403 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_fusefs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml +index 7db9e5b3..5a80e646 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml +index ea059d54..3fb4e8cf 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_rawip SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml +index bd6cccac..47238cac 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_samba SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml +index 7db733fe..daa451b3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_sanlock SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml +index bc2e3350..41f4e8f1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_usb SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml +index 8420fe49..aaf8d58a 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the virt_use_xserver SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml +index 3d69f6b2..92f3e068 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the webadm_manage_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml +index c8859dd0..3dca8066 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the webadm_read_user_files SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml +index 46ea5e90..dbde677d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the wine_mmap_zero_ignore SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml +index 456b95fa..ee18f1f8 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xdm_bind_vnc_tcp_port SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml +index 0e2d6630..0c9aff07 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xdm_exec_bootloader SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml +index 5c798324..7ea74f6c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xdm_sysadm_login SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml +index 1231f32f..24ea4078 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xdm_write_home SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml +index 38ff90e0..f6a3acf5 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the xen_use_nfs SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml +index 9bd43515..be5c8719 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the xend_run_blktap SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml +index 1faef3c8..43ae6c7c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the xend_run_qemu SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml +index 13fc1d0a..a8764ac4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xguest_connect_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml +index fa2c6693..e098da1d 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xguest_exec_content SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml +index 59420f0a..a8c34a58 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xguest_mount_media SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml +index 7052e987..ebd8154b 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xguest_use_bluetooth SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml +index aca077be..dff835dc 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xserver_clients_write_xshm SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml +index 393ec2b3..19df417c 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xserver_execmem SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml +index 6f9a0de7..7a0356a4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Disable the xserver_object_manager SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml +index f48eccf1..cc0c46a3 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the zabbix_can_network SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml +index 4775f929..c36989c4 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the zarafa_setrlimit SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml +index ede5e2a4..6d569cd1 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the zebra_write_config SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml +index f97013e6..83c54980 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the zoneminder_anon_write SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml +index dc7b1290..8b0cc9ef 100644 +--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml ++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the zoneminder_run_sudo SELinux Boolean' + +diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml +index 7065c1eb..b52751a1 100644 +--- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Ensure No Device Files are Unlabeled by SELinux' + +diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +index 3345de71..237ae711 100644 +--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Ensure No Daemons are Unconfined by SELinux' + +diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml +index fa39b8af..33e2978d 100644 +--- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml ++++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh +index 0b33e576..c9b647b8 100644 +--- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh ++++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml +index cf0c65d9..edeb4c57 100644 +--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Configure SELinux Policy' + +diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml +index 1c1560a8..fc86b614 100644 +--- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml ++++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh +index 10ecee50..3d3098f4 100644 +--- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh ++++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml +index 053d4341..17721ee3 100644 +--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml ++++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Map System Users To The Appropriate SELinux Role' + +diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +index 8e4dbeba..e27e3f80 100644 +--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Encrypt Partitions' + +diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml +index cd5b4b46..2266d9e0 100644 +--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml ++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu1804,ubuntu2004 + + title: 'Ensure /var/tmp Located On Separate Partition' + +diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh +index d24ad613..78e4f65c 100644 +--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh ++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + + dconf update +diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +index dae8d1ca..dd891d85 100644 +--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml ++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles' + +diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml +index ffde0523..4f4ae02e 100644 +--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml ++++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Configure GNOME3 DConf User Profile' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml +index c3baa1b8..be83f158 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml +index 3165c09f..4042bd82 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable the GNOME3 Login Restart and Shutdown Buttons' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml +index ca6beab0..8e18147d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml +index 6d90e7be..a3df9211 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Disable the GNOME3 Login User List' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml +index f5d68f1c..91f02c0d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml +index 0e5f2217..6893ab75 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Enable the GNOME3 Login Smartcard Authentication' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml +index 9842d13b..f5204ec4 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Enable the GNOME3 Screen Locking On Smartcard Removal' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml +index 45e6c24a..e06d9600 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml +index baf8f8a1..5c54b83d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Set the GNOME3 Login Number of Failures' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml +index 6b19c813..1f656f5a 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml +index 7005c4fe..4129e41d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable GDM Automatic Login' + +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml +index ef2933c5..0d72f6f6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml +index 0ca67c74..332a5018 100644 +--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml +index 60417ff4..0af05e79 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml +index 298e0888..2a5d1cc2 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable GNOME3 Automounting' + +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml +index ac168ef9..69ecfa6a 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +index ed2f2a93..f3c6bad9 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable GNOME3 Automount Opening' + +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml +index 51e4063c..3591b726 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml +index 82ba66e8..468003e6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable GNOME3 Automount running' + +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml +index 33460b61..04074e66 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml +index 0ed279aa..ae74b346 100644 +--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable All GNOME3 Thumbnailers' + +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml +index 4e389aa5..254db9bf 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml +index 87f7c6e9..9bd4036a 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable WIFI Network Connection Creation in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml +index c3922e5b..40515598 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml +index af8909aa..52a7ef04 100644 +--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable WIFI Network Notification in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml +index 09eed836..601191b4 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml +index cdf4c645..e1d7b8f6 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Require Credential Prompting for Remote Access in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml +index bf1efbe6..efa5b96a 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml +index fd5f0a6d..c1760aae 100644 +--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Require Encryption for Remote Access in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml +index f7c7b437..95781d5a 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml +index 5c131548..7f9a67e8 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle15 + + title: 'Enable GNOME3 Screensaver Idle Activation' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml +index d3f144c8..ae170b80 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml +index b94df803..4d2b625f 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Idle Activation' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml +index 5b08acff..d1af90b1 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +index 48b0d38d..9bc88e1d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Set GNOME3 Screensaver Inactivity Timeout' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml +index 9d034e51..2c45806b 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +index 3d1bb623..e3d02fdb 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Set GNOME3 Screensaver Lock Delay After Activation Period' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml +index d04e6893..5b9cba00 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +index 070cd4d6..f9d92589 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Enable GNOME3 Screensaver Lock After Idle Period' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml +index 34ff91ab..875abf68 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml +index 24b7466a..9186ed5f 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml +index 4dbe2b3c..7313b6bc 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +index 5d141635..fa2731ea 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Implement Blank Screensaver' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml +index 606e00c5..792db4ca 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml +index 9f86c7ed..fffac8ea 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable Full User Name on Splash Shield' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml +index ed7d9884..a41cb715 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml +index 6f243a6f..770c0965 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings' + +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml +index aae97c96..18c7ec75 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +index 433bc2eb..06bda162 100644 +--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml +index 76181547..eb340cb5 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml +index 6ac890aa..4ea8d42a 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml +index fa4f578e..f0d0708d 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml +index faa389c2..02731032 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable Geolocation in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml +index 7a2e35b8..81948e7e 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable Power Settings in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml +index 592f8558..218caaa4 100644 +--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml ++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Disable User Administration in GNOME3' + +diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml +index 27b2e8e2..b93c5bcf 100644 +--- a/linux_os/guide/system/software/gnome/group.yml ++++ b/linux_os/guide/system/software/gnome/group.yml +@@ -12,7 +12,7 @@ description: |- + {{% if product in ['ol7', 'ol8'] %}} + Oracle Linux Graphical environment. + {{% else %}} +- Red Hat Graphical environment. ++ AlmaLinux Graphical environment. + {{% endif %}} +

+ For more information on GNOME and the GNOME Project, see {{{ weblink(link="https://www.gnome.org") }}}. +diff --git a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml +index 085b898b..7d435166 100644 +--- a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml ++++ b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: fedora,rhel7,rhel8,rhel9,almalinux9,rhv4,ubuntu2004 + + title: 'Remove the GDM Package Group' + +diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml +index 54e822ef..47ba0a05 100644 +--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004 + + title: 'The Installed Operating System Is FIPS 140-2 Certified' + +diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml +index 16c3847a..fe79866e 100644 +--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml +@@ -4,6 +4,7 @@ + The operating system installed on the system is supported by a vendor that provides security patches. + ") }}} + ++ + + + +diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml +index 35525534..22da4170 100644 +--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml ++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'The Installed Operating System Is Vendor Supported' + +@@ -12,6 +12,9 @@ description: |- + {{% elif product in ["sle12", "sle15"] %}} + SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise + vendor, SUSE is responsible for providing security patches. ++{{% elif product == "almalinux9" %}} ++ AlmaLinux is supported by AlmaLinux. As the AlmaLinux ++ vendor, AlmaLinux is responsible for providing security patches. + {{% else %}} + Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise + Linux vendor, Red Hat, Inc. is responsible for providing security patches. +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +index 870150aa..8e1e9b40 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4,uos20 + + title: 'Configure BIND to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh +index 2c9316c3..c0282cc6 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = bind +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + + BIND_CONF='/etc/named.conf' +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh +index eeee56ba..272509e0 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + yum remove -y bind || true +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh +index 98b91d69..b87122d1 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = bind + # +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # We don't remediate anything if the config file is missing completely. + # remediation = none + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh +index 6218d35e..f4f987c7 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = bind +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + BIND_CONF='/etc/named.conf' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh +index 1efeb70a..402a8f3d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = bind +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + + BIND_CONF='/etc/named.conf' +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +index de186e76..8be791b8 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4,sle15,uos20 + + title: 'Configure System Cryptography Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh +index 8086616e..64c12a0d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/cis_l2.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2 + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +index efc1cab4..1e1aa628 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = crypto-policies-scripts + + # IMPORTANT: This is a false negative scenario. +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh +index 46d8e341..247389be 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = crypto-policies-scripts + + update-crypto-policies --set "DEFAULT" +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh +index a18ad25b..42f12199 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh +index 04527eb2..748bd157 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh +index 8864a8cd..bc4f09a0 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh +index 33719ca9..bd8cfc01 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +index 6e53c39d..5babe0cc 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh +index 1cb6ea49..238fbcc3 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis_server_l1,xccdf_org.ssgproject.content_profile_cis_workstation_l1 + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh +index 51d35ff9..c6c9565a 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_e8 + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh +index 053c5c1a..656411a8 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +index 07cbb3f6..538bb8b1 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh +index fc7aeeae..479309d4 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml +index 12ca11e5..bcc51e9d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Configure GnuTLS library to use DoD-approved TLS Encryption' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +index 68f748eb..98fcc22f 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20 ++prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4,uos20 + + title: 'Configure Kerberos to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh +index 677aa91c..9902d683 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + rm -f /etc/krb5.conf.d/crypto-policies + ln -s /etc/crypto-policies/back-ends/krb5.config /etc/krb5.conf.d/crypto-policies +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh +index 2c0cb3be..39b8de48 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + rm -f /etc/krb5.conf.d/crypto-policies +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh +index 842fb7b4..b8cca84a 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + rm -f /etc/krb5.conf.d/crypto-policies + ln -s /etc/crypto-policies/back-ends/openssh.config /etc/krb5.conf.d/crypto-policies +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +index e769599a..4c565084 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4,sle15,uos20 + + title: 'Configure Libreswan to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh +index 32a820e0..73b81c24 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + yum remove -y libreswan || true +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh +index dda7430c..e7c0656a 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh +index c74f70dc..a61b53fc 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh +index a8f9df03..496ea745 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh +index 1ef57ed1..724ae559 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = libreswan +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + + cp ipsec.conf /etc +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +index 49b35d05..4c8041c8 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4,sle15,uos20 + + title: 'Configure OpenSSL library to use System Crypto Policy' + +@@ -10,7 +10,7 @@ title: 'Configure OpenSSL library to use System Crypto Policy' + {{%- set openssl_cnf_path="/etc/pki/tls/openssl.cnf" %}} + {{%- endif %}} + +-{{% if product in ["fedora", "rhel9"] %}} ++{{% if product in ["fedora", "rhel9", "almalinux9"] %}} + {{% set include_directive = ".include = /etc/crypto-policies/back-ends/opensslcnf.config" %}} + {{% else %}} + {{% set include_directive = ".include /etc/crypto-policies/back-ends/opensslcnf.config" %}} +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh +index 10265d19..6768066d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/include_with_equal_sign.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh +index 004f8f2c..febf1884 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_sle + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh +index 83b3bfad..3a92c168 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_sle + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh +index 62802427..844a4eff 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_sle + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh +index 815a74a5..b55eb9ff 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_sle ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_sle + + . common.sh + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml +index 56e046c7..f77a6e58 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Configure OpenSSL library to use TLS Encryption' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +index ab9408af..8da77698 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4,sle15,uos20 + + title: 'Configure SSH to use System Crypto Policy' + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh +index 29153984..190f5c70 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh +index ba5929e3..e58298fa 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/case_insensitive_present.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh +index 4d742e9b..739d9035 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh +index 3d6fa3b7..32af18fe 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh +index d6b92831..1d4369df 100644 +--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh ++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # +-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSH_CONF="/etc/sysconfig/sshd" + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml +index 6110a1e1..ee4a7075 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config' + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml +index 9bee09d5..18fb68e7 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config' + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml +index 1ca3d791..a47da28c 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9 + + title: 'Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config' + +diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml +index 2e2361b4..61b8e71d 100644 +--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: 'Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config' + +diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml +index 68dc260a..c5d2357a 100644 +--- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhel8,rhel9 ++prodtype: ol8,ol9,rhel8,rhel9,almalinux9 + + title: 'Install crypto-policies package' + +diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml +index 1ac4527f..563cc96b 100644 +--- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml +index 7eed9c54..b9236af4 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Install Intrusion Detection Software' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml +index 58aa177c..3b565b95 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Ensure McAfee Endpoint Security for Linux (ENSL) is running' + +diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml +index 968a0789..bd939ef6 100644 +--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml +@@ -6,7 +6,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,ubuntu2004 + + title: 'Install McAfee Endpoint Security for Linux (ENSL)' + +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml +index 9647791e..9f70b30d 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = true + # strategy = restrict + # complexity = medium +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh +index 5da0c99e..57ac7592 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4 + + fips-mode-setup --enable + FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml +index a686f80b..9a9643bf 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4 + + title: "Enable Dracut FIPS Module" + +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh +index 9c232fc9..f3d71ee2 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = crypto-policies-scripts +-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol + + fips-mode-setup --enable + FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" +diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh +index b92e8223..138d2c99 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh ++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_present.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = crypto-policies-scripts +-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_ol + + fips-mode-setup --enable + FIPS_CONF="/etc/dracut.conf.d/40-fips.conf" +diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh +index 934ecaf9..9a01dada 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4 + {{{ bash_instantiate_variables("var_system_crypto_policy") }}} + + fips-mode-setup --enable +diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml +index 65056a65..d4ef569e 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml ++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml +@@ -21,7 +21,7 @@ + var_system_crypto_policy + + +- {{% if product in ["ol9","rhel9"] -%}} ++ {{% if product in ["ol9","rhel9", "almalinux9"] -%}} + ^FIPS(:OSPP)?$ + {{%- else %}} + {{# Legacy and more relaxed list of crypto policies that were historically considered FIPS-compatible. More recent products should use the more restricted list of options #}} +diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml +index c6895f23..d04ab03a 100644 +--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4 + + title: Enable FIPS Mode + +diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml +index fd61358d..0639e939 100644 +--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: Ensure '/etc/system-fips' exists + +diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml +index fd3ebbd9..83f9a789 100644 +--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml ++++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,almalinux9,rhv4 + + title: "Set kernel parameter 'crypto.fips_enabled' to 1" + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh +index 0cdb5d98..a98b5566 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_package_install("aide") }}} + {{% if 'sle' in product %}} +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml +index d859c27f..14057c41 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Build and Test AIDE Database' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml +index 9d1b7b67..b5f823ed 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh +index d0a1ba25..a263c379 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml +index 6c900acd..1f1ba79e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol8,rhel8,rhel9,almalinux9,sle12,sle15,ubuntu2004 + + title: 'Configure AIDE to Verify the Audit Tools' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh +index 756b88d8..000925aa 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + + yum -y install aide +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh +index f3a2a126..6d175e17 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + yum -y install aide + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh +index 4315cef2..00ce6b2e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + + yum -y install aide +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh +index dfa5c1b6..60ac9414 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +index 3b70a597..06b13adc 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure Periodic Execution of AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml +index 6d863640..851c1819 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Configure Notification of Post-AIDE Scan Details' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh +index 34a11452..b22a658d 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml +index 52b8ee79..5976c887 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Configure AIDE to Use FIPS 140-2 for Validating Hashes' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh +index bcf29f05..71ee850e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +index f31132fc..5af7a5cf 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Configure AIDE to Verify Access Control Lists (ACLs)' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh +index ab7ad7ab..f3fb9b53 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + + {{{ bash_package_install("aide") }}} + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +index 116bd632..bb23d107 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Configure AIDE to Verify Extended Attributes' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml +index 93466f03..5411b89f 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_group_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,ol9,rhel8,rhel9 ++prodtype: ol8,ol9,rhel8,rhel9,almalinux9 + + title: Audit Tools Must Be Group-owned by Root + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml +index f7af904a..a577cf1d 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: Audit Tools Must Be Owned by Root + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml +index 67b1eb1a..ebe20c2c 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/file_audit_tools_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,rhel9,almalinux9 + + title: Audit Tools Must Have a Mode of 0755 or Less Permissive + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +index 287ac557..5df38904 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/package_aide_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Install AIDE' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml +index 123fd597..c8922b0d 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml +@@ -12,7 +12,7 @@ + - name: "Set fact: Package manager reinstall command (yum)" + set_fact: + package_manager_reinstall_cmd: yum reinstall -y +- when: (ansible_distribution == "RedHat" or ansible_distribution == "OracleLinux") ++ when: (ansible_distribution == "RedHat" or ansible_distribution == "OracleLinux" or ansible_distribution == "AlmaLinux") + + - name: "Read files with incorrect hash" + command: rpm -Va --nodeps --nosize --nomtime --nordev --nocaps --nolinkto --nouser --nogroup --nomode --noghost --noconfig +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh +index 40efd709..fcd9876e 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Find which files have incorrect hash (not in /etc, because of the system related config files) and then get files names + files_with_incorrect_hash="$(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )" +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +index d3d32247..41e251a7 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,uos20 + + title: 'Verify File Hashes with RPM' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml +index ed490498..3be18da3 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh +index 329a00f5..d3cce1c0 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml +index a503d46a..987b5bad 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux3,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: alinux3,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15 + + title: 'Verify and Correct Ownership with RPM' + +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml +index 419ef95a..f736860d 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh +index 016596ef..7a2a20b3 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = high +diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +index c51b0546..38a0ae52 100644 +--- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml ++++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,uos20 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle15,uos20 + + title: 'Verify and Correct File Permissions with RPM' + +diff --git a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml +index d1adc036..28720816 100644 +--- a/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml ++++ b/linux_os/guide/system/software/sudo/package_sudo_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Install sudo Package' + +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh +index 5d9a8b49..3710e371 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh +index c7f7aee3..e7e8a022 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh +index 2f41b65d..96a098ef 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + # Default umask is not explicitly set and has value 0022 +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh +index c86da249..c1ad2442 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + echo "Defaults use_pty,umask=0022,noexec" >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh +index a812074a..e66bdc71 100644 +--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh ++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # variables = var_sudo_umask=0027 + + echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh +index 1c87c96c..265432ee 100644 +--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh ++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # remediation = none + + # Make sure sudo is owned by root group +diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml +index 351032a0..17621b00 100644 +--- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'The operating system must require Re-Authentication when using the sudo command. + Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout' +diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml +index 4441e192..28fbce49 100644 +--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'The operating system must restrict privilege elevation to authorized personnel' + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + description: |- + The sudo command allows a user to execute programs with elevated +diff --git a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml +index aa2aaee1..626d651c 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Ensure sudo only includes the default configuration directory' + +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml +index 9a73d142..5b247cee 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + title: 'Ensure invoking users password for privilege escalation when using sudo' + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,sle12,sle15 + + description: |- + The sudoers security policy requires that users authenticate themselves before they can use sudo. +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh +index a258d108..904d4adb 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + echo 'Defaults !targetpw' >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh +index 9706b8bd..c543b1b3 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + if [ $(sudo egrep -i '(!rootpw|!targetpw|!runaspw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ] +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh +index 093f9dd8..0cd6dbf4 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + echo 'Defaults !targetpw' >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh +index 6247b523..bd82dc53 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + echo 'Defaults !targetpw' >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.fail.sh +index 071e3a0a..b6779c1c 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + echo 'Defaults !targetpw' >> /etc/sudoers +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh +index b12d1f88..eebf2cd7 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + if [ $(sudo egrep -i '(!rootpw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ] +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh +index 93b3dfeb..5b180d91 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + if [ $(sudo egrep -i '(!runaspw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ] +diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh +index 103cb466..e23bcce4 100644 +--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh ++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15 ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15 + # packages = sudo + + if [ $(sudo egrep -i '(!targetpw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ] +diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml +index e9863fa8..0394ac06 100644 +--- a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall geolite2-city Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml +index 1210a1e8..fef51b21 100644 +--- a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall geolite2-country Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml +index 4a548111..ad0ac07c 100644 +--- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall gssproxy Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml +index 8986513f..ed60597a 100644 +--- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall iprutils Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml +index 4750fd6b..44916ab9 100644 +--- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall krb5-workstation Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml +index 2c29f67f..636247dc 100644 +--- a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install openscap-scanner Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml +index efb59165..f6038c20 100644 +--- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Install rear Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml +index b29f7264..00db3d25 100644 +--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install rng-tools Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml +index 02ba74f0..4b9c4adb 100644 +--- a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install scap-security-guide Package' + +diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml +index f8b80118..93f93277 100644 +--- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4 ++prodtype: rhel7,rhel8,rhel9,almalinux9,rhv4 + + title: 'Install subscription-manager Package' + +@@ -14,7 +14,7 @@ rationale: |- + or an on-premise server such as Subscription Asset Manager) and works with + content management tools such as {{{ package_manager }}}. + +- {{% if product in ["rhel9"] %}} ++ {{% if product in ["rhel9", "almalinux9"] %}} + The package provides, among other things, {{{ package_manager }}} plugins + to interact with repositories and subscriptions + from the Red Hat entitlement platform - the subscription-manager and +diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml +index 58abdcac..71c064ca 100644 +--- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml ++++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall tuned Package' + +diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml +index 9b67b0e2..6891a1f2 100644 +--- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh +index 34127fd1..e30b0960 100644 +--- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle + + {{% if 'sle' in product %}} + {{{ bash_replace_or_append('/etc/zypp/zypp.conf', '^solver.upgradeRemoveDroppedPackages', 'true', '%s=%s') }}} +diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml +index 92f9d605..66e8dd25 100644 +--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml ++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure {{{ pkg_manager }}} Removes Previous Package Versions' + +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml +index bbcd9e56..e7b36b34 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol8,ol9,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Configure dnf-automatic to Install Available Updates Automatically' + +diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml +index f0f64674..2c19890a 100644 +--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml ++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol8,ol9,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Configure dnf-automatic to Install Only Security Updates' + +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml +new file mode 100644 +index 00000000..b9b1e3ea +--- /dev/null ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml +@@ -0,0 +1,39 @@ ++# platform=multi_platform_almalinux ++# reboot = false ++# strategy = restrict ++# complexity = medium ++# disruption = medium ++- name: "Read permission of GPG key directory" ++ stat: ++ path: /etc/pki/rpm-gpg/ ++ register: gpg_key_directory_permission ++ check_mode: no ++ ++# It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well. ++ ++- name: Read signatures in GPG key ++ # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10 ++ command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9" ++ args: ++ warn: False ++ changed_when: False ++ register: gpg_fingerprints ++ check_mode: no ++ ++- name: Set Fact - Installed GPG Fingerprints ++ set_fact: ++ gpg_installed_fingerprints: "{{ gpg_fingerprints.stdout | regex_findall('^pub.*\n(?:^fpr[:]*)([0-9A-Fa-f]*)', '\\1') | list }}" ++ ++- name: Set Fact - Valid fingerprints ++ set_fact: ++ gpg_valid_fingerprints: ("{{{ release_key_fingerprint }}}" "{{{ auxiliary_key_fingerprint }}}") ++ ++- name: Import AlmaLinux GPG key ++ rpm_key: ++ state: present ++ key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9 ++ when: ++ - gpg_key_directory_permission.stat.mode <= '0755' ++ - (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0 ++ - gpg_installed_fingerprints | length > 0 ++ - ansible_distribution == "AlmaLinux" +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh +new file mode 100644 +index 00000000..89e6d6ae +--- /dev/null ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh +@@ -0,0 +1,26 @@ ++# platform = multi_platform_almalinux ++readonly ALMALINUX_FINGERPRINT="BF18AC2876178908D6E71267D36CB86CB86B3716" ++ ++# Location of the key we would like to import (once it's integrity verified) ++readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-9" ++ ++RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")") ++ ++# Verify /etc/pki/rpm-gpg directory permissions are safe ++if [ "${RPM_GPG_DIR_PERMS}" -le "755" ] ++then ++ # If they are safe, try to obtain fingerprints from the key file ++ # (to ensure there won't be e.g. CRC error) ++ readarray -t GPG_OUT < <(gpg --with-fingerprint --with-colons "$ALMALINUX_RELEASE_KEY" | grep "^fpr" | cut -d ":" -f 10) ++ GPG_RESULT=$? ++ # No CRC error, safe to proceed ++ if [ "${GPG_RESULT}" -eq "0" ] ++ then ++ # Filter just hexadecimal fingerprints from gpg's output from ++ # processing of a key file ++ echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}" || { ++ # If $ ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it ++ rpm --import "${ALMALINUX_RELEASE_KEY}" ++ } ++ fi ++fi +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml +new file mode 100644 +index 00000000..f02f0400 +--- /dev/null ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml +@@ -0,0 +1,42 @@ ++ ++ ++ ++ AlmaLinux gpg-pubkey Package Installed ++ ++ multi_platform_almalinux ++ ++ The AlmaLinux key packages are required to be installed. ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ gpg-pubkey ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ {{{ pkg_release }}} ++ {{{ pkg_version }}} ++ ++ ++ +diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml +new file mode 100644 +index 00000000..da73ba4c +--- /dev/null ++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml +@@ -0,0 +1,46 @@ ++documentation_complete: true ++ ++prodtype: almalinux9 ++ ++title: 'Ensure AlmaLinux GPG Key Installed' ++ ++description: |- ++ To ensure the system can cryptographically verify base software ++ packages come from AlmaLinux, the AlmaLinux GPG key must properly be installed. ++ To install the AlmaLinux GPG key, run: ++
$ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux-9
++ If the system is not connected to the Internet, ++ then install the AlmaLinux GPG key from trusted media such as ++ the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted ++ in /media/cdrom, use the following command as the root user to import ++ it into the keyring: ++
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY
++ ++rationale: |- ++ Changes to software components can have significant effects on the ++ overall security of the operating system. This requirement ensures ++ the software has not been tampered with and that it has been provided ++ by a trusted vendor. The AlmaLinux GPG key is necessary to ++ cryptographically verify packages are from AlmaLinux. ++ ++severity: high ++ ++references: ++ cis: 1.2.2 ++ disa: CCI-001749 ++ nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b) ++ nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 ++ pcidss: Req-6.2 ++ isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6' ++ isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4 ++ cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02 ++ iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4 ++ cis-csc: 11,2,3,9 ++ ++ocil_clause: 'the AlmaLinux GPG Key is not installed' ++ ++ocil: |- ++ To ensure that the GPG key is installed, run: ++
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
++ The command should return the string below: ++
gpg(AlmaLinux <packager@almalinux.org>
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh +index 2bf91c8c..b5f52073 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle + + {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}} +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +index 17fe909b..6dec9df8 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,uos20 + + title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml +index 39fc9f86..b9efcf8f 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure gpgcheck Enabled for Local Packages' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml +index 8ba65013..6728e4d5 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = enable + # complexity = low +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh +index 07e02fa4..ee1d023d 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle + {{% if product in ["sle12", "sle15"] %}} + sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/* + {{% else %}} +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +index 02574154..b27f8c1a 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15 + + title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories' + +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh +index 37e47e4d..a852e856 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + + sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/* +diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh +index 04ff6e57..b97d7546 100644 +--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh ++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + + sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/* +diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml +index bdcc5e9b..fa9751a4 100644 +--- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml ++++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol8,ol9,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Install dnf-automatic Package' + +diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh +index fd844d2a..2932351f 100644 +--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = true + # strategy = patch + # complexity = low +diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +index 607846e1..47f296f6 100644 +--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml ++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,almalinux9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 + + title: 'Ensure Software Patches Installed' + +@@ -17,6 +17,11 @@ description: |- +
$ sudo yum update
+ If the system is not configured to use one of these sources, updates (in the form of RPM packages) + can be manually downloaded from the ULN and installed using rpm. ++{{% elif product in ["almalinux9"] %}} ++ Run the following command to install updates: ++
$ sudo yum update
++ If the system is not configured to use repos, updates (in the form of RPM packages) ++ can be manually downloaded from the repos and installed using rpm. + {{% elif product in ["sle12", "sle15"] %}} + If the system is configured for online updates, invoking the following command will list available + security updates: +diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml +index 5ae61e5d..375ac387 100644 +--- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml ++++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol8,ol9,rhel8,rhel9,almalinux9,sle12,sle15 + + title: 'Enable dnf-automatic Timer' + +diff --git a/products/almalinux9/CMakeLists.txt b/products/almalinux9/CMakeLists.txt +new file mode 100644 +index 00000000..33306232 +--- /dev/null ++++ b/products/almalinux9/CMakeLists.txt +@@ -0,0 +1,16 @@ ++# Sometimes our users will try to do: "cd almalinux9; cmake ." That needs to error in a nice way. ++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") ++ message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") ++endif() ++ ++set(PRODUCT "almalinux9") ++ ++ssg_build_product(${PRODUCT}) ++ ++ssg_build_html_cce_table(${PRODUCT}) ++ ++ssg_build_html_srgmap_tables(${PRODUCT}) ++ ++# ssg_build_html_stig_tables(${PRODUCT} "stig") ++ ++#ssg_build_html_stig_tables(${PRODUCT} "ospp") +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_enhanced-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_enhanced-ks.cfg +new file mode 100644 +index 00000000..b2403e9f +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_enhanced-ks.cfg +@@ -0,0 +1,158 @@ ++# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-07-13 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow ++# Ensure /usr Located On Separate Partition ++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" ++# Ensure /opt Located On Separate Partition ++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /srv Located On Separate Partition ++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_high-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_high-ks.cfg +new file mode 100644 +index 00000000..0c15c185 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_high-ks.cfg +@@ -0,0 +1,162 @@ ++# SCAP Security Guide ANSSI BP-028 (high) profile kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-07-13 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow ++# Ensure /usr Located On Separate Partition ++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" ++# Ensure /opt Located On Separate Partition ++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /srv Located On Separate Partition ++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_high ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_intermediary-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_intermediary-ks.cfg +new file mode 100644 +index 00000000..97fb83b0 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_intermediary-ks.cfg +@@ -0,0 +1,158 @@ ++# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-07-13 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow ++# Ensure /usr Located On Separate Partition ++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev" ++# Ensure /opt Located On Separate Partition ++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /srv Located On Separate Partition ++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid" ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_minimal-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_minimal-ks.cfg +new file mode 100644 +index 00000000..d6252402 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-anssi_bp28_minimal-ks.cfg +@@ -0,0 +1,122 @@ ++# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-07-13 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-cis-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-cis-ks.cfg +new file mode 100644 +index 00000000..92a9d285 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-cis-ks.cfg +@@ -0,0 +1,132 @@ ++# SCAP Security Guide CIS profile (Level 2 - Server) kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-08-12 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++ ++# Harden installation with CIS profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cis ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-cis_server_l1-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-cis_server_l1-ks.cfg +new file mode 100644 +index 00000000..4422b553 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-cis_server_l1-ks.cfg +@@ -0,0 +1,122 @@ ++# SCAP Security Guide CIS profile (Level 1 - Server) kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-08-12 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++ ++# Harden installation with CIS profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cis_server_l1 ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-cis_workstation_l1-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-cis_workstation_l1-ks.cfg +new file mode 100644 +index 00000000..61fbe906 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-cis_workstation_l1-ks.cfg +@@ -0,0 +1,122 @@ ++# SCAP Security Guide CIS profile (Level 1 - Workstation) kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-08-12 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++ ++# Harden installation with CIS profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cis_workstation_l1 ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-cis_workstation_l2-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-cis_workstation_l2-ks.cfg +new file mode 100644 +index 00000000..92e4c0fc +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-cis_workstation_l2-ks.cfg +@@ -0,0 +1,132 @@ ++# SCAP Security Guide CIS profile (Level 2 - Workstation) kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-08-12 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++ ++# Harden installation with CIS profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cis_workstation_l2 ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-cui-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-cui-ks.cfg +new file mode 100644 +index 00000000..ae244b80 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-cui-ks.cfg +@@ -0,0 +1,153 @@ ++# SCAP Security Guide CUI profile kickstart for AlmaLinux 9 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_cui ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-e8-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-e8-ks.cfg +new file mode 100644 +index 00000000..aa17f22f +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-e8-ks.cfg +@@ -0,0 +1,111 @@ ++# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-07-13 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# Harden installation with Essential Eight profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-com_redhat_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_e8 ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-hipaa-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-hipaa-ks.cfg +new file mode 100644 +index 00000000..90f88a98 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-hipaa-ks.cfg +@@ -0,0 +1,111 @@ ++# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-07-13 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# Harden installation with HIPAA profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-com_redhat_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_hipaa ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-ism_o-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-ism_o-ks.cfg +new file mode 100644 +index 00000000..d79a1a8f +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-ism_o-ks.cfg +@@ -0,0 +1,110 @@ ++# SCAP Security Guide ISM Official profile kickstart for AlmaLinux 9 ++# Version: 0.0.1 ++# Date: 2021-08-16 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++# ++# ++network --onboot yes --device eth0 --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create ++# encrypted password form for different plaintext password ++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++autopart ++ ++# Harden installation with Essential Eight profile ++# For more details and configuration options see ++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_ism_o ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-ospp-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-ospp-ks.cfg +new file mode 100644 +index 00000000..c6c7205f +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-ospp-ks.cfg +@@ -0,0 +1,153 @@ ++# SCAP Security Guide OSPP profile kickstart for AlmaLinux 9 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_ospp ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-pci-dss-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-pci-dss-ks.cfg +new file mode 100644 +index 00000000..b3086f7d +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-pci-dss-ks.cfg +@@ -0,0 +1,148 @@ ++# SCAP Security Guide PCI-DSS profile kickstart for AlmaLinux 9 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++ ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp --noipv6 ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++# ++# PASSWORD TEMPORARILY DISABLED ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" ++#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow ++# CCE-26557-9: Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# CCE-26435-8: Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid" ++# CCE-26639-5: Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# CCE-26215-4: Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev" ++logvol swap --name=lv_swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_pci-dss ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-stig-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-stig-ks.cfg +new file mode 100644 +index 00000000..6639afde +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-stig-ks.cfg +@@ -0,0 +1,154 @@ ++# SCAP Security Guide STIG profile kickstart for AlmaLinux 9 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_stig ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/kickstart/ssg-almalinux9-stig_gui-ks.cfg b/products/almalinux9/kickstart/ssg-almalinux9-stig_gui-ks.cfg +new file mode 100644 +index 00000000..7e31e160 +--- /dev/null ++++ b/products/almalinux9/kickstart/ssg-almalinux9-stig_gui-ks.cfg +@@ -0,0 +1,155 @@ ++# SCAP Security Guide STIG with GUI profile kickstart for AlmaLinux 9 ++# ++# Based on: ++# https://pykickstart.readthedocs.io/en/latest/ ++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg ++ ++# Specify installation method to use for installation ++# To use a different one comment out the 'url' one below, update ++# the selected choice with proper options & un-comment it ++# ++# Install from an installation tree on a remote server via FTP or HTTP: ++# --url the URL to install from ++# ++# Example: ++# ++# url --url=http://192.168.122.1/image ++# ++# Modify concrete URL in the above example appropriately to reflect the actual ++# environment machine is to be installed in ++# ++# Other possible / supported installation methods: ++# * install from the first CD-ROM/DVD drive on the system: ++# ++# cdrom ++# ++# * install from a directory of ISO images on a local drive: ++# ++# harddrive --partition=hdb2 --dir=/tmp/install-tree ++# ++# * install from provided NFS server: ++# ++# nfs --server= --dir= [--opts=] ++# ++# Set language to use during installation and the default language to use on the installed system (required) ++lang en_US.UTF-8 ++ ++# Set system keyboard type / layout (required) ++keyboard us ++ ++# Configure network information for target system and activate network devices in the installer environment (optional) ++# --onboot enable device at a boot time ++# --device device to be activated and / or configured with the network command ++# --bootproto method to obtain networking configuration for device (default dhcp) ++# --noipv6 disable IPv6 on this device ++network --onboot yes --bootproto dhcp ++ ++# Set the system's root password (required) ++# Plaintext password is: server ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220 ++ ++# The selected profile will restrict root login ++# Add a user that can login and escalate privileges ++# Plaintext password is: admin123 ++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted ++ ++# Configure firewall settings for the system (optional) ++# --enabled reject incoming connections that are not in response to outbound requests ++# --ssh allow sshd service through the firewall ++firewall --enabled --ssh ++ ++ ++# State of SELinux on the installed system (optional) ++# Defaults to enforcing ++selinux --enforcing ++ ++# Set the system time zone (required) ++timezone --utc America/New_York ++ ++# Specify how the bootloader should be installed (required) ++# Plaintext password is: password ++# Refer to e.g. ++# https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw ++# to see how to create encrypted password form for different plaintext password ++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0 ++ ++# Initialize (format) all disks (optional) ++zerombr ++ ++# The following partition layout scheme assumes disk of size 20GB or larger ++# Modify size of partitions appropriately to reflect actual machine's hardware ++# ++# Remove Linux partitions from the system prior to creating new ones (optional) ++# --linux erase all Linux partitions ++# --initlabel initialize the disk label to the default based on the underlying architecture ++clearpart --linux --initlabel ++ ++# Create primary system partitions (required for installs) ++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec" ++part pv.01 --grow --size=1 ++ ++# Create a Logical Volume Management (LVM) group (optional) ++volgroup VolGroup --pesize=4096 pv.01 ++ ++# Create particular logical volumes (optional) ++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow ++# Ensure /home Located On Separate Partition ++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev" ++# Ensure /tmp Located On Separate Partition ++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/tmp Located On Separate Partition ++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var Located On Separate Partition ++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev" ++# Ensure /var/log Located On Separate Partition ++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec" ++# Ensure /var/log/audit Located On Separate Partition ++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec" ++logvol swap --name=swap --vgname=VolGroup --size=2016 ++ ++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol) ++# content - security policies - on the installed system.This add-on has been enabled by default ++# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this ++# functionality will automatically be installed. However, by default, no policies are enforced, ++# meaning that no checks are performed during or after installation unless specifically configured. ++# ++# Important ++# Applying a security policy is not necessary on all systems. This screen should only be used ++# when a specific policy is mandated by your organization rules or government regulations. ++# Unlike most other commands, this add-on does not accept regular options, but uses key-value ++# pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic. ++# Values can be optionally enclosed in single quotes (') or double quotes ("). ++# ++# The following keys are recognized by the add-on: ++# content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide. ++# - If the content-type is scap-security-guide, the add-on will use content provided by the ++# scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect. ++# content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location. ++# datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream. ++# xccdf-id - ID of the benchmark you want to use. ++# xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive. ++# profile - ID of the profile to be applied. Use default to apply the default profile. ++# fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url. ++# tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive. ++# ++# The following is an example %addon com_redhat_oscap section which uses content from the ++# scap-security-guide on the installation media: ++%addon com_redhat_oscap ++ content-type = scap-security-guide ++ profile = xccdf_org.ssgproject.content_profile_stig_gui ++%end ++ ++# Packages selection (%packages section is required) ++%packages ++ ++# Require @Base ++@Base ++ ++%end # End of %packages section ++ ++# Reboot after the installation is complete (optional) ++# --eject attempt to eject CD or DVD media before rebooting ++reboot --eject +diff --git a/products/almalinux9/overlays/srg_support.xml b/products/almalinux9/overlays/srg_support.xml +new file mode 100644 +index 00000000..4af04a35 +--- /dev/null ++++ b/products/almalinux9/overlays/srg_support.xml +@@ -0,0 +1,173 @@ ++ +diff --git a/products/almalinux9/product.yml b/products/almalinux9/product.yml +new file mode 100644 +index 00000000..59a88cfb +--- /dev/null ++++ b/products/almalinux9/product.yml +@@ -0,0 +1,43 @@ ++product: almalinux9 ++full_name: AlmaLinux 9 ++type: platform ++ ++benchmark_id: ALMALINUX-9 ++benchmark_root: "../../linux_os/guide" ++ ++profiles_root: "./profiles" ++ ++pkg_manager: "dnf" ++ ++init_system: "systemd" ++ ++# EFI and non-EFI configs are stored in same path, see https://fedoraproject.org/wiki/Changes/UnifyGrubConfig ++grub2_boot_path: "/boot/grub2" ++grub2_uefi_boot_path: "/boot/grub2" ++ ++groups: ++ dedicated_ssh_keyowner: ++ name: ssh_keys ++ ++sshd_distributed_config: "true" ++ ++dconf_gdm_dir: "distro.d" ++ ++pkg_release: "61e69f29" ++pkg_version: "b86b3716" ++ ++oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-9.xml.bz2" ++ ++cpes_root: "../../shared/applicability" ++cpes: ++ - almalinux9: ++ name: "cpe:/o:almalinux:almalinux:9" ++ title: "AlmaLinux 9" ++ check_id: installed_OS_is_almalinux9 ++ ++# Mapping of CPE platform to package ++platform_package_overrides: ++ login_defs: "shadow-utils" ++ ++reference_uris: ++ cis: 'https://www.cisecurity.org/benchmark/almalinuxos_linux/' +diff --git a/products/almalinux9/profiles/anssi_bp28_enhanced.profile b/products/almalinux9/profiles/anssi_bp28_enhanced.profile +new file mode 100644 +index 00000000..da048c9b +--- /dev/null ++++ b/products/almalinux9/profiles/anssi_bp28_enhanced.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - yuumasato ++ ++title: 'ANSSI-BP-028 (enhanced)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the enhanced hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:enhanced +diff --git a/products/almalinux9/profiles/anssi_bp28_high.profile b/products/almalinux9/profiles/anssi_bp28_high.profile +new file mode 100644 +index 00000000..729326e4 +--- /dev/null ++++ b/products/almalinux9/profiles/anssi_bp28_high.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - yuumasato ++ ++title: 'ANSSI-BP-028 (high)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the high hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:high +diff --git a/products/almalinux9/profiles/anssi_bp28_intermediary.profile b/products/almalinux9/profiles/anssi_bp28_intermediary.profile +new file mode 100644 +index 00000000..2811f8ed +--- /dev/null ++++ b/products/almalinux9/profiles/anssi_bp28_intermediary.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - yuumasato ++ ++title: 'ANSSI-BP-028 (intermediary)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the intermediary hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:intermediary +diff --git a/products/almalinux9/profiles/anssi_bp28_minimal.profile b/products/almalinux9/profiles/anssi_bp28_minimal.profile +new file mode 100644 +index 00000000..fb24e992 +--- /dev/null ++++ b/products/almalinux9/profiles/anssi_bp28_minimal.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - yuumasato ++ ++title: 'ANSSI-BP-028 (minimal)' ++ ++description: |- ++ This profile contains configurations that align to ANSSI-BP-028 at the minimal hardening level. ++ ++ ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information. ++ ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems. ++ ++ A copy of the ANSSI-BP-028 can be found at the ANSSI website: ++ https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/ ++ ++selections: ++ - anssi:all:minimal +diff --git a/products/almalinux9/profiles/cis.profile b/products/almalinux9/profiles/cis.profile +new file mode 100644 +index 00000000..1249da8a +--- /dev/null ++++ b/products/almalinux9/profiles/cis.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ version: 1.0.1 ++ SMEs: ++ - vojtapolasek ++ - yuumasato ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: '[DRAFT] CIS AlmaLinux 9 Benchmark for Level 2 - Server' ++ ++description: |- ++ This is a draft profile based on its AlmaLinux 8 version for experimental purposes. ++ It is not based on the CIS benchmark for AlmaLinux 9, because this one was not available at time of ++ the release. ++ ++selections: ++ - cis_rhel8:all:l2_server +diff --git a/products/almalinux9/profiles/cis_server_l1.profile b/products/almalinux9/profiles/cis_server_l1.profile +new file mode 100644 +index 00000000..4320de6c +--- /dev/null ++++ b/products/almalinux9/profiles/cis_server_l1.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ version: 1.0.1 ++ SMEs: ++ - vojtapolasek ++ - yuumasato ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: '[DRAFT] CIS AlmaLinux 9 Benchmark for Level 1 - Server' ++ ++description: |- ++ This is a draft profile based on its AlmaLinux 8 version for experimental purposes. ++ It is not based on the CIS benchmark for AlmaLinux 9, because this one was not available at time of ++ the release. ++ ++selections: ++ - cis_rhel8:all:l1_server +diff --git a/products/almalinux9/profiles/cis_workstation_l1.profile b/products/almalinux9/profiles/cis_workstation_l1.profile +new file mode 100644 +index 00000000..fc587402 +--- /dev/null ++++ b/products/almalinux9/profiles/cis_workstation_l1.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ version: 1.0.1 ++ SMEs: ++ - vojtapolasek ++ - yuumasato ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: '[DRAFT] CIS AlmaLinux 9 Benchmark for Level 1 - Workstation' ++ ++description: |- ++ This is a draft profile based on its AlmaLinux 8 version for experimental purposes. ++ It is not based on the CIS benchmark for AlmaLinux 9, because this one was not available at time of ++ the release. ++ ++selections: ++ - cis_rhel8:all:l1_workstation +diff --git a/products/almalinux9/profiles/cis_workstation_l2.profile b/products/almalinux9/profiles/cis_workstation_l2.profile +new file mode 100644 +index 00000000..e40fc23b +--- /dev/null ++++ b/products/almalinux9/profiles/cis_workstation_l2.profile +@@ -0,0 +1,19 @@ ++documentation_complete: true ++ ++metadata: ++ version: 1.0.1 ++ SMEs: ++ - vojtapolasek ++ - yuumasato ++ ++reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++title: '[DRAFT] CIS AlmaLinux 9 Benchmark for Level 2 - Workstation' ++ ++description: |- ++ This is a draft profile based on its AlmaLinux 8 version for experimental purposes. ++ It is not based on the CIS benchmark for AlmaLinux 9, because this one was not available at time of ++ the release. ++ ++selections: ++ - cis_rhel8:all:l2_workstation +diff --git a/products/almalinux9/profiles/cui.profile b/products/almalinux9/profiles/cui.profile +new file mode 100644 +index 00000000..8300a3c0 +--- /dev/null ++++ b/products/almalinux9/profiles/cui.profile +@@ -0,0 +1,32 @@ ++documentation_complete: true ++ ++metadata: ++ version: TBD ++ SMEs: ++ - ggbecker ++ ++title: '[DRAFT] Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)' ++ ++description: |- ++ From NIST 800-171, Section 2.2: ++ Security requirements for protecting the confidentiality of CUI in nonfederal ++ information systems and organizations have a well-defined structure that ++ consists of: ++ ++ (i) a basic security requirements section; ++ (ii) a derived security requirements section. ++ ++ The basic security requirements are obtained from FIPS Publication 200, which ++ provides the high-level and fundamental security requirements for federal ++ information and information systems. The derived security requirements, which ++ supplement the basic security requirements, are taken from the security controls ++ in NIST Special Publication 800-53. ++ ++ This profile configures AlmaLinux 9 to the NIST Special ++ Publication 800-53 controls identified for securing Controlled Unclassified ++ Information (CUI)." ++ ++extends: ospp ++ ++selections: ++ - inactivity_timeout_value=10_minutes +diff --git a/products/almalinux9/profiles/e8.profile b/products/almalinux9/profiles/e8.profile +new file mode 100644 +index 00000000..e716edd6 +--- /dev/null ++++ b/products/almalinux9/profiles/e8.profile +@@ -0,0 +1,152 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ ++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++title: 'Australian Cyber Security Centre (ACSC) Essential Eight' ++ ++description: |- ++ This profile contains configuration checks for AlmaLinux 9 ++ that align to the Australian Cyber Security Centre (ACSC) Essential Eight. ++ ++ A copy of the Essential Eight in Linux Environments guide can be found at the ++ ACSC website: ++ ++ https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers ++ ++selections: ++ ++ ### Remove obsolete packages ++ - package_talk_removed ++ - package_talk-server_removed ++ - package_xinetd_removed ++ - service_xinetd_disabled ++ - package_ypbind_removed ++ - package_telnet_removed ++ - service_telnet_disabled ++ - package_telnet-server_removed ++ - package_rsh_removed ++ - package_rsh-server_removed ++ - service_zebra_disabled ++ - package_quagga_removed ++ - service_avahi-daemon_disabled ++ - package_squid_removed ++ - service_squid_disabled ++ ++ ### Software update ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_never_disabled ++ - ensure_gpgcheck_local_packages ++ - ensure_gpgcheck_globally_activated ++ - security_patches_up_to_date ++ - dnf-automatic_security_updates_only ++ ++ ### System security settings ++ - sysctl_kernel_randomize_va_space ++ - sysctl_kernel_exec_shield ++ - sysctl_kernel_kptr_restrict ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_unprivileged_bpf_disabled ++ - sysctl_net_core_bpf_jit_harden ++ ++ ### SELinux ++ - var_selinux_state=enforcing ++ - selinux_state ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ ### Filesystem integrity ++ - rpm_verify_hashes ++ - rpm_verify_permissions ++ - rpm_verify_ownership ++ - file_permissions_unauthorized_sgid ++ - file_permissions_unauthorized_suid ++ - file_permissions_unauthorized_world_writable ++ - dir_perms_world_writable_sticky_bits ++ - file_permissions_library_dirs ++ - file_ownership_binary_dirs ++ - file_permissions_binary_dirs ++ - file_ownership_library_dirs ++ ++ ### Passwords ++ - var_authselect_profile=sssd ++ - enable_authselect ++ - no_empty_passwords ++ ++ ### Partitioning ++ - mount_option_dev_shm_nodev ++ - mount_option_dev_shm_nosuid ++ - mount_option_dev_shm_noexec ++ ++ ### Network ++ - package_firewalld_installed ++ - service_firewalld_enabled ++ - network_sniffer_disabled ++ ++ ### Admin privileges ++ - accounts_no_uid_except_zero ++ - sudo_remove_nopasswd ++ - sudo_remove_no_authenticate ++ - sudo_require_authentication ++ ++ ### Audit ++ - package_rsyslog_installed ++ - service_rsyslog_enabled ++ - service_auditd_enabled ++ - var_auditd_flush=incremental_async ++ - auditd_data_retention_flush ++ - auditd_local_events ++ - auditd_write_logs ++ - auditd_log_format ++ - auditd_freq ++ - auditd_name_format ++ - audit_rules_login_events_tallylog ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ - audit_rules_login_events ++ - audit_rules_time_adjtimex ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_execution_restorecon ++ - audit_rules_execution_chcon ++ - audit_rules_execution_semanage ++ - audit_rules_execution_setsebool ++ - audit_rules_execution_setfiles ++ - audit_rules_execution_seunshare ++ - audit_rules_sysadmin_actions ++ - audit_rules_networkconfig_modification ++ - audit_rules_usergroup_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_kernel_module_loading ++ ++ ### Secure access ++ - sshd_use_directory_configuration ++ - sshd_disable_root_login ++ - sshd_disable_gssapi_auth ++ - sshd_print_last_log ++ - sshd_do_not_permit_user_env ++ - sshd_disable_rhosts ++ - sshd_set_loglevel_info ++ - sshd_disable_empty_passwords ++ - sshd_disable_user_known_hosts ++ - sshd_enable_strictmodes ++ ++ # See also: https://www.cyber.gov.au/acsc/view-all-content/guidance/asd-approved-cryptographic-algorithms ++ - var_system_crypto_policy=default_nosha1 ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ ++ ### Application whitelisting ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ ++ ### Backup ++ - package_rear_installed +diff --git a/products/almalinux9/profiles/hipaa.profile b/products/almalinux9/profiles/hipaa.profile +new file mode 100644 +index 00000000..6df79745 +--- /dev/null ++++ b/products/almalinux9/profiles/hipaa.profile +@@ -0,0 +1,165 @@ ++documentation_complete: True ++ ++metadata: ++ SMEs: ++ - jjaswanson4 ++ ++reference: https://www.hhs.gov/hipaa/for-professionals/index.html ++ ++title: 'Health Insurance Portability and Accountability Act (HIPAA)' ++ ++description: |- ++ The HIPAA Security Rule establishes U.S. national standards to protect individuals’ ++ electronic personal health information that is created, received, used, or ++ maintained by a covered entity. The Security Rule requires appropriate ++ administrative, physical and technical safeguards to ensure the ++ confidentiality, integrity, and security of electronic protected health ++ information. ++ ++ This profile configures AlmaLinux 9 to the HIPAA Security ++ Rule identified for securing of electronic protected health information. ++ Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s). ++ ++selections: ++ - grub2_password ++ - grub2_uefi_password ++ - file_groupowner_grub2_cfg ++ - file_owner_grub2_cfg ++ - grub2_disable_interactive_boot ++ - no_direct_root_logins ++ - no_empty_passwords ++ - require_singleuser_auth ++ - restrict_serial_port_logins ++ - securetty_root_login_console_only ++ - service_debug-shell_disabled ++ - disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - dconf_db_up_to_date ++ - dconf_gnome_remote_access_credential_prompt ++ - dconf_gnome_remote_access_encryption ++ - sshd_use_directory_configuration ++ - sshd_disable_empty_passwords ++ - sshd_disable_root_login ++ - libreswan_approved_tunnels ++ - no_rsh_trust_files ++ - package_rsh-server_removed ++ - package_talk_removed ++ - package_talk-server_removed ++ - package_telnet_removed ++ - package_telnet-server_removed ++ - package_xinetd_removed ++ - service_crond_enabled ++ - service_rexec_disabled ++ - service_rlogin_disabled ++ - service_telnet_disabled ++ - service_xinetd_disabled ++ - service_zebra_disabled ++ - use_kerberos_security_all_exports ++ - var_authselect_profile=sssd ++ - enable_authselect ++ - disable_host_auth ++ - sshd_allow_only_protocol2 ++ - sshd_disable_compression ++ - sshd_disable_gssapi_auth ++ - sshd_disable_kerb_auth ++ - sshd_do_not_permit_user_env ++ - sshd_enable_strictmodes ++ - sshd_enable_warning_banner ++ - var_sshd_set_keepalive=0 ++ - encrypt_partitions ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - var_selinux_policy_name=targeted ++ - var_selinux_state=enforcing ++ - grub2_enable_selinux ++ - sebool_selinuxuser_execheap ++ - sebool_selinuxuser_execmod ++ - sebool_selinuxuser_execstack ++ - selinux_confinement_of_daemons ++ - selinux_policytype ++ - selinux_state ++ - service_kdump_disabled ++ - sysctl_fs_suid_dumpable ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_exec_shield ++ - sysctl_kernel_randomize_va_space ++ - rpm_verify_hashes ++ - rpm_verify_permissions ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - ensure_gpgcheck_local_packages ++ - grub2_audit_argument ++ - service_auditd_enabled ++ - audit_rules_privileged_commands_sudo ++ - audit_rules_privileged_commands_su ++ - audit_rules_immutable ++ - kernel_module_usb-storage_disabled ++ - service_autofs_disabled ++ - auditd_audispd_syslog_plugin_activated ++ - rsyslog_remote_loghost ++ - auditd_data_retention_flush ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_execution_chcon ++ - audit_rules_execution_restorecon ++ - audit_rules_execution_semanage ++ - audit_rules_execution_setsebool ++ - audit_rules_file_deletion_events_renameat ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_rmdir ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_kernel_module_loading_delete ++ - audit_rules_kernel_module_loading_init ++ - audit_rules_login_events_faillock ++ - audit_rules_login_events_lastlog ++ - audit_rules_login_events_tallylog ++ - audit_rules_mac_modification ++ - audit_rules_media_export ++ - audit_rules_networkconfig_modification ++ - audit_rules_privileged_commands_chage ++ - audit_rules_privileged_commands_chsh ++ - audit_rules_privileged_commands_crontab ++ - audit_rules_privileged_commands_gpasswd ++ - audit_rules_privileged_commands_newgrp ++ - audit_rules_privileged_commands_pam_timestamp_check ++ - audit_rules_privileged_commands_passwd ++ - audit_rules_privileged_commands_postdrop ++ - audit_rules_privileged_commands_postqueue ++ - audit_rules_privileged_commands_ssh_keysign ++ - audit_rules_privileged_commands_sudoedit ++ - audit_rules_privileged_commands_umount ++ - audit_rules_privileged_commands_unix_chkpwd ++ - audit_rules_privileged_commands_userhelper ++ - audit_rules_session_events ++ - audit_rules_sysadmin_actions ++ - audit_rules_system_shutdown ++ - audit_rules_time_adjtimex ++ - audit_rules_time_clock_settime ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_watch_localtime ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_opasswd ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_shadow +diff --git a/products/almalinux9/profiles/ism_o.profile b/products/almalinux9/profiles/ism_o.profile +new file mode 100644 +index 00000000..aee8c0e8 +--- /dev/null ++++ b/products/almalinux9/profiles/ism_o.profile +@@ -0,0 +1,136 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - shaneboulden ++ - wcushen ++ - ahamilto156 ++ ++reference: https://www.cyber.gov.au/ism ++ ++title: 'Australian Cyber Security Centre (ACSC) ISM Official' ++ ++description: |- ++ This profile contains configuration checks for AlmaLinux 9 ++ that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM) ++ with the applicability marking of OFFICIAL. ++ ++ The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning ++ AlmaLinux security controls with the ISM, which can be used to select controls ++ specific to an organisation's security posture and risk profile. ++ ++ A copy of the ISM can be found at the ACSC website: ++ ++ https://www.cyber.gov.au/ism ++ ++extends: e8 ++ ++selections: ++ ++ ## Operating system configuration ++ ## Identifiers 1491 ++ - no_shelllogin_for_systemaccounts ++ ++ ## Local administrator accounts ++ ## Identifiers 1382 / 1410 ++ - accounts_password_all_shadowed ++ - package_sudo_installed ++ ++ ## Content filtering & Anti virus ++ ## Identifiers 0576 / 1341 / 1034 / 1417 / 1288 ++ - package_aide_installed ++ ++ ## Software firewall ++ ## Identifiers 1416 ++ - configure_firewalld_ports ++ ## Removing due to build error ++ ## - configure_firewalld_rate_limiting ++ - firewalld_sshd_port_enabled ++ - set_firewalld_default_zone ++ ++ ## Endpoint device control software ++ ## Identifiers 1418 ++ - package_usbguard_installed ++ - service_usbguard_enabled ++ - usbguard_allow_hid_and_hub ++ ++ ## Authentication hardening ++ ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560 ++ ## 1561 / 1546 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431 ++ - sshd_use_directory_configuration ++ - sshd_max_auth_tries_value=5 ++ - disable_host_auth ++ - require_emergency_target_auth ++ - require_singleuser_auth ++ - sshd_disable_kerb_auth ++ - sshd_set_max_auth_tries ++ ++ ## Password authentication & Protecting credentials ++ ## Identifiers 0421 / 0431 / 0418 / 1402 ++ - var_password_pam_minlen=14 ++ - var_accounts_password_warn_age_login_defs=7 ++ - var_accounts_minimum_age_login_defs=1 ++ - var_accounts_maximum_age_login_defs=60 ++ - var_authselect_profile=sssd ++ - enable_authselect ++ - accounts_password_warn_age_login_defs ++ - accounts_maximum_age_login_defs ++ - accounts_minimum_age_login_defs ++ - accounts_passwords_pam_faillock_interval ++ - accounts_passwords_pam_faillock_unlock_time ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_deny_root ++ - accounts_password_pam_minlen ++ ++ ## Centralised logging facility ++ ## Identifiers 1405 / 0988 ++ - rsyslog_cron_logging ++ - rsyslog_files_groupownership ++ - rsyslog_files_ownership ++ - rsyslog_files_permissions ++ - rsyslog_nolisten ++ - rsyslog_remote_loghost ++ - rsyslog_remote_tls ++ - rsyslog_remote_tls_cacert ++ - package_chrony_installed ++ - service_chronyd_enabled ++ # - chronyd_specify_multiple_servers ++ - chronyd_specify_remote_server ++ ++ ## Events to be logged ++ ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957 ++ - display_login_attempts ++ - sebool_auditadm_exec_content ++ - audit_rules_privileged_commands ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification ++ - audit_access_failed ++ - audit_access_success ++ ++ ## Web application & Database servers ++ ## Identifiers 1552 / 1277 ++ ++ ## Network design and configuration ++ ## Identifiers 1055 / 1311 ++ - network_nmcli_permissions ++ - service_snmpd_disabled ++ - snmpd_use_newer_protocol ++ ++ ## Wireless networks ++ ## Identifiers 1315 ++ - wireless_disable_interfaces ++ ++ ## ASD Approved Cryptographic Algorithms ++ ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 / ++ ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 / 1139 / ++ ## 1372 / 1373 / 1374 / 1375 ++ - enable_fips_mode ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ ++ ## Secure Shell access ++ ## Identifiers 0484 / 1506 / 1449 / 0487 ++ - sshd_allow_only_protocol2 ++ - sshd_enable_warning_banner ++ - sshd_disable_x11_forwarding ++ - file_permissions_sshd_private_key +diff --git a/products/almalinux9/profiles/ospp.profile b/products/almalinux9/profiles/ospp.profile +new file mode 100644 +index 00000000..05a22a2f +--- /dev/null ++++ b/products/almalinux9/profiles/ospp.profile +@@ -0,0 +1,347 @@ ++documentation_complete: true ++ ++metadata: ++ version: 4.2.1 ++ SMEs: ++ - comps ++ - stevegrubb ++ ++reference: https://www.niap-ccevs.org/Profile/Info.cfm?PPID=442&id=442 ++ ++title: 'Protection Profile for General Purpose Operating Systems' ++ ++description: |- ++ This profile is part of AlmaLinux 9 Common Criteria Guidance ++ documentation for Target of Evaluation based on Protection Profile for ++ General Purpose Operating Systems (OSPP) version 4.2.1 and Functional ++ Package for SSH version 1.0. ++ ++ Where appropriate, CNSSI 1253 or DoD-specific values are used for ++ configuration, based on Configuration Annex to the OSPP. ++ ++selections: ++ ++ ####################################################### ++ ### GENERAL REQUIREMENTS ++ ### Things needed to meet OSPP functional requirements. ++ ####################################################### ++ ++ ### Partitioning ++ - partition_for_var_log_audit ++ - mount_option_var_log_audit_nodev ++ - mount_option_var_log_audit_nosuid ++ - mount_option_var_log_audit_noexec ++ ++ ### Services ++ # sshd ++ - sshd_use_directory_configuration ++ - sshd_disable_root_login ++ - disable_host_auth ++ - sshd_disable_empty_passwords ++ - sshd_disable_kerb_auth ++ - sshd_disable_gssapi_auth ++ - sshd_rekey_limit ++ - var_rekey_limit_size=1G ++ - var_rekey_limit_time=1hour ++ ++ # Time Server ++ - chronyd_client_only ++ ++ ### systemd ++ - disable_ctrlaltdel_reboot ++ - disable_ctrlaltdel_burstaction ++ - service_debug-shell_disabled ++ - grub2_systemd_debug-shell_argument_absent ++ ++ ### Software update ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_local_packages ++ - ensure_gpgcheck_never_disabled ++ ++ ### Kernel Config ++ ## Boot prompt ++ - grub2_audit_argument ++ - grub2_audit_backlog_limit_argument ++ - grub2_vsyscall_argument ++ - grub2_init_on_alloc_argument ++ - grub2_page_alloc_shuffle_argument ++ ++ ## Security Settings ++ - sysctl_kernel_kptr_restrict ++ - sysctl_kernel_dmesg_restrict ++ - sysctl_kernel_kexec_load_disabled ++ - sysctl_kernel_yama_ptrace_scope ++ - sysctl_kernel_perf_event_paranoid ++ - sysctl_user_max_user_namespaces ++ - sysctl_kernel_unprivileged_bpf_disabled_accept_default ++ - sysctl_kernel_unprivileged_bpf_disabled_value=2 ++ - service_kdump_disabled ++ ++ ### Audit ++ - service_auditd_enabled ++ - var_auditd_flush=incremental_async ++ - auditd_data_retention_flush ++ - auditd_log_format ++ - auditd_freq ++ - auditd_name_format ++ ++ ### Module Blacklist ++ - kernel_module_bluetooth_disabled ++ - kernel_module_sctp_disabled ++ - kernel_module_can_disabled ++ - kernel_module_tipc_disabled ++ ++ ### rpcbind ++ ++ ### Install Required Packages ++ - package_dnf-automatic_installed ++ - package_subscription-manager_installed ++ - package_firewalld_installed ++ - package_openscap-scanner_installed ++ - package_sudo_installed ++ - package_usbguard_installed ++ - package_scap-security-guide_installed ++ - package_audit_installed ++ - package_crypto-policies_installed ++ - package_openssh-server_installed ++ - package_openssh-clients_installed ++ - package_chrony_installed ++ - package_gnutls-utils_installed ++ ++ ### Login ++ - sysctl_kernel_core_pattern_empty_string ++ - sysctl_kernel_core_uses_pid ++ - service_systemd-coredump_disabled ++ - var_authselect_profile=minimal ++ - enable_authselect ++ - use_pam_wheel_for_su ++ ++ ### SELinux Configuration ++ - var_selinux_state=enforcing ++ - selinux_state ++ - var_selinux_policy_name=targeted ++ - selinux_policytype ++ ++ ### Application Whitelisting (RHEL 9) ++ - package_fapolicyd_installed ++ - service_fapolicyd_enabled ++ ++ ### Configure USBGuard ++ - service_usbguard_enabled ++ - configure_usbguard_auditbackend ++ - usbguard_allow_hid_and_hub ++ ++ ++ ### Enable / Configure FIPS ++ - enable_fips_mode ++ - var_system_crypto_policy=fips_ospp ++ - configure_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_openssl_crypto_policy ++ - enable_dracut_fips_module ++ ++ ####################################################### ++ ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE ++ ### FOR GENERAL PURPOSE OPERATING SYSTEMS ++ ### ANNEX RELEASE 1 ++ ### FOR PROTECTION PROFILE VERSIONS 4.2 ++ ### ++ ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/ ++ ####################################################### ++ ++ ## Configure Minimum Password Length to 12 Characters ++ ## IA-5 (1)(a) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - var_password_pam_minlen=12 ++ - accounts_password_pam_minlen ++ ++ ## Require at Least 1 Special Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - var_password_pam_ocredit=1 ++ - accounts_password_pam_ocredit ++ ++ ## Require at Least 1 Numeric Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - var_password_pam_dcredit=1 ++ - accounts_password_pam_dcredit ++ ++ ## Require at Least 1 Uppercase Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - var_password_pam_ucredit=1 ++ - accounts_password_pam_ucredit ++ ++ ## Require at Least 1 Lowercase Character in Password ++ ## IA-5(1)(a) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - var_password_pam_lcredit=1 ++ - accounts_password_pam_lcredit ++ ++ ## Enable Screen Lock ++ ## FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - package_tmux_installed ++ - configure_bashrc_exec_tmux ++ - no_tmux_in_shells ++ - configure_tmux_lock_command ++ ++ ## Set Screen Lock Timeout Period to 30 Minutes or Less ++ ## AC-11(a) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - configure_tmux_lock_after_time ++ ++ ## Disable Unauthenticated Login (such as Guest Accounts) ++ ## FIA_UAU.1 ++ - require_singleuser_auth ++ - grub2_disable_recovery ++ - grub2_uefi_password ++ - no_empty_passwords ++ ++ ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes ++ ## AC-7 / FIA_AFL.1 ++ - var_accounts_passwords_pam_faillock_deny=3 ++ - accounts_passwords_pam_faillock_deny ++ - var_accounts_passwords_pam_faillock_fail_interval=900 ++ - accounts_passwords_pam_faillock_interval ++ - var_accounts_passwords_pam_faillock_unlock_time=never ++ - accounts_passwords_pam_faillock_unlock_time ++ ++ ## Enable Host-Based Firewall ++ ## SC-7(12) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ - service_firewalld_enabled ++ ++ ## Configure Name/Addres of Remote Management Server ++ ## From Which to Receive Config Settings ++ ## CM-3(3) / FMT_MOF_EXT.1 ++ # Management server not selected in FTP_ITC_EXT.1 ++ ++ ## Configure the System to Offload Audit Records to a Log ++ ## Server ++ ## AU-4(1) / FAU_GEN.1.1.c ++ # Audit server not selected in FTP_ITC_EXT.1 ++ ++ ## Set Logon Warning Banner ++ ## AC-8(a) / FMT_MOF_EXT.1 (FTA_TAB.1) ++ - sshd_enable_warning_banner ++ ++ ## Audit All Logons (Success/Failure) and Logoffs (Success) ++ ## CNSSI 1253 Value or DoD-Specific Values: ++ ## (1) Logons (Success/Failure) ++ ## (2) Logoffs (Success) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ++ ## Audit File and Object Events (Unsuccessful) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## (1) Create (Success/Failure) ++ ## (2) Access (Success/Failure) ++ ## (3) Delete (Sucess/Failure) ++ ## (4) Modify (Success/Failure) ++ ## (5) Permission Modification (Sucess/Failure) ++ ## (6) Ownership Modification (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## ++ ## ++ ## (1) Create (Success/Failure) ++ ## (open with O_CREAT) ++ ## (2) Access (Success/Failure) ++ ## (3) Delete (Success/Failure) ++ ## (4) Modify (Success/Failure) ++ ## (5) Permission Modification (Success/Failure) ++ ## (6) Ownership Modification (Success/Failure) ++ ++ ## Audit User and Group Management Events (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## (1) User add, delete, modify, disable, enable (Success/Failure) ++ ## (2) Group/Role add, delete, modify (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## ++ ## Generic User and Group Management Events (Success/Failure) ++ ## Selection of setuid programs that relate to ++ ## user accounts. ++ ## ++ ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure) ++ ## ++ ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure) ++ ## ++ ## Audit Privilege or Role Escalation Events (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Privilege/Role escalation (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit All Audit and Log Data Accesses (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Audit and log data access (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit Cryptographic Verification of Software (Success/Failure) ++ ## CNSSI 1253 Value or DoD-specific Values: ++ ## - Applications (e.g. Firefox, Internet Explorer, MS Office Suite, ++ ## etc) initialization (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ ## Audit Kernel Module Loading and Unloading Events (Success/Failure) ++ ## AU-2(a) / FAU_GEN.1.1.c ++ - audit_basic_configuration ++ - audit_immutable_login_uids ++ - audit_create_failed ++ - audit_create_failed_aarch64 ++ - audit_create_failed_ppc64le ++ - audit_create_success ++ - audit_create_success_aarch64 ++ - audit_create_success_ppc64le ++ - audit_modify_failed ++ - audit_modify_failed_aarch64 ++ - audit_modify_failed_ppc64le ++ - audit_modify_success ++ - audit_modify_success_aarch64 ++ - audit_modify_success_ppc64le ++ - audit_access_failed ++ - audit_access_failed_aarch64 ++ - audit_access_failed_ppc64le ++ - audit_access_success ++ - audit_access_success.severity=info ++ - audit_access_success.role=unscored ++ - audit_access_success_aarch64 ++ - audit_access_success_aarch64.severity=info ++ - audit_access_success_aarch64.role=unscored ++ - audit_access_success_ppc64le ++ - audit_access_success_ppc64le.severity=info ++ - audit_access_success_ppc64le.role=unscored ++ - audit_delete_failed ++ - audit_delete_failed_aarch64 ++ - audit_delete_failed_ppc64le ++ - audit_delete_success ++ - audit_delete_success_aarch64 ++ - audit_delete_success_ppc64le ++ - audit_perm_change_failed ++ - audit_perm_change_failed_aarch64 ++ - audit_perm_change_failed_ppc64le ++ - audit_perm_change_success ++ - audit_perm_change_success_aarch64 ++ - audit_perm_change_success_ppc64le ++ - audit_owner_change_failed ++ - audit_owner_change_failed_aarch64 ++ - audit_owner_change_failed_ppc64le ++ - audit_owner_change_success ++ - audit_owner_change_success_aarch64 ++ - audit_owner_change_success_ppc64le ++ - audit_ospp_general ++ - audit_ospp_general_aarch64 ++ - audit_ospp_general_ppc64le ++ - audit_module_load ++ - audit_module_load_ppc64le ++ ++ ## Enable Automatic Software Updates ++ ## SI-2 / FMT_MOF_EXT.1 (FMT_SMF_EXT.1) ++ # Configure dnf-automatic to Install Available Updates Automatically ++ - dnf-automatic_apply_updates ++ ++ # Enable dnf-automatic Timer ++ - timer_dnf-automatic_enabled ++ ++ # set ssh client rekey limit ++ - ssh_client_rekey_limit ++ - var_ssh_client_rekey_limit_size=1G ++ - var_ssh_client_rekey_limit_time=1hour ++ ++ # zIPl specific rules ++ - zipl_bls_entries_only ++ - zipl_bootmap_is_up_to_date ++ - zipl_audit_argument ++ - zipl_audit_backlog_limit_argument ++ - zipl_init_on_alloc_argument ++ - zipl_page_alloc_shuffle_argument ++ - zipl_systemd_debug-shell_argument_absent +diff --git a/products/almalinux9/profiles/pci-dss.profile b/products/almalinux9/profiles/pci-dss.profile +new file mode 100644 +index 00000000..70742418 +--- /dev/null ++++ b/products/almalinux9/profiles/pci-dss.profile +@@ -0,0 +1,149 @@ ++documentation_complete: true ++ ++metadata: ++ SMEs: ++ - yuumasato ++ ++reference: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf ++ ++title: 'PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 9' ++ ++description: |- ++ Ensures PCI-DSS v3.2.1 security configuration settings are applied. ++ ++selections: ++ - var_password_pam_unix_remember=4 ++ - var_account_disable_post_pw_expiration=90 ++ - var_accounts_passwords_pam_faillock_deny=6 ++ - var_accounts_passwords_pam_faillock_unlock_time=1800 ++ - var_password_pam_minlen=7 ++ - var_password_pam_minclass=2 ++ - var_accounts_maximum_age_login_defs=90 ++ - var_auditd_num_logs=5 ++ - service_auditd_enabled ++ - grub2_audit_argument ++ - auditd_data_retention_num_logs ++ - auditd_data_retention_max_log_file ++ - auditd_data_retention_max_log_file_action ++ - auditd_data_retention_space_left_action ++ - auditd_data_retention_admin_space_left_action ++ - auditd_data_retention_action_mail_acct ++ - package_audispd-plugins_installed ++ - auditd_audispd_syslog_plugin_activated ++ - audit_rules_time_adjtimex ++ - audit_rules_time_settimeofday ++ - audit_rules_time_stime ++ - audit_rules_time_clock_settime ++ - audit_rules_time_watch_localtime ++ - audit_rules_usergroup_modification_group ++ - audit_rules_usergroup_modification_gshadow ++ - audit_rules_usergroup_modification_opasswd ++ - audit_rules_usergroup_modification_passwd ++ - audit_rules_usergroup_modification_shadow ++ - audit_rules_networkconfig_modification ++ - file_permissions_var_log_audit ++ - file_ownership_var_log_audit ++ - audit_rules_mac_modification ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_fchmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_setxattr ++ - audit_rules_login_events ++ - audit_rules_session_events ++ - audit_rules_unsuccessful_file_modification_creat ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_privileged_commands ++ - audit_rules_media_export ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_renameat ++ - audit_rules_file_deletion_events_rmdir ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_file_deletion_events_unlinkat ++ - audit_rules_sysadmin_actions ++ - audit_rules_kernel_module_loading_delete ++ - audit_rules_kernel_module_loading_finit ++ - audit_rules_kernel_module_loading_init ++ - audit_rules_immutable ++ - var_multiple_time_servers=rhel ++ - service_chronyd_enabled ++ - chronyd_specify_remote_server ++ # - chronyd_specify_multiple_servers ++ - rpm_verify_permissions ++ - rpm_verify_hashes ++ - install_hids ++ - rsyslog_files_permissions ++ - rsyslog_files_ownership ++ - rsyslog_files_groupownership ++ - ensure_logrotate_activated ++ - package_aide_installed ++ - aide_build_database ++ - aide_periodic_cron_checking ++ - account_unique_name ++ - gid_passwd_group_same ++ - accounts_password_all_shadowed ++ - no_empty_passwords ++ - display_login_attempts ++ - account_disable_post_pw_expiration ++ - var_authselect_profile=sssd ++ - enable_authselect ++ - accounts_passwords_pam_faillock_deny ++ - accounts_passwords_pam_faillock_unlock_time ++ - dconf_db_up_to_date ++ - dconf_gnome_screensaver_idle_delay ++ - dconf_gnome_session_idle_user_locks ++ - dconf_gnome_screensaver_idle_activation_enabled ++ - dconf_gnome_screensaver_lock_enabled ++ - dconf_gnome_screensaver_mode_blank ++ - sshd_use_directory_configuration ++ - accounts_password_pam_minlen ++ - accounts_password_pam_dcredit ++ - accounts_password_pam_ucredit ++ - accounts_password_pam_lcredit ++ - accounts_password_pam_unix_remember ++ - accounts_maximum_age_login_defs ++ - ensure_almalinux_gpgkey_installed ++ - ensure_gpgcheck_globally_activated ++ - ensure_gpgcheck_never_disabled ++ - security_patches_up_to_date ++ - package_opensc_installed ++ - var_smartcard_drivers=cac ++ - configure_opensc_card_drivers ++ - force_opensc_card_drivers ++ - package_pcsc-lite_installed ++ - service_pcscd_enabled ++ - sssd_enable_smartcards ++ - set_password_hashing_algorithm_systemauth ++ - set_password_hashing_algorithm_passwordauth ++ - set_password_hashing_algorithm_logindefs ++ - set_password_hashing_algorithm_libuserconf ++ - file_owner_etc_shadow ++ - file_groupowner_etc_shadow ++ - file_permissions_etc_shadow ++ - file_owner_etc_group ++ - file_groupowner_etc_group ++ - file_permissions_etc_group ++ - file_owner_etc_passwd ++ - file_groupowner_etc_passwd ++ - file_permissions_etc_passwd ++ - file_owner_grub2_cfg ++ - file_groupowner_grub2_cfg ++ - package_libreswan_installed ++ - configure_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_openssl_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_ssh_crypto_policy ++ - configure_kerberos_crypto_policy +diff --git a/products/almalinux9/profiles/srg_gpos.profile b/products/almalinux9/profiles/srg_gpos.profile +new file mode 100644 +index 00000000..f8f244bc +--- /dev/null ++++ b/products/almalinux9/profiles/srg_gpos.profile +@@ -0,0 +1,19 @@ ++documentation_complete: false ++ ++metadata: ++ version: TBD ++ SMEs: ++ - mab879 ++ - ggbecker ++ ++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux ++ ++title: '[DRAFT] DISA STIG for Red Hat Enterprise Linux 9' ++ ++description: |- ++ This is a draft profile based on its RHEL8 version for experimental purposes. ++ It is not based on the DISA STIG for RHEL9, because this one was not available at time of ++ the release. ++ ++selections: ++ - srg_gpos:all +diff --git a/products/almalinux9/profiles/stig.profile b/products/almalinux9/profiles/stig.profile +new file mode 100644 +index 00000000..5b3f3330 +--- /dev/null ++++ b/products/almalinux9/profiles/stig.profile +@@ -0,0 +1,1149 @@ ++documentation_complete: true ++ ++metadata: ++ version: TBD ++ SMEs: ++ - mab879 ++ - ggbecker ++ ++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux ++ ++title: '[DRAFT] DISA STIG for Red Hat Enterprise Linux 9' ++ ++description: |- ++ This is a draft profile based on its RHEL8 version for experimental purposes. ++ It is not based on the DISA STIG for RHEL9, because this one was not available at time of ++ the release. ++ ++selections: ++ ### Variables ++ - var_rekey_limit_size=1G ++ - var_rekey_limit_time=1hour ++ - var_accounts_user_umask=077 ++ - var_password_pam_difok=8 ++ - var_password_pam_maxrepeat=3 ++ - var_sshd_disable_compression=no ++ - var_password_hashing_algorithm=SHA512 ++ - var_password_pam_maxclassrepeat=4 ++ - var_password_pam_minclass=4 ++ - var_accounts_minimum_age_login_defs=1 ++ - var_accounts_max_concurrent_login_sessions=10 ++ - var_password_pam_remember=5 ++ - var_password_pam_remember_control_flag=required ++ - var_selinux_state=enforcing ++ - var_selinux_policy_name=targeted ++ - var_password_pam_unix_rounds=5000 ++ - var_password_pam_minlen=15 ++ - var_password_pam_ocredit=1 ++ - var_password_pam_dcredit=1 ++ - var_password_pam_dictcheck=1 ++ - var_password_pam_ucredit=1 ++ - var_password_pam_lcredit=1 ++ - var_password_pam_retry=3 ++ - var_password_pam_minlen=15 ++ # - var_sshd_set_keepalive=0 ++ - sshd_approved_macs=stig ++ - sshd_approved_ciphers=stig ++ - sshd_idle_timeout_value=10_minutes ++ - var_accounts_authorized_local_users_regex=rhel8 ++ - var_accounts_passwords_pam_faillock_deny=3 ++ - var_accounts_passwords_pam_faillock_fail_interval=900 ++ - var_accounts_passwords_pam_faillock_unlock_time=never ++ - var_ssh_client_rekey_limit_size=1G ++ - var_ssh_client_rekey_limit_time=1hour ++ - var_accounts_fail_delay=4 ++ - var_account_disable_post_pw_expiration=35 ++ - var_auditd_action_mail_acct=root ++ - var_time_service_set_maxpoll=18_hours ++ - var_accounts_maximum_age_login_defs=60 ++ - var_auditd_space_left_percentage=25pc ++ - var_auditd_space_left_action=email ++ - var_auditd_disk_error_action=halt ++ - var_auditd_max_log_file_action=syslog ++ - var_auditd_disk_full_action=halt ++ - var_sssd_certificate_verification_digest_function=sha1 ++ - login_banner_text=dod_banners ++ - var_authselect_profile=sssd ++ ++ ### Enable / Configure FIPS ++ - enable_fips_mode ++ - var_system_crypto_policy=fips ++ - configure_crypto_policy ++ - configure_bind_crypto_policy ++ - configure_libreswan_crypto_policy ++ - configure_kerberos_crypto_policy ++ - enable_dracut_fips_module ++ ++ # Other needed rules ++ - enable_authselect ++ ++ ### Rules: ++ # RHEL-08-010000 ++ - installed_OS_is_vendor_supported ++ ++ # RHEL-08-010001 ++ - package_mcafeetp_installed ++ - agent_mfetpd_running ++ ++ # RHEL-08-010010 ++ - security_patches_up_to_date ++ ++ # RHEL-08-010020 ++ - sysctl_crypto_fips_enabled ++ ++ # RHEL-08-010030 ++ - encrypt_partitions ++ ++ # RHEL-08-010040 ++ - sshd_enable_warning_banner ++ ++ # RHEL-08-010049 ++ - dconf_gnome_banner_enabled ++ ++ # RHEL-08-010050 ++ - dconf_gnome_login_banner_text ++ ++ # RHEL-08-010060 ++ - banner_etc_issue ++ ++ # RHEL-08-010070 ++ - rsyslog_remote_access_monitoring ++ ++ # RHEL-08-010090 ++ ++ # RHEL-08-010100 ++ ++ # RHEL-08-010110 ++ - set_password_hashing_algorithm_logindefs ++ ++ # RHEL-08-010120 ++ - accounts_password_all_shadowed_sha512 ++ ++ # RHEL-08-010130 ++ - set_password_hashing_min_rounds_logindefs ++ ++ # RHEL-08-010140 ++ - grub2_uefi_password ++ ++ # RHEL-08-010141 ++ - grub2_uefi_admin_username ++ ++ # RHEL-08-010149 ++ - grub2_admin_username ++ ++ # RHEL-08-010150 ++ - grub2_password ++ ++ # RHEL-08-010151 ++ - require_singleuser_auth ++ ++ # RHEL-08-010152 ++ - require_emergency_target_auth ++ ++ # RHEL-08-010159 ++ - set_password_hashing_algorithm_passwordauth ++ ++ # RHEL-08-010160 ++ - set_password_hashing_algorithm_systemauth ++ ++ # RHEL-08-010170 ++ - selinux_state ++ ++ # RHEL-08-010171 ++ - package_policycoreutils_installed ++ ++ # RHEL-08-010190 ++ - dir_perms_world_writable_sticky_bits ++ ++ # These two items don't behave as they used to in RHEL8.6 and RHEL9 ++ # anymore. They will be disabled for now until an alternative ++ # solution is found. ++ # # RHEL-08-010200 ++ # - sshd_set_keepalive_0 ++ # # RHEL-08-010201 ++ # - sshd_set_idle_timeout ++ ++ # RHEL-08-010210 ++ - file_permissions_var_log_messages ++ ++ # RHEL-08-010220 ++ - file_owner_var_log_messages ++ ++ # RHEL-08-010230 ++ - file_groupowner_var_log_messages ++ ++ # RHEL-08-010240 ++ - file_permissions_var_log ++ ++ # RHEL-08-010250 ++ - file_owner_var_log ++ ++ # RHEL-08-010260 ++ - file_groupowner_var_log ++ ++ # RHEL-08-010287 ++ - configure_ssh_crypto_policy ++ ++ # RHEL-08-010290 ++ - harden_sshd_macs_openssh_conf_crypto_policy ++ - harden_sshd_macs_opensshserver_conf_crypto_policy ++ ++ # RHEL-08-010291 ++ - harden_sshd_ciphers_openssh_conf_crypto_policy ++ - harden_sshd_ciphers_opensshserver_conf_crypto_policy ++ ++ # RHEL-08-010292 ++# - sshd_use_strong_rng # not needed in RHEL9 ++ ++ # RHEL-08-010293 ++ - configure_openssl_crypto_policy ++ ++ # RHEL-08-010294 ++ - configure_openssl_tls_crypto_policy ++ ++ # RHEL-08-010295 ++ #- configure_gnutls_tls_crypto_policy - the format changed in rhel9, needs new rule ++ ++ # RHEL-08-010300 ++ - file_permissions_binary_dirs ++ ++ # RHEL-08-010310 ++ - file_ownership_binary_dirs ++ ++ # RHEL-08-010320 ++ - file_groupownership_system_commands_dirs ++ ++ # RHEL-08-010330 ++ - file_permissions_library_dirs ++ ++ # RHEL-08-010331 ++ - dir_permissions_library_dirs ++ ++ # RHEL-08-010340 ++ - file_ownership_library_dirs ++ ++ # RHEL-08-010341 ++ - dir_ownership_library_dirs ++ ++ # RHEL-08-010350 ++ - root_permissions_syslibrary_files ++ ++ # RHEL-08-010351 ++ - dir_group_ownership_library_dirs ++ ++ # RHEL-08-010359 ++ - package_aide_installed ++ ++ # RHEL-08-010360 ++ - aide_scan_notification ++ ++ # RHEL-08-010370 ++ - ensure_gpgcheck_globally_activated ++ ++ # RHEL-08-010371 ++ - ensure_gpgcheck_local_packages ++ ++ # RHEL-08-010372 ++ - sysctl_kernel_kexec_load_disabled ++ ++ # RHEL-08-010373 ++ - sysctl_fs_protected_symlinks ++ ++ # RHEL-08-010374 ++ - sysctl_fs_protected_hardlinks ++ ++ # RHEL-08-010375 ++ - sysctl_kernel_dmesg_restrict ++ ++ # RHEL-08-010376 ++ - sysctl_kernel_perf_event_paranoid ++ ++ # RHEL-08-010380 ++ - sudo_remove_nopasswd ++ ++ # RHEL-08-010381 ++ - sudo_remove_no_authenticate ++ ++ # RHEL-08-010382 ++ - sudo_restrict_privilege_elevation_to_authorized ++ ++ # RHEL-08-010383 ++ - sudoers_validate_passwd ++ ++ # RHEL-08-010384 ++ - sudo_require_reauthentication ++ - var_sudo_timestamp_timeout=always_prompt ++ ++ # RHEL-08-010390 ++ - install_smartcard_packages ++ ++ # RHEL-08-010400 ++ - sssd_certificate_verification ++ ++ # RHEL-08-010410 ++ - package_opensc_installed ++ ++ # RHEL-08-010420 ++ - bios_enable_execution_restrictions ++ ++ # RHEL-08-010421 ++ - grub2_page_poison_argument ++ ++ # RHEL-08-010422 ++ - grub2_vsyscall_argument ++ ++ # RHEL-08-010423 ++ - grub2_slub_debug_argument ++ ++ # RHEL-08-010430 ++ - sysctl_kernel_randomize_va_space ++ ++ # RHEL-08-010440 ++ - clean_components_post_updating ++ ++ # RHEL-08-010450 ++ - selinux_policytype ++ ++ # RHEL-08-010460 ++# - no_host_based_files # not supported in RHEL9 ATM ++ ++ # RHEL-08-010470 ++# - no_user_host_based_files # not supported in RHEL9 ATM ++ ++ # RHEL-08-010471 ++ - service_rngd_enabled ++ ++ # RHEL-08-010472 ++ - package_rng-tools_installed ++ ++ # RHEL-08-010480 ++ - file_permissions_sshd_pub_key ++ ++ # RHEL-08-010490 ++ - file_permissions_sshd_private_key ++ ++ # RHEL-08-010500 ++ - sshd_enable_strictmodes ++ ++ # RHEL-08-010510 ++ - sshd_disable_compression ++ ++ # RHEL-08-010520 ++ - sshd_disable_user_known_hosts ++ ++ # RHEL-08-010521 ++ - sshd_disable_kerb_auth ++ ++ # RHEL-08-010522 ++ - sshd_disable_gssapi_auth ++ ++ # RHEL-08-010540 ++ - partition_for_var ++ ++ # RHEL-08-010541 ++ - partition_for_var_log ++ ++ # RHEL-08-010542 ++ - partition_for_var_log_audit ++ ++ # RHEL-08-010543 ++ - partition_for_tmp ++ ++ # RHEL-08-010544 ++ - partition_for_var_tmp ++ ++ # RHEL-08-010550 ++ - sshd_disable_root_login ++ ++ # RHEL-08-010561 ++ - service_rsyslog_enabled ++ ++ # RHEL-08-010570 ++ - mount_option_home_nosuid ++ ++ # RHEL-08-010571 ++ - mount_option_boot_nosuid ++ ++ # RHEL-08-010580 ++ - mount_option_nodev_nonroot_local_partitions ++ ++ # RHEL-08-010590 ++ - mount_option_home_noexec ++ ++ # RHEL-08-010600 ++ - mount_option_nodev_removable_partitions ++ ++ # RHEL-08-010610 ++ - mount_option_noexec_removable_partitions ++ ++ # RHEL-08-010620 ++ - mount_option_nosuid_removable_partitions ++ ++ # RHEL-08-010630 ++ - mount_option_noexec_remote_filesystems ++ ++ # RHEL-08-010640 ++ - mount_option_nodev_remote_filesystems ++ ++ # RHEL-08-010650 ++ - mount_option_nosuid_remote_filesystems ++ ++ # RHEL-08-010660 ++ - accounts_user_dot_no_world_writable_programs ++ ++ # RHEL-08-010670 ++ - service_kdump_disabled ++ ++ # RHEL-08-010671 ++ - sysctl_kernel_core_pattern ++ ++ # RHEL-08-010672 ++ - service_systemd-coredump_disabled ++ ++ # RHEL-08-010673 ++ - disable_users_coredumps ++ ++ # RHEL-08-010674 ++ - coredump_disable_storage ++ ++ # RHEL-08-010675 ++ - coredump_disable_backtraces ++ ++ # RHEL-08-010680 ++ - network_configure_name_resolution ++ ++ # RHEL-08-010690 ++ - accounts_user_home_paths_only ++ ++ # RHEL-08-010700 ++ - dir_perms_world_writable_root_owned ++ ++ # RHEL-08-010710 ++ ++ # RHEL-08-010720 ++ - accounts_user_interactive_home_directory_defined ++ ++ # RHEL-08-010730 ++ - file_permissions_home_directories ++ ++ # RHEL-08-010740 ++ - file_groupownership_home_directories ++ ++ # RHEL-08-010750 ++ - accounts_user_interactive_home_directory_exists ++ ++ # RHEL-08-010760 ++ - accounts_have_homedir_login_defs ++ ++ # RHEL-08-010770 ++ - file_permission_user_init_files ++ ++ # RHEL-08-010780 ++ - no_files_unowned_by_user ++ ++ # RHEL-08-010790 ++ - file_permissions_ungroupowned ++ ++ # RHEL-08-010800 ++ - partition_for_home ++ ++ # RHEL-08-010820 ++ - gnome_gdm_disable_automatic_login ++ ++ # RHEL-08-010830 ++ - sshd_do_not_permit_user_env ++ ++ # RHEL-08-020000 ++ - account_temp_expire_date ++ ++ # RHEL-08-020010, RHEL-08-020011, RHEL-08-020025, RHEL-08-020026 ++ - accounts_passwords_pam_faillock_deny ++ ++ # RHEL-08-020012, RHEL-08-020013 ++ - accounts_passwords_pam_faillock_interval ++ ++ # RHEL-08-020014, RHEL-08-020016, RHEL-08-020017 ++ - accounts_passwords_pam_faillock_unlock_time ++ ++ # RHEL-08-020015 ++ ++ # RHEL-08-020018, RHEL-08-020019 ++ - accounts_passwords_pam_faillock_deny ++ ++ # RHEL-08-020020 ++ ++ # RHEL-08-020021 ++ ++ # RHEL-08-020022, RHEL-08-020023 ++ - accounts_passwords_pam_faillock_deny_root ++ ++ # RHEL-08-020024 ++ - accounts_max_concurrent_login_sessions ++ ++ # RHEL-08-020030 ++ - dconf_gnome_screensaver_lock_enabled ++ ++ # RHEL-08-020039 ++ - package_tmux_installed ++ ++ # RHEL-08-020040 ++ - configure_tmux_lock_command ++ ++ # RHEL-08-020041 ++ - configure_bashrc_exec_tmux ++ ++ # RHEL-08-020042 ++ - no_tmux_in_shells ++ ++ # RHEL-08-020050 ++ - dconf_gnome_lock_screen_on_smartcard_removal ++ ++ # RHEL-08-020060 ++ - dconf_gnome_screensaver_idle_delay ++ ++ # RHEL-08-020070 ++ - configure_tmux_lock_after_time ++ ++ # RHEL-08-020080 ++ ++ # RHEL-08-020081 ++ - dconf_gnome_session_idle_user_locks ++ ++ # RHEL-08-020090 ++ - sssd_enable_certmap ++ ++ # RHEL-08-020100 ++ - accounts_password_pam_pwquality_password_auth ++ ++ # RHEL-08-020101 ++ - accounts_password_pam_pwquality_system_auth ++ ++ # RHEL-08-020102 ++ # This is only required for RHEL8 systems below version 8.4 where the ++ # retry parameter was not yet available on /etc/security/pwquality.conf. ++ ++ # RHEL-08-020103 ++ # This is only required for RHEL8 systems below version 8.4 where the ++ # retry parameter was not yet available on /etc/security/pwquality.conf. ++ ++ # RHEL-08-020104 ++ - accounts_password_pam_retry ++ ++ # RHEL-08-020110 ++ - accounts_password_pam_ucredit ++ ++ # RHEL-08-020120 ++ - accounts_password_pam_lcredit ++ ++ # RHEL-08-020130 ++ - accounts_password_pam_dcredit ++ ++ # RHEL-08-020140 ++ - accounts_password_pam_maxclassrepeat ++ ++ # RHEL-08-020150 ++ - accounts_password_pam_maxrepeat ++ ++ # RHEL-08-020160 ++ - accounts_password_pam_minclass ++ ++ # RHEL-08-020170 ++ - accounts_password_pam_difok ++ ++ # RHEL-08-020180 ++ - accounts_password_set_min_life_existing ++ ++ # RHEL-08-020190 ++ - accounts_minimum_age_login_defs ++ ++ # RHEL-08-020200 ++ - accounts_maximum_age_login_defs ++ ++ # RHEL-08-020210 ++ - accounts_password_set_max_life_existing ++ ++ # RHEL-08-020220 ++ - accounts_password_pam_pwhistory_remember_system_auth ++ ++ # RHEL-08-020221 ++ - accounts_password_pam_pwhistory_remember_password_auth ++ ++ # RHEL-08-020230 ++ - accounts_password_pam_minlen ++ ++ # RHEL-08-020240 ++ - account_unique_id ++ ++ # RHEL-08-020250 ++ - sssd_enable_smartcards ++ ++ # RHEL-08-020260 ++ - account_disable_post_pw_expiration ++ ++ # RHEL-08-020270 ++ - account_emergency_expire_date ++ ++ # RHEL-08-020280 ++ - accounts_password_pam_ocredit ++ ++ # RHEL-08-020290 ++ - sssd_offline_cred_expiration ++ ++ # RHEL-08-020300 ++ - accounts_password_pam_dictcheck ++ ++ # RHEL-08-020310 ++ - accounts_logon_fail_delay ++ ++ # RHEL-08-020320 ++ - accounts_authorized_local_users ++ ++ # RHEL-08-020330 ++ - sshd_disable_empty_passwords ++ ++ # RHEL-08-020331 ++ - no_empty_passwords ++ ++ # RHEL-08-020332 ++ ++ # RHEL-08-020340 ++ - display_login_attempts ++ ++ # RHEL-08-020350 ++ - sshd_print_last_log ++ ++ # RHEL-08-020351 ++ - accounts_umask_etc_login_defs ++ ++ # RHEL-08-020352 ++ - accounts_umask_interactive_users ++ ++ # RHEL-08-020353 ++ - accounts_umask_etc_bashrc ++ - accounts_umask_etc_csh_cshrc ++ - accounts_umask_etc_profile ++ ++ # RHEL-08-030000 ++ - audit_rules_suid_privilege_function ++ ++ # RHEL-08-030010 ++ - rsyslog_cron_logging ++ ++ # RHEL-08-030020 ++ - auditd_data_retention_action_mail_acct ++ ++ # RHEL-08-030030 ++ - postfix_client_configure_mail_alias ++ - package_postfix_installed ++ ++ # RHEL-08-030040 ++ - auditd_data_disk_error_action ++ ++ # RHEL-08-030060 ++ - auditd_data_disk_full_action ++ ++ # RHEL-08-030061 ++ - auditd_local_events ++ ++ # RHEL-08-030062 ++ - auditd_name_format ++ ++ # RHEL-08-030063 ++ - auditd_log_format ++ ++ # RHEL-08-030070 ++ - file_permissions_var_log_audit ++ ++ # RHEL-08-030080 ++ - file_ownership_var_log_audit_stig ++ ++ # RHEL-08-030090 ++ - file_group_ownership_var_log_audit ++ ++ # RHEL-08-030100 ++ - directory_ownership_var_log_audit ++ ++ # RHEL-08-030110 ++ - directory_group_ownership_var_log_audit ++ ++ # RHEL-08-030120 ++ - directory_permissions_var_log_audit ++ ++ # *** NOTE *** # ++ # Audit rules are currently under review as to how best to approach ++ # them. We are working with DISA and our internal audit experts to ++ # provide a final solution soon. ++ # ************ # ++ ++ # RHEL-08-030121 ++ - audit_rules_immutable ++ ++ # RHEL-08-030122 ++ - audit_immutable_login_uids ++ ++ # RHEL-08-030130 ++ - audit_rules_usergroup_modification_shadow ++ ++ # RHEL-08-030140 ++ - audit_rules_usergroup_modification_opasswd ++ ++ # RHEL-08-030150 ++ - audit_rules_usergroup_modification_passwd ++ ++ # RHEL-08-030160 ++ - audit_rules_usergroup_modification_gshadow ++ ++ # RHEL-08-030170 ++ - audit_rules_usergroup_modification_group ++ ++ # RHEL-08-030171 ++ - audit_rules_sudoers ++ ++ # RHEL-08-030172 ++ - audit_rules_sudoers_d ++ ++ # RHEL-08-030180 ++ - package_audit_installed ++ ++ # RHEL-08-030181 ++ - service_auditd_enabled ++ ++ # RHEL-08-030190 ++ - audit_rules_privileged_commands_su ++ ++ # RHEL-08-030200 ++ - audit_rules_dac_modification_lremovexattr ++ - audit_rules_dac_modification_removexattr ++ - audit_rules_dac_modification_lsetxattr ++ - audit_rules_dac_modification_fsetxattr ++ - audit_rules_dac_modification_fremovexattr ++ - audit_rules_dac_modification_setxattr ++ ++ # RHEL-08-030250 ++ - audit_rules_privileged_commands_chage ++ ++ # RHEL-08-030260 ++ - audit_rules_execution_chcon ++ ++ # RHEL-08-030280 ++ - audit_rules_privileged_commands_ssh_agent ++ ++ # RHEL-08-030290 ++ - audit_rules_privileged_commands_passwd ++ ++ # RHEL-08-030300 ++ - audit_rules_privileged_commands_mount ++ ++ # RHEL-08-030301 ++ - audit_rules_privileged_commands_umount ++ ++ # RHEL-08-030302 ++ - audit_rules_media_export ++ ++ # RHEL-08-030310 ++ - audit_rules_privileged_commands_unix_update ++ ++ # RHEL-08-030311 ++ - audit_rules_privileged_commands_postdrop ++ ++ # RHEL-08-030312 ++ - audit_rules_privileged_commands_postqueue ++ ++ # RHEL-08-030313 ++ - audit_rules_execution_semanage ++ ++ # RHEL-08-030314 ++ - audit_rules_execution_setfiles ++ ++ # RHEL-08-030315 ++ - audit_rules_privileged_commands_userhelper ++ ++ # RHEL-08-030316 ++ - audit_rules_execution_setsebool ++ ++ # RHEL-08-030317 ++ - audit_rules_privileged_commands_unix_chkpwd ++ ++ # RHEL-08-030320 ++ - audit_rules_privileged_commands_ssh_keysign ++ ++ # RHEL-08-030330 ++ - audit_rules_execution_setfacl ++ ++ # RHEL-08-030340 ++ - audit_rules_privileged_commands_pam_timestamp_check ++ ++ # RHEL-08-030350 ++ - audit_rules_privileged_commands_newgrp ++ ++ # RHEL-08-030360 ++ - audit_rules_kernel_module_loading_init ++ - audit_rules_kernel_module_loading_finit ++ ++ # RHEL-08-030361 ++ - audit_rules_file_deletion_events_rename ++ - audit_rules_file_deletion_events_renameat ++ - audit_rules_file_deletion_events_rmdir ++ - audit_rules_file_deletion_events_unlink ++ - audit_rules_file_deletion_events_unlinkat ++ ++ # RHEL-08-030370 ++ - audit_rules_privileged_commands_gpasswd ++ ++ # RHEL-08-030390 ++ - audit_rules_kernel_module_loading_delete ++ ++ # RHEL-08-030400 ++ - audit_rules_privileged_commands_crontab ++ ++ # RHEL-08-030410 ++ - audit_rules_privileged_commands_chsh ++ ++ # RHEL-08-030420 ++ - audit_rules_unsuccessful_file_modification_truncate ++ - audit_rules_unsuccessful_file_modification_openat ++ - audit_rules_unsuccessful_file_modification_open ++ - audit_rules_unsuccessful_file_modification_open_by_handle_at ++ - audit_rules_unsuccessful_file_modification_ftruncate ++ - audit_rules_unsuccessful_file_modification_creat ++ ++ # RHEL-08-030480 ++ - audit_rules_dac_modification_chown ++ - audit_rules_dac_modification_lchown ++ - audit_rules_dac_modification_fchownat ++ - audit_rules_dac_modification_fchown ++ ++ # RHEL-08-030490 ++ - audit_rules_dac_modification_chmod ++ - audit_rules_dac_modification_fchmodat ++ - audit_rules_dac_modification_fchmod ++ ++ # RHEL-08-030550 ++ - audit_rules_privileged_commands_sudo ++ ++ # RHEL-08-030560 ++ - audit_rules_privileged_commands_usermod ++ ++ # RHEL-08-030570 ++ - audit_rules_execution_chacl ++ ++ # RHEL-08-030580 ++ - audit_rules_privileged_commands_kmod ++ ++ # RHEL-08-030590 ++ # This one needs to be updated to use /var/log/faillock, but first RHEL-08-020017 should be ++ # implemented as it is the one that configures a different path for the events of failing locks ++ # - audit_rules_login_events_faillock ++ ++ # RHEL-08-030600 ++ - audit_rules_login_events_lastlog ++ ++ # RHEL-08-030601 ++ - grub2_audit_argument ++ ++ # RHEL-08-030602 ++ - grub2_audit_backlog_limit_argument ++ ++ # RHEL-08-030603 ++ - configure_usbguard_auditbackend ++ ++ # RHEL-08-030610 ++ - file_permissions_etc_audit_auditd ++ - file_permissions_etc_audit_rulesd ++ ++ # RHEL-08-030620 ++ - file_audit_tools_permissions ++ ++ # RHEL-08-030630 ++ - file_audit_tools_ownership ++ ++ # RHEL-08-030640 ++ - file_audit_tools_group_ownership ++ ++ # RHEL-08-030650 ++ - aide_check_audit_tools ++ ++ # RHEL-08-030660 ++ - auditd_audispd_configure_sufficiently_large_partition ++ ++ # RHEL-08-030670 ++ - package_rsyslog_installed ++ ++ # RHEL-08-030680 ++ - package_rsyslog-gnutls_installed ++ ++ # RHEL-08-030690 ++ - rsyslog_remote_loghost ++ ++ # RHEL-08-030700 ++ - auditd_overflow_action ++ ++ # RHEL-08-030710 ++ - rsyslog_encrypt_offload_defaultnetstreamdriver ++ - rsyslog_encrypt_offload_actionsendstreamdrivermode ++ ++ # RHEL-08-030720 ++ - rsyslog_encrypt_offload_actionsendstreamdriverauthmode ++ ++ # RHEL-08-030730 ++ - auditd_data_retention_space_left_percentage ++ ++ # RHEL-08-030731 ++ - auditd_data_retention_space_left_action ++ ++ # RHEL-08-030740 ++ # remediation fails because default configuration file contains pool instead of server keyword ++ - chronyd_or_ntpd_set_maxpoll ++ - chronyd_server_directive ++ ++ # RHEL-08-030741 ++ - chronyd_client_only ++ ++ # RHEL-08-030742 ++ - chronyd_no_chronyc_network ++ ++ # RHEL-08-040000 ++ - package_telnet-server_removed ++ ++ # RHEL-08-040002 ++ - package_sendmail_removed ++ ++ # RHEL-08-040003 ++ ### NOTE: Will be removed in V1R2, merged into RHEL-08-040370 ++ ++ # RHEL-08-040004 ++ - grub2_pti_argument ++ ++ # RHEL-08-040010 ++ - package_rsh-server_removed ++ ++ # RHEL-08-040020 ++ ++ # RHEL-08-040021 ++ - kernel_module_atm_disabled ++ ++ # RHEL-08-040022 ++ - kernel_module_can_disabled ++ ++ # RHEL-08-040023 ++ - kernel_module_sctp_disabled ++ ++ # RHEL-08-040024 ++ - kernel_module_tipc_disabled ++ ++ # RHEL-08-040025 ++ - kernel_module_cramfs_disabled ++ ++ # RHEL-08-040026 ++ - kernel_module_firewire-core_disabled ++ ++ # RHEL-08-040030 ++ - configure_firewalld_ports ++ ++ # RHEL-08-040060 ++ ### NOTE: Will be removed in V1R2 ++ ++ # RHEL-08-040070 ++ - service_autofs_disabled ++ ++ # RHEL-08-040080 ++ - kernel_module_usb-storage_disabled ++ ++ # RHEL-08-040090 ++ ++ # RHEL-08-040100 ++ - package_firewalld_installed ++ ++ # RHEL-08-040101 ++ - service_firewalld_enabled ++ ++ # RHEL-08-040110 ++ - wireless_disable_interfaces ++ ++ # RHEL-08-040111 ++ - kernel_module_bluetooth_disabled ++ ++ # RHEL-08-040120 ++ - mount_option_dev_shm_nodev ++ ++ # RHEL-08-040121 ++ - mount_option_dev_shm_nosuid ++ ++ # RHEL-08-040122 ++ - mount_option_dev_shm_noexec ++ ++ # RHEL-08-040123 ++ - mount_option_tmp_nodev ++ ++ # RHEL-08-040124 ++ - mount_option_tmp_nosuid ++ ++ # RHEL-08-040125 ++ - mount_option_tmp_noexec ++ ++ # RHEL-08-040126 ++ - mount_option_var_log_nodev ++ ++ # RHEL-08-040127 ++ - mount_option_var_log_nosuid ++ ++ # RHEL-08-040128 ++ - mount_option_var_log_noexec ++ ++ # RHEL-08-040129 ++ - mount_option_var_log_audit_nodev ++ ++ # RHEL-08-040130 ++ - mount_option_var_log_audit_nosuid ++ ++ # RHEL-08-040131 ++ - mount_option_var_log_audit_noexec ++ ++ # RHEL-08-040132 ++ - mount_option_var_tmp_nodev ++ ++ # RHEL-08-040133 ++ - mount_option_var_tmp_nosuid ++ ++ # RHEL-08-040134 ++ - mount_option_var_tmp_noexec ++ ++ # RHEL-08-040135 ++ - package_fapolicyd_installed ++ ++ # RHEL-08-040136 ++ - service_fapolicyd_enabled ++ ++ # RHEL-08-040139 ++ - package_usbguard_installed ++ ++ # RHEL-08-040140 ++ - usbguard_generate_policy ++ ++ # RHEL-08-040141 ++ - service_usbguard_enabled ++ ++ # RHEL-08-040150 ++ ++ # RHEL-08-040159 ++ - package_openssh-server_installed ++ ++ # RHEL-08-040160 ++ - service_sshd_enabled ++ ++ # RHEL-08-040161 ++ - sshd_rekey_limit ++ ++ # RHEL-08-040170 ++ - disable_ctrlaltdel_reboot ++ ++ # RHEL-08-040171 ++ - dconf_gnome_disable_ctrlaltdel_reboot ++ ++ # RHEL-08-040172 ++ - disable_ctrlaltdel_burstaction ++ ++ # RHEL-08-040180 ++ - service_debug-shell_disabled ++ ++ # RHEL-08-040190 ++ - package_tftp-server_removed ++ ++ # RHEL-08-040200 ++ - accounts_no_uid_except_zero ++ ++ # RHEL-08-040209 ++ - sysctl_net_ipv4_conf_default_accept_redirects ++ ++ # RHEL-08-040210 ++ - sysctl_net_ipv6_conf_default_accept_redirects ++ ++ # RHEL-08-040220 ++ - sysctl_net_ipv4_conf_all_send_redirects ++ ++ # RHEL-08-040230 ++ - sysctl_net_ipv4_icmp_echo_ignore_broadcasts ++ ++ # RHEL-08-040239 ++ - sysctl_net_ipv4_conf_all_accept_source_route ++ ++ # RHEL-08-040240 ++ - sysctl_net_ipv6_conf_all_accept_source_route ++ ++ # RHEL-08-040249 ++ - sysctl_net_ipv4_conf_default_accept_source_route ++ ++ # RHEL-08-040250 ++ - sysctl_net_ipv6_conf_default_accept_source_route ++ ++ # RHEL-08-040260 ++ - sysctl_net_ipv4_ip_forward ++ ++ # RHEL-08-040261 ++ - sysctl_net_ipv6_conf_all_accept_ra ++ ++ # RHEL-08-040262 ++ - sysctl_net_ipv6_conf_default_accept_ra ++ ++ # RHEL-08-040270 ++ - sysctl_net_ipv4_conf_default_send_redirects ++ ++ # RHEL-08-040279 ++ - sysctl_net_ipv4_conf_all_accept_redirects ++ ++ # RHEL-08-040280 ++ - sysctl_net_ipv6_conf_all_accept_redirects ++ ++ # RHEL-08-040281 ++ - sysctl_kernel_unprivileged_bpf_disabled ++ ++ # RHEL-08-040282 ++ - sysctl_kernel_yama_ptrace_scope ++ ++ # RHEL-08-040283 ++ - sysctl_kernel_kptr_restrict ++ ++ # RHEL-08-040284 ++ - sysctl_user_max_user_namespaces ++ ++ # RHEL-08-040285 ++ - sysctl_net_ipv4_conf_all_rp_filter ++ ++ # RHEL-08-040286 ++ - sysctl_net_core_bpf_jit_harden ++ ++ # RHEL-08-040290 ++ - postfix_prevent_unrestricted_relay ++ ++ # RHEL-08-040300 ++ - aide_verify_ext_attributes ++ ++ # RHEL-08-040310 ++ - aide_verify_acls ++ ++ # RHEL-08-040320 ++ - xwindows_remove_packages ++ ++ # RHEL-08-040330 ++ - network_sniffer_disabled ++ ++ # RHEL-08-040340 ++ - sshd_disable_x11_forwarding ++ ++ # RHEL-08-040341 ++ - sshd_x11_use_localhost ++ ++ # RHEL-08-040350 ++# - tftpd_uses_secure_mode # not supported in RHEL9, no tftp or tftpd package ++ ++ # RHEL-08-040360 ++ - package_vsftpd_removed ++ ++ # RHEL-08-040370 ++ - package_gssproxy_removed ++ ++ # RHEL-08-040380 ++ - package_iprutils_removed ++ ++ # RHEL-08-040390 ++ - package_tuned_removed +diff --git a/products/almalinux9/profiles/stig_gui.profile b/products/almalinux9/profiles/stig_gui.profile +new file mode 100644 +index 00000000..27b4fa64 +--- /dev/null ++++ b/products/almalinux9/profiles/stig_gui.profile +@@ -0,0 +1,28 @@ ++documentation_complete: true ++ ++metadata: ++ version: TBD ++ SMEs: ++ - mab879 ++ - ggbecker ++ ++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux ++ ++title: '[DRAFT] DISA STIG with GUI for Red Hat Enterprise Linux 9' ++ ++description: |- ++ This is a draft profile based on its RHEL8 version for experimental purposes. ++ It is not based on the DISA STIG for RHEL9, because this one was not available at time of ++ the release. ++ ++ Warning: The installation and use of a Graphical User Interface (GUI) ++ increases your attack vector and decreases your overall security posture. If ++ your Information Systems Security Officer (ISSO) lacks a documented operational ++ requirement for a graphical user interface, please consider using the ++ standard DISA STIG for Red Hat Enterprise Linux 9 profile. ++ ++extends: stig ++ ++selections: ++ # RHEL-08-040320 ++ - '!xwindows_remove_packages' +diff --git a/products/almalinux9/transforms/cci2html.xsl b/products/almalinux9/transforms/cci2html.xsl +new file mode 100644 +index 00000000..f5e327b3 +--- /dev/null ++++ b/products/almalinux9/transforms/cci2html.xsl +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/constants.xslt b/products/almalinux9/transforms/constants.xslt +new file mode 100644 +index 00000000..9e109018 +--- /dev/null ++++ b/products/almalinux9/transforms/constants.xslt +@@ -0,0 +1,13 @@ ++ ++ ++ ++ ++AlmaLinux 9 ++AL9 ++AL_9_STIG ++almalinux9 ++ ++https://www.cisecurity.org/benchmark/almalinuxos_linux/ ++ ++ ++ +diff --git a/products/almalinux9/transforms/table-add-srgitems.xslt b/products/almalinux9/transforms/table-add-srgitems.xslt +new file mode 100644 +index 00000000..c13c848e +--- /dev/null ++++ b/products/almalinux9/transforms/table-add-srgitems.xslt +@@ -0,0 +1,7 @@ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/table-sortbyref.xslt b/products/almalinux9/transforms/table-sortbyref.xslt +new file mode 100644 +index 00000000..bb57e7f5 +--- /dev/null ++++ b/products/almalinux9/transforms/table-sortbyref.xslt +@@ -0,0 +1,6 @@ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/table-style.xslt b/products/almalinux9/transforms/table-style.xslt +new file mode 100644 +index 00000000..8b6caeab +--- /dev/null ++++ b/products/almalinux9/transforms/table-style.xslt +@@ -0,0 +1,5 @@ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf-apply-overlay-stig.xslt b/products/almalinux9/transforms/xccdf-apply-overlay-stig.xslt +new file mode 100644 +index 00000000..4789419b +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf-apply-overlay-stig.xslt +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf2stigformat.xslt b/products/almalinux9/transforms/xccdf2stigformat.xslt +new file mode 100644 +index 00000000..a4e7d736 +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf2stigformat.xslt +@@ -0,0 +1,7 @@ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf2table-cce.xslt b/products/almalinux9/transforms/xccdf2table-cce.xslt +new file mode 100644 +index 00000000..f156a669 +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf2table-cce.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux9/transforms/xccdf2table-profileccirefs.xslt +new file mode 100644 +index 00000000..30419e92 +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf2table-profileccirefs.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf2table-profilecisrefs.xslt b/products/almalinux9/transforms/xccdf2table-profilecisrefs.xslt +new file mode 100644 +index 00000000..07d32124 +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf2table-profilecisrefs.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf2table-profilenistrefs-cui.xslt b/products/almalinux9/transforms/xccdf2table-profilenistrefs-cui.xslt +new file mode 100644 +index 00000000..15efdd5f +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf2table-profilenistrefs-cui.xslt +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf2table-profilenistrefs.xslt b/products/almalinux9/transforms/xccdf2table-profilenistrefs.xslt +new file mode 100644 +index 00000000..ea9f8b0d +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf2table-profilenistrefs.xslt +@@ -0,0 +1,8 @@ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/products/almalinux9/transforms/xccdf2table-stig.xslt b/products/almalinux9/transforms/xccdf2table-stig.xslt +new file mode 100644 +index 00000000..a71d8364 +--- /dev/null ++++ b/products/almalinux9/transforms/xccdf2table-stig.xslt +@@ -0,0 +1,9 @@ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml +index ae220357..ebc16529 100644 +--- a/shared/checks/oval/install_mcafee_hbss.xml ++++ b/shared/checks/oval/install_mcafee_hbss.xml +@@ -10,6 +10,7 @@ + multi_platform_ol + multi_platform_rhcos + multi_platform_rhel ++multi_platform_almalinux + multi_platform_rhv + multi_platform_sle + multi_platform_ubuntu +diff --git a/shared/checks/oval/installed_OS_is_almalinux9.xml b/shared/checks/oval/installed_OS_is_almalinux9.xml +new file mode 100644 +index 00000000..168031ef +--- /dev/null ++++ b/shared/checks/oval/installed_OS_is_almalinux9.xml +@@ -0,0 +1,36 @@ ++ ++ ++ ++ AlmaLinux 9 ++ ++ multi_platform_all ++ ++ ++ ++ The operating system installed on the system is ++ AlmaLinux 9 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ^9.*$ ++ ++ ++ almalinux-release ++ ++ ++ +diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +index f971d28a..d428964a 100644 +--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml ++++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml +@@ -10,6 +10,7 @@ + multi_platform_ol + multi_platform_rhcos + multi_platform_rhel ++multi_platform_almalinux + multi_platform_rhv + multi_platform_sle + multi_platform_ubuntu +diff --git a/shared/references/disa-stig-ol7-v2r7-xccdf-manual.xml b/shared/references/disa-stig-ol7-v2r7-xccdf-manual.xml +index 7553e937..4b1d81be 100644 +--- a/shared/references/disa-stig-ol7-v2r7-xccdf-manual.xml ++++ b/shared/references/disa-stig-ol7-v2r7-xccdf-manual.xml +@@ -930,7 +930,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us + $ sudo grep -iw grub2_password /boot/grub2/user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] + +-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -942,7 +942,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not + + Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command: + +-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg ++$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] + + If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>OL07-00-010500The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. +@@ -1843,7 +1843,7 @@ On BIOS-based machines, use the following command: + + On UEFI-based machines, use the following command: + +-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg ++# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg + + If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command: + +@@ -1874,7 +1874,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm + + If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command: + +-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. ++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. + + # grep fips /boot/grub2/grub.cfg + /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet +@@ -1969,14 +1969,14 @@ All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux + + If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>OL07-00-021700The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089SV-108367V-99263CCI-001813Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media. + +-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. ++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. + + Check for the existence of alternate boot loader configuration files with the following command: + + # find / -name grub.cfg + /boot/grub2/grub.cfg + +-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/redhat", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. ++If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/almalinux", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. + + Check that the grub configuration file has the set root command in each menu entry with the following commands: + +@@ -4473,7 +4473,7 @@ export superusers + If "superusers" is identical to any OS account name or is missing a name, this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010492Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu. + The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089CCI-000213Configure the system to require a grub bootloader password for the grub superusers account. + +-Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section: ++Edit the /boot/efi/EFI/almalinux/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section: + + set superusers="[someuniquestringhere]" + export superusers +@@ -4482,7 +4482,7 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. ++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -446,7 +446,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable. ++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. + + Verify that a unique name is set as the "superusers" account: + +-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg ++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg + set superusers="[someuniqueUserNamehere]" + export superusers + +diff --git a/shared/references/disa-stig-rhel7-v3r7-xccdf-manual.xml b/shared/references/disa-stig-rhel7-v3r7-xccdf-manual.xml +index 2c680d73..9e99a340 100644 +--- a/shared/references/disa-stig-rhel7-v3r7-xccdf-manual.xml ++++ b/shared/references/disa-stig-rhel7-v3r7-xccdf-manual.xml +@@ -906,7 +906,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us + $ sudo grep -iw grub2_password /boot/grub2/user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] + +-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010491Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-95719V-81007CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010491Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-95719V-81007CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -918,7 +918,7 @@ For systems that are running a version of RHEL prior to 7.2, this is Not Applica + + Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command: + +-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg ++$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg + GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash] + + If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>RHEL-07-010500The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system. +@@ -1867,7 +1867,7 @@ On BIOS-based machines, use the following command: + + On UEFI-based machines, use the following command: + +-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg ++# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg + + If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command: + +@@ -1898,7 +1898,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm + + If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command: + +-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. ++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. + + # grep fips /boot/grub2/grub.cfg + /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet +@@ -1996,14 +1996,14 @@ All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux + + If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>RHEL-07-021700The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-86699V-72075CCI-000318CCI-000368CCI-001812CCI-001813CCI-001814Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media. + +-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. ++Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. + + Check for the existence of alternate boot loader configuration files with the following command: + + # find / -name grub.cfg + /boot/grub2/grub.cfg + +-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/redhat", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. ++If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/almalinux", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. + + Check that the grub configuration file has the set root command in each menu entry with the following commands: + +@@ -4461,7 +4461,7 @@ Verify that a unique name is set as the "superusers" account: + If "superusers" is identical to any OS account name or is missing a name, this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010492Red Hat Enterprise Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu. + The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899CCI-000213Configure the system to have a unique name for the grub superusers account. + +-Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section: ++Edit the /boot/efi/EFI/almalinux/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section: + + set superusers="[someuniquestringhere]" + export superusers +@@ -4471,7 +4471,7 @@ For systems that are running a version of RHEL prior to 7.2, this is Not Applica + + Verify that a unique name is set as the "superusers" account: + +-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg ++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg + set superusers="[someuniquestringhere]" + export superusers + +diff --git a/shared/references/disa-stig-rhel7-v3r7-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r7-xccdf-scap.xml +index c648ce64..8aa8a223 100644 +--- a/shared/references/disa-stig-rhel7-v3r7-xccdf-scap.xml ++++ b/shared/references/disa-stig-rhel7-v3r7-xccdf-scap.xml +@@ -3236,7 +3236,7 @@ Confirm password: + SV-95719 + V-81007 + CCI-000213 +- Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++ Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -4010,7 +4010,7 @@ On BIOS-based machines, use the following command: + + On UEFI-based machines, use the following command: + +-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg ++# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg + + If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command: + +@@ -7497,7 +7497,8 @@ Note: The "[value]" must be a number that is greater than or equal to "0".Disable Prelinking + + multi_platform_fedora +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + multi_platform_rhel-osp + + The prelinking feature can interfere with the operation of +@@ -7528,7 +7529,8 @@ Note: The "[value]" must be a number that is greater than or equal to "0". + Package openssh-server Removed + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + multi_platform_fedora + multi_platform_sle + +@@ -8444,7 +8446,8 @@ Password complexity is one factor of several that determines how long it takes t + + Limit Password Reuse + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + multi_platform_fedora + + The passwords to remember should be set correctly. +@@ -8466,7 +8469,8 @@ Password complexity is one factor of several that determines how long it takes t + + RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements. + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. + +@@ -8560,7 +8564,8 @@ Terminating network connections associated with communications sessions includes + + RHEL-07-030410 - The Red Hat Enterprise Linux operating system must audit all uses of the chmod, fchmod and fchmodat syscalls. + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one. + +@@ -8616,7 +8621,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + RHEL-07-030370 - The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat and lchown syscalls. + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + + +@@ -8662,7 +8668,8 @@ When a user logs on, the auid is set to the uid of the account that is being aut + + RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr syscalls. + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + + +@@ -9759,7 +9766,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Disable Host-Based Authentication + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + SSH host-based authentication should be disabled. + +@@ -9774,7 +9782,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Package prelink Removed + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + The RPM package prelink should be removed. + +@@ -9917,7 +9926,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Mount Remote Filesystems with nosuid + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + + +@@ -9947,7 +9957,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Package net-snmp Removed + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + The RPM package net-snmp should be removed. + +@@ -9974,7 +9985,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Package telnet-server Removed + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + The RPM package telnet-server should be removed. + +@@ -10002,7 +10014,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Package vsftpd Removed + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + The RPM package vsftpd should be removed. + +@@ -10015,7 +10028,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Package xorg-x11-server-common Removed + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + multi_platform_fedora + + +@@ -10044,7 +10058,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Ensure /home Located On Separate Partition + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + If user home directories will be stored locally, create a + separate partition for /home. If /home will be mounted from another +@@ -10062,7 +10077,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Ensure /var Located On Separate Partition + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + + +@@ -10080,7 +10096,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Ensure /var/log/audit Located On Separate Partition + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + + +@@ -10099,7 +10116,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + Verify File Hashes with RPM + + multi_platform_fedora +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + Verify the RPM digests of system binaries using the RPM database. + +@@ -10173,7 +10191,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Ensure Only Protocol 2 Connections Allowed + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + multi_platform_debian + multi_platform_ubuntu + +@@ -10209,7 +10228,8 @@ The system call rules are loaded into a matching engine that intercepts each sys + + Disable .rhosts Files + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + + +@@ -10274,7 +10294,8 @@ This should be disabled. + + Do Not Allow Users to Set Environment Options + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + + PermitUserEnvironment should be disabled + +@@ -10626,7 +10647,8 @@ By specifying a cipher list with the order of ciphers being in a "strongest to w + + Package openssh-server is version 7.4 or higher + +- multi_platform_rhel ++ multi_platform_rhel ++multi_platform_almalinux + multi_platform_fedora + multi_platform_sle + +@@ -10868,12 +10890,12 @@ The ability to enable/disable a session lock is given to the user by default. Di + The UEFI grub2 boot loader should have password protection enabled. + + +- ++ + +- ++ + +- +- ++ ++ + + + +@@ -11880,7 +11902,7 @@ The ability to enable/disable a session lock is given to the user by default. Di + + + +- ++ + + + +@@ -12442,10 +12464,10 @@ The ability to enable/disable a session lock is given to the user by default. Di + + + +- ++ + + +- ++ + + + +@@ -14017,7 +14039,7 @@ The ability to enable/disable a session lock is given to the user by default. Di + /boot/grub2/grub.cfg + + +- /boot/efi/EFI/redhat/grub.cfg ++ /boot/efi/EFI/almalinux/grub.cfg + + + +@@ -14857,12 +14879,12 @@ The ability to enable/disable a session lock is given to the user by default. Di + 1 + + +- /boot/efi/EFI/redhat/user.cfg ++ /boot/efi/EFI/almalinux/user.cfg + ^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512\.\S+$ + 1 + + +- /boot/efi/EFI/redhat/grub.cfg ++ /boot/efi/EFI/almalinux/grub.cfg + ^[\s]*set[\s]+superusers=\"\S+\"$ + 1 + +@@ -15365,7 +15387,7 @@ The ability to enable/disable a session lock is given to the user by default. Di + + + /boot/grub2/grub.cfg +- /boot/efi/EFI/redhat/grub.cfg ++ /boot/efi/EFI/almalinux/grub.cfg + + + +diff --git a/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml +index 1bd2fb7b..521755f5 100644 +--- a/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml ++++ b/shared/references/disa-stig-rhel8-v1r5-xccdf-scap.xml +@@ -2540,7 +2540,7 @@ SHA_CRYPT_MIN_ROUNDS 5000 + 2921 + + CCI-000213 +- Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++ Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -9681,11 +9681,11 @@ Passwords need to be protected at all times, and encryption is the standard meth + + If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu. + +- +- ++ ++ + +- +- ++ ++ + + + +@@ -10437,7 +10437,7 @@ Configuration settings are the set of parameters that can be changed in hardware + The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access. + + +- ++ + + + +@@ -13688,15 +13688,15 @@ The sysctl --system command will load settings from all system configuration fil + + + +- ++ + + + +- ++ + + + +- ++ + + + +@@ -15218,18 +15218,18 @@ The sysctl --system command will load settings from all system configuration fil + ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b + 1 + +- +- /boot/efi/EFI/redhat/grub.cfg ++ ++ /boot/efi/EFI/almalinux/grub.cfg + ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$ + 1 + +- +- /boot/efi/EFI/redhat/user.cfg ++ ++ /boot/efi/EFI/almalinux/user.cfg + ^\s*GRUB2_PASSWORD=(\S+)\b + 1 + +- +- /boot/efi/EFI/redhat/grub.cfg ++ ++ /boot/efi/EFI/almalinux/grub.cfg + + + /boot/grub2/grub.cfg +diff --git a/shared/references/disa-stig-rhel8-v1r6-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r6-xccdf-manual.xml +index 849ab06f..1a4927ee 100644 +--- a/shared/references/disa-stig-rhel8-v1r6-xccdf-manual.xml ++++ b/shared/references/disa-stig-rhel8-v1r6-xccdf-manual.xml +@@ -368,7 +368,7 @@ $ sudo egrep "^SHA_CRYPT_" /etc/login.defs + + If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding. + +-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file. ++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file. + + Generate an encrypted grub2 password for the grub superusers account with the following command: + +@@ -378,7 +378,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable. ++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable. + + Verify that a unique name is set as the "superusers" account: + +-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg ++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg + set superusers="[someuniquestringhere]" + export superusers + +diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template +index 7383c68f..43cff8bd 100644 +--- a/shared/templates/accounts_password/ansible.template ++++ b/shared/templates/accounts_password/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template +index 9633b681..674973a5 100644 +--- a/shared/templates/accounts_password/bash.template ++++ b/shared/templates/accounts_password/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template +index 888f76e9..ae66d5d2 100644 +--- a/shared/templates/audit_rules_dac_modification/ansible.template ++++ b/shared/templates/audit_rules_dac_modification/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template +index 9b57c665..b5b584f0 100644 +--- a/shared/templates/audit_rules_dac_modification/bash.template ++++ b/shared/templates/audit_rules_dac_modification/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template +index c54bd839..f1e948db 100644 +--- a/shared/templates/audit_rules_file_deletion_events/ansible.template ++++ b/shared/templates/audit_rules_file_deletion_events/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template +index e7158afa..02766651 100644 +--- a/shared/templates/audit_rules_file_deletion_events/bash.template ++++ b/shared/templates/audit_rules_file_deletion_events/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template +index 09d2e056..2b20c215 100644 +--- a/shared/templates/audit_rules_login_events/ansible.template ++++ b/shared/templates/audit_rules_login_events/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template +index c94b1073..a7a1623c 100644 +--- a/shared/templates/audit_rules_login_events/bash.template ++++ b/shared/templates/audit_rules_login_events/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + +diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template +index 8c1361b7..6280a411 100644 +--- a/shared/templates/audit_rules_path_syscall/ansible.template ++++ b/shared/templates/audit_rules_path_syscall/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template +index 332c87de..cdcf6352 100644 +--- a/shared/templates/audit_rules_path_syscall/bash.template ++++ b/shared/templates/audit_rules_path_syscall/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template +index a6c72166..7b462684 100644 +--- a/shared/templates/audit_rules_privileged_commands/ansible.template ++++ b/shared/templates/audit_rules_privileged_commands/ansible.template +@@ -1,7 +1,7 @@ + {{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x=" -F perm=x" %}} + {{%- endif %}} +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template +index 7e4b02f7..6b3d2cd2 100644 +--- a/shared/templates/audit_rules_privileged_commands/bash.template ++++ b/shared/templates/audit_rules_privileged_commands/bash.template +@@ -1,7 +1,7 @@ + {{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} + {{%- set perm_x=" -F perm=x" %}} + {{%- endif %}} +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + ACTION_ARCH_FILTERS="-a always,exit" + OTHER_FILTERS="-F path={{{ PATH }}}{{{ perm_x }}}" +diff --git a/shared/templates/audit_rules_syscall_events/ansible.template b/shared/templates/audit_rules_syscall_events/ansible.template +index 8c6ee906..cac54d94 100644 +--- a/shared/templates/audit_rules_syscall_events/ansible.template ++++ b/shared/templates/audit_rules_syscall_events/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template +index bd5bb94c..d1f68626 100644 +--- a/shared/templates/audit_rules_syscall_events/bash.template ++++ b/shared/templates/audit_rules_syscall_events/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template +index 1e930bcf..58d026a4 100644 +--- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template ++++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template +index ff9a4f5e..ae7f6000 100644 +--- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template ++++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + # First perform the remediation of the syscall rule + # Retrieve hardware architecture of the underlying system +diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template +index 87c8d2ce..57a2d0c0 100644 +--- a/shared/templates/audit_rules_usergroup_modification/ansible.template ++++ b/shared/templates/audit_rules_usergroup_modification/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template +index 62faac34..3461e4e2 100644 +--- a/shared/templates/audit_rules_usergroup_modification/bash.template ++++ b/shared/templates/audit_rules_usergroup_modification/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' + +diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template +index bebe5ccb..11d89c67 100644 +--- a/shared/templates/grub2_bootloader_argument/ansible.template ++++ b/shared/templates/grub2_bootloader_argument/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = medium +diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template +index 965f4d38..7289a1c0 100644 +--- a/shared/templates/grub2_bootloader_argument/bash.template ++++ b/shared/templates/grub2_bootloader_argument/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + {{# + See the OVAL template for more comments. + Product-specific categorization should be synced across all template content types +diff --git a/shared/templates/grub2_bootloader_argument/blueprint.template b/shared/templates/grub2_bootloader_argument/blueprint.template +index 7e9ea909..152f2730 100644 +--- a/shared/templates/grub2_bootloader_argument/blueprint.template ++++ b/shared/templates/grub2_bootloader_argument/blueprint.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + {{%- if ARG_VARIABLE %}} + {{%- set ARG_NAME_VALUE = ARG_NAME ~ "=(blueprint-populate " ~ ARG_VARIABLE ~ ")" -%}} + {{%- endif %}} +diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh +index a270be45..b21bae02 100644 +--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh ++++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Removes argument from kernel command line in /etc/default/grub + if grep -q '^GRUB_CMDLINE_LINUX=.*{{{ARG_NAME}}}=.*"' '/etc/default/grub' ; then +diff --git a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh +index 16bce0e2..8af371ff 100644 +--- a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh ++++ b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = grub2,grubby + + {{{ grub2_bootloader_argument_remediation(ARG_NAME, ARG_NAME_VALUE) }}} +diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh +index 09861aad..2467a0de 100644 +--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh ++++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Removes argument from kernel command line in /boot/loader/entries/*.conf + +diff --git a/shared/templates/grub2_bootloader_argument_absent/ansible.template b/shared/templates/grub2_bootloader_argument_absent/ansible.template +index 51fc98b7..c6b147d8 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/ansible.template ++++ b/shared/templates/grub2_bootloader_argument_absent/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = true + # strategy = restrict + # complexity = medium +diff --git a/shared/templates/grub2_bootloader_argument_absent/bash.template b/shared/templates/grub2_bootloader_argument_absent/bash.template +index 8d7d6e9e..18b900e5 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/bash.template ++++ b/shared/templates/grub2_bootloader_argument_absent/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + {{# + See the OVAL template for more comments. + Product-specific categorization should be synced across all template content types +diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh +index 46ca3362..76c1ce48 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh ++++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = grub2-tools,grubby + + # Adds argument from kernel command line in /etc/default/grub +diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh +index e5ce738c..c124317b 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh ++++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = grub2-tools,grubby + + # Adds argument with a value from kernel command line in /etc/default/grub +diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh +index 511a6433..5402480a 100644 +--- a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh ++++ b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = grub2,grubby + + # Ensure the kernel command line for each installed kernel in the bootloader +diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template +index 7a68dc30..5dce7123 100644 +--- a/shared/templates/kernel_module_disabled/ansible.template ++++ b/shared/templates/kernel_module_disabled/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template +index 101e095b..b24b4abc 100644 +--- a/shared/templates/kernel_module_disabled/bash.template ++++ b/shared/templates/kernel_module_disabled/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/kernel_module_disabled/kubernetes.template b/shared/templates/kernel_module_disabled/kubernetes.template +index 487f8967..be113a60 100644 +--- a/shared/templates/kernel_module_disabled/kubernetes.template ++++ b/shared/templates/kernel_module_disabled/kubernetes.template +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template +index fdcb4ee3..0d1d8dc2 100644 +--- a/shared/templates/mount/anaconda.template ++++ b/shared/templates/mount/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/mount/blueprint.template b/shared/templates/mount/blueprint.template +index 56617467..3cdacd4d 100644 +--- a/shared/templates/mount/blueprint.template ++++ b/shared/templates/mount/blueprint.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + [[customizations.filesystem]] + mountpoint = "{{{ MOUNTPOINT }}}" +diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template +index 083b0ef0..14f7018a 100644 +--- a/shared/templates/mount_option/anaconda.template ++++ b/shared/templates/mount_option/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template +index 8665fb91..07cd9e3a 100644 +--- a/shared/templates/mount_option_removable_partitions/anaconda.template ++++ b/shared/templates/mount_option_removable_partitions/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template +index 0ac55f51..dd0bcdde 100644 +--- a/shared/templates/package_installed/anaconda.template ++++ b/shared/templates/package_installed/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template +index 473feef5..ef56a56a 100644 +--- a/shared/templates/package_installed/bash.template ++++ b/shared/templates/package_installed/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template +index 489f9bb0..0120d927 100644 +--- a/shared/templates/package_removed/anaconda.template ++++ b/shared/templates/package_removed/anaconda.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template +index 0b523cde..70198115 100644 +--- a/shared/templates/sebool/ansible.template ++++ b/shared/templates/sebool/ansible.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template +index 9af01925..dcab0090 100644 +--- a/shared/templates/sebool/bash.template ++++ b/shared/templates/sebool/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15 + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template +index b9bf1b5b..79783edb 100644 +--- a/shared/templates/service_disabled/bash.template ++++ b/shared/templates/service_disabled/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = disable + # complexity = low +diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template +index 1ab45652..724e7b77 100644 +--- a/shared/templates/service_disabled/kubernetes.template ++++ b/shared/templates/service_disabled/kubernetes.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template +index 5571989a..8d3ea035 100644 +--- a/shared/templates/service_enabled/bash.template ++++ b/shared/templates/service_enabled/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = false + # strategy = enable + # complexity = low +diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh +index ebcd6198..9478e033 100644 +--- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh ++++ b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + mkdir -p /etc/ssh/sshd_config.d + touch /etc/ssh/sshd_config.d/nothing +diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh +index 516b2bf3..cb74303e 100644 +--- a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh ++++ b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSHD_PARAM={{{ PARAMETER }}} + SSHD_VAL={{{ VALUE }}} +diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh +index d0392f15..b098efa1 100644 +--- a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh ++++ b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9 + + SSHD_PARAM={{{ PARAMETER }}} + SSHD_VAL="bad_val" +diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template +index cd3424b0..335f4add 100644 +--- a/shared/templates/sysctl/bash.template ++++ b/shared/templates/sysctl/bash.template +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle + # reboot = true + # strategy = disable + # complexity = low +diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template +index 336775e4..854f90a2 100644 +--- a/shared/templates/zipl_bls_entries_option/ansible.template ++++ b/shared/templates/zipl_bls_entries_option/ansible.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # reboot = true + # strategy = configure + # complexity = medium +diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template +index 25cd7432..1ba5c29b 100644 +--- a/shared/templates/zipl_bls_entries_option/bash.template ++++ b/shared/templates/zipl_bls_entries_option/bash.template +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + + # Correct BLS option using grubby, which is a thin wrapper around BLS operations + grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}" +diff --git a/ssg/constants.py b/ssg/constants.py +index d73c6012..7a004ac7 100644 +--- a/ssg/constants.py ++++ b/ssg/constants.py +@@ -41,6 +41,7 @@ SSG_REF_URIS = { + product_directories = [ + 'alinux2', + 'alinux3', ++ 'almalinux9', + 'chromium', + 'debian9', 'debian10', 'debian11', + 'example', +@@ -195,6 +196,7 @@ PKG_MANAGER_TO_CONFIG_FILE = { + FULL_NAME_TO_PRODUCT_MAPPING = { + "Alinux 2": "alinux2", + "Alinux 3": "alinux3", ++ "AlmaLinux 9": "almalinux9", + "Chromium": "chromium", + "Debian 9": "debian9", + "Debian 10": "debian10", +@@ -264,13 +266,14 @@ REFERENCES = dict( + ) + + +-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu", ++MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhv", "debian", "ubuntu", + "opensuse", "sle", "ol", "ocp", "rhcos", + "example", "eks", "alinux", "uos"] + + MULTI_PLATFORM_MAPPING = { + "multi_platform_alinux": ["alinux2"], + "multi_platform_alinux": ["alinux3"], ++ "multi_platform_almalinux": ["almalinux9"], + "multi_platform_debian": ["debian9", "debian10", "debian11"], + "multi_platform_example": ["example"], + "multi_platform_eks": ["eks"], +@@ -456,6 +459,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = { + 'ocp': 'Red Hat OpenShift Container Platform', + 'rhcos': 'Red Hat Enterprise Linux CoreOS', + 'eks': 'Amazon Elastic Kubernetes Service', ++ 'almalinux': 'AlmaLinux', + } + + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml +index ff0b30f0..0116294f 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml ++++ b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml +index 830a59cc..1f1cc354 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,rhcos4,rhel8,rhel9,almalinux9,rhv4 + + title: 'Configure System Cryptography Policy' + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +index efc1cab4..1e1aa628 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = crypto-policies-scripts + + # IMPORTANT: This is a false negative scenario. +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh +index 46d8e341..247389be 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # packages = crypto-policies-scripts + + update-crypto-policies --set "DEFAULT" +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh +index a18ad25b..42f12199 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh +index 04527eb2..748bd157 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh +index 8864a8cd..bc4f09a0 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh +index 33719ca9..bd8cfc01 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +index 6e53c39d..5babe0cc 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh +index 1cb6ea49..238fbcc3 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis_server_l1,xccdf_org.ssgproject.content_profile_cis_workstation_l1 + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh +index 51d35ff9..c6c9565a 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_e8 + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh +index 053c5c1a..656411a8 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +index 07cbb3f6..538bb8b1 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh +index 99d975bc..9c940a47 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2 + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh +index fc7aeeae..479309d4 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9 + # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard + # packages = crypto-policies-scripts + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml +index 5becd90b..691abaf0 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,almalinux9 + + title: 'Uninstall Automatic Bug Reporting Tool (abrt)' + +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml +index 1c1560a8..fc86b614 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh +index 10ecee50..3d3098f4 100644 +--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh ++++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/tests/unit/ssg_test_suite/data/correct.pass.sh b/tests/unit/ssg_test_suite/data/correct.pass.sh +index 8e5e284e..ce1b7941 100644 +--- a/tests/unit/ssg_test_suite/data/correct.pass.sh ++++ b/tests/unit/ssg_test_suite/data/correct.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = sudo,authselect +-# platform = multi_platform_rhel,Fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,Fedora + # profiles = xccdf_org.ssgproject.content_profile_cis + # remediation = none + # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite +diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py +index b161b848..884706e2 100755 +--- a/utils/ansible_playbook_to_role.py ++++ b/utils/ansible_playbook_to_role.py +@@ -57,6 +57,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor) + PRODUCT_WHITELIST = set([ + "rhel7", + "rhel8", ++ "almalinux9", + ]) + + PROFILE_WHITELIST = set([ diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec index 89f26f7..d289bec 100644 --- a/SPECS/scap-security-guide.spec +++ b/SPECS/scap-security-guide.spec @@ -6,7 +6,7 @@ Name: scap-security-guide Version: 0.1.63 -Release: 5%{?dist} +Release: 5%{?dist}.alma Summary: Security guidance and baselines in SCAP formats License: BSD-3-Clause URL: https://github.com/ComplianceAsCode/content/ @@ -23,6 +23,9 @@ Patch6: scap-security-guide-0.1.64-readd_rules-PR_9334.patch Patch7: scap-security-guide-0.1.64-put_back_kernel_core_pattern_bin_false-PR_9384.patch Patch8: scap-security-guide-0.1.64-fix_core_pattern_empty_string-PR_9396.patch +# AlmaLinux 9 +Patch1000: 0001-Add-AlmaLinux-9-support.patch + BuildRequires: libxslt BuildRequires: expat BuildRequires: openscap-scanner >= 1.2.5 @@ -55,7 +58,7 @@ The %{name}-doc package contains HTML formatted documents containing hardening guidances that have been generated from XCCDF benchmarks present in %{name} package. -%if ( %{defined rhel} && (! %{defined centos}) ) +%if %{defined rhel} %package rule-playbooks Summary: Ansible playbooks per each rule. Group: System Environment/Base @@ -76,6 +79,9 @@ The %{name}-rule-playbooks package contains individual ansible playbooks per rul %if 0%{?centos} %define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_RHEL%{centos}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON %endif +%if 0%{?almalinux} +%define cmake_defines_specific -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE -DSSG_PRODUCT_ALMALINUX%{almalinux}:BOOLEAN=TRUE -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON +%endif mkdir -p build %build @@ -101,13 +107,16 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md %doc %{_docdir}/%{name}/guides/*.html %doc %{_docdir}/%{name}/tables/*.html -%if ( %{defined rhel} && (! %{defined centos}) ) +%if %{defined rhel} %files rule-playbooks %defattr(-,root,root,-) %{_datadir}/%{name}/ansible/rule_playbooks %endif %changelog +* Thu Oct 27 2022 Andrew Lukoshko - 0.1.63-5.alma +- Add AlmaLinux 9 support + * Thu Aug 25 2022 Gabriel Becker - 0.1.63-5 - OSPP: fix rule related to coredump (RHBZ#2081688)