From a43277492557ac1311c2e8bb530139f87400a462 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Fri, 1 Apr 2022 13:34:19 +0300 Subject: [PATCH] AlmaLinux changes --- SOURCES/0001-Add-AlmaLinux-8-support.patch | 32027 +++++++++++++++++++ SPECS/scap-security-guide.spec | 33 +- 2 files changed, 32042 insertions(+), 18 deletions(-) create mode 100644 SOURCES/0001-Add-AlmaLinux-8-support.patch diff --git a/SOURCES/0001-Add-AlmaLinux-8-support.patch b/SOURCES/0001-Add-AlmaLinux-8-support.patch new file mode 100644 index 0000000..6f44d91 --- /dev/null +++ b/SOURCES/0001-Add-AlmaLinux-8-support.patch @@ -0,0 +1,32027 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index 19424601..e1d5ca01 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -64,6 +64,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + # Products to build content for. These generally correspond to directories in + # the root of this project. Note that the example product is always disabled + # unless explicitly asked for. ++option(SSG_PRODUCT_ALMALINUX8 "If enabled, the AlmaLinux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN9 "If enabled, the Debian 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +@@ -259,6 +260,7 @@ endif() + message(STATUS " ") + + message(STATUS "Products:") ++message(STATUS "AlmaLinux 8: ${SSG_PRODUCT_ALMALINUX8}") + message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") + message(STATUS "Debian 9: ${SSG_PRODUCT_DEBIAN9}") + message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") +@@ -325,6 +327,9 @@ ssg_build_bash_remediation_functions() + + ssg_build_man_page() + ++if (SSG_PRODUCT_ALMALINUX8) ++ add_subdirectory("products/almalinux8" "almalinux8") ++endif() + if (SSG_PRODUCT_CHROMIUM) + add_subdirectory("products/chromium" "chromium") + endif() +diff --git a/build_product b/build_product +index 8a186fba..9e03f675 100755 +--- a/build_product ++++ b/build_product +@@ -282,6 +282,7 @@ set_explict_build_targets() { + # Get this using + # grep 'option(SSG_PRODUCT' CMakeLists.txt | sed -e 's/option(SSG_PRODUCT_\(\w\+\).*/\1/' + all_cmake_products=( ++ ALMALINUX8 + CHROMIUM + DEBIAN9 + DEBIAN10 +diff --git a/controls/anssi.yml b/controls/anssi.yml +index 7737e67e..d9527752 100644 +--- a/controls/anssi.yml ++++ b/controls/anssi.yml +@@ -292,7 +292,7 @@ controls: + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_oracle_gpgkey_installed + + - id: R16 +diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml +index c0d3f5f4..35bf6bd9 100644 +--- a/controls/cis_rhel8.yml ++++ b/controls/cis_rhel8.yml +@@ -283,7 +283,7 @@ controls: + - l1_workstation + automated: no + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.4 + title: Ensure gpgcheck is globally activated (Automated) +@@ -1743,7 +1743,7 @@ controls: + # NEEDS RULE + # The current sshd_enable_warning_banner rule uses /etc/issue instead + # of the /etc/issue.net that the benchmark expects. +- # ++ # + - id: 5.2.15 + title: Ensure SSH warning banner is configured (Automated) + levels: +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml +index 14ea150a..0f9407b4 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Check Avahi Responses'' TTL Field' + +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml +index 36bb0308..949fda55 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Serve Avahi Only via Required Protocol' + +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml +index 69c83eef..a7d9e163 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Prevent Other Programs from Using Avahi''s Port' + +diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml +index 0db51bd1..b7cf62ec 100644 +--- a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml ++++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Information Published by Avahi' + +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +index d76a96c7..9375ec19 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Disable Avahi Server Software' + +diff --git a/linux_os/guide/services/base/package_abrt_removed/rule.yml b/linux_os/guide/services/base/package_abrt_removed/rule.yml +index e05c15f7..0f37bf27 100644 +--- a/linux_os/guide/services/base/package_abrt_removed/rule.yml ++++ b/linux_os/guide/services/base/package_abrt_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Uninstall Automatic Bug Reporting Tool (abrt)' + +@@ -27,7 +27,7 @@ identifiers: + references: + disa: CCI-000381 + srg: SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040001 ++ stigid@almalinux8: RHEL-08-040001 + + {{{ complete_ocil_entry_package(package="abrt") }}} + +diff --git a/linux_os/guide/services/base/package_psacct_installed/rule.yml b/linux_os/guide/services/base/package_psacct_installed/rule.yml +index b5a0e717..0b6a33ff 100644 +--- a/linux_os/guide/services/base/package_psacct_installed/rule.yml ++++ b/linux_os/guide/services/base/package_psacct_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install the psacct package' + +diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +index d256bd67..cb2d218f 100644 +--- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable Automatic Bug Reporting Tool (abrtd)' + +diff --git a/linux_os/guide/services/base/service_acpid_disabled/rule.yml b/linux_os/guide/services/base/service_acpid_disabled/rule.yml +index cc474092..7a910128 100644 +--- a/linux_os/guide/services/base/service_acpid_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_acpid_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Advanced Configuration and Power Interface (acpid)' + +diff --git a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml +index 095ff4a2..3cb513e8 100644 +--- a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Certmonger Service (certmonger)' + +diff --git a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +index 9f84398d..acd7e3c1 100644 +--- a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Disable Cockpit Management Server' + +diff --git a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml +index 3328abe3..c4221608 100644 +--- a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable CPU Speed (cpupower)' + +diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +index 1f6a233e..9f3a4d6b 100644 +--- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda ++++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + kdump --disable +diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml +index ce021c74..91fe4ec4 100644 +--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Disable KDump Kernel Crash Analyzer (kdump)' + +@@ -40,7 +40,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-021300 + stigid@rhel7: RHEL-07-021300 +- stigid@rhel8: RHEL-08-010670 ++ stigid@almalinux8: RHEL-08-010670 + stigid@sle12: SLES-12-010840 + stigid@sle15: SLES-15-040190 + stigid@ubuntu2004: UBTU-20-010413 +diff --git a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml +index 04a7fb5d..728f96cf 100644 +--- a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Software RAID Monitor (mdmonitor)' + +diff --git a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml +index 19ffe27e..b4231f8b 100644 +--- a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Network Console (netconsole)' + +diff --git a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +index 12d26e4e..e9b7bdac 100644 +--- a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable ntpdate Service (ntpdate)' + +diff --git a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +index 77f7e4f4..e68dfa7f 100644 +--- a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable Odd Job Daemon (oddjobd)' + +diff --git a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml +index fceb228b..3819ac65 100644 +--- a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Portreserve (portreserve)' + +diff --git a/linux_os/guide/services/base/service_psacct_enabled/rule.yml b/linux_os/guide/services/base/service_psacct_enabled/rule.yml +index fa34b99f..a1264aca 100644 +--- a/linux_os/guide/services/base/service_psacct_enabled/rule.yml ++++ b/linux_os/guide/services/base/service_psacct_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable Process Accounting (psacct)' + +diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +index ecdd76ec..a87c33b7 100644 +--- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable Apache Qpid (qpidd)' + +diff --git a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml +index a04bd5ce..3e9aa353 100644 +--- a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Quota Netlink (quota_nld)' + +diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +index 37cc6549..593318ef 100644 +--- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable Network Router Discovery Daemon (rdisc)' + +diff --git a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +index c46674a2..c44afdd1 100644 +--- a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable Red Hat Network Service (rhnsd)' + +diff --git a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml +index 93240d9b..e1ea7a80 100644 +--- a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Red Hat Subscription Manager Daemon (rhsmcertd)' + +diff --git a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml +index d6409183..f802628e 100644 +--- a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Cyrus SASL Authentication Daemon (saslauthd)' + +diff --git a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml +index be42e5dd..b3af30ca 100644 +--- a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml ++++ b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable System Statistics Reset Service (sysstat)' + +diff --git a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml +index 93206153..0ac567a3 100644 +--- a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml ++++ b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable anacron Service' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +index 23f77426..2821e287 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +index 94e31f5e..2937a41c 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +index f5b9c87f..f60b09b3 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +index 61f87879..f1fe2e98 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +index 35d4324c..827a33e8 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Group Who Owns cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +index c3986461..dcab852d 100644 +--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Group Who Owns Crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +index 2106fc0e..8f823e14 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Owner on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +index 09f8b220..4ada81e5 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Owner on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +index ce3210e1..531f5e0b 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Owner on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +index d66eb78e..5f0b15b5 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Owner on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +index b29ae87f..fdcff62c 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Owner on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +index a28d4fa7..7c901490 100644 +--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Owner on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +index 7310cfba..f63a83e4 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.d' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +index 69eac888..05e342a2 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.daily' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +index 256f1707..0a85690e 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.hourly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +index 7713a468..6df6fcd5 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.monthly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +index c111a154..fc12a722 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Permissions on cron.weekly' + +diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +index 1cf1d414..6cb9298f 100644 +--- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml ++++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Permissions on crontab' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +index 59a432ee..d6d22fc0 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle15 + + title: 'Verify Group Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +index f68f9293..c86deea0 100644 +--- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml ++++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle15 + + title: 'Verify User Who Owns /etc/cron.allow file' + +diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +index f710f01e..2a19ca89 100644 +--- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable At Service (atd)' + +diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +index 96998c18..05f33306 100644 +--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml ++++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Enable cron Service' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml +index 6baf9026..81a9ad03 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Logging' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml +index 1d825698..8c28acb9 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Deny BOOTP Queries' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml +index 4b0fa9a5..f50fe476 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Deny Decline Messages' + +diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml +index e9cdf799..71db5eef 100644 +--- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml ++++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Do Not Use Dynamic DNS' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml +index 6c9c0b02..bda84dff 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable DHCP Client in ifcfg' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +index d66078ac..8ced3d6f 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 + + title: 'Uninstall DHCP Server Package' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +index 79a554aa..e0f3407a 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable DHCP Service' + +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_disabled.pass.sh b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_disabled.pass.sh +index 106fa973..8b336374 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_disabled.pass.sh ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_disabled.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # packages = dhcp-server + + systemctl stop dhcpd +diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_enabled.fail.sh b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_enabled.fail.sh +index 83a1887e..6e803cf5 100644 +--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_enabled.fail.sh ++++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/tests/rhel8_enabled.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # packages = dhcp-server + + # Simple configuration for dhcp so we can start the service +diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +index 0c0afbed..68e94178 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004 + + title: 'Uninstall bind Package' + +diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +index ad48971c..55a47e6c 100644 +--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml ++++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable named Service' + +diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml +index f8220f53..239b7f2e 100644 +--- a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Authenticate Zone Transfers' + +diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml +index 175cc987..a271f9e8 100644 +--- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Dynamic Updates' + +diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml +index 05aa2344..8c441644 100644 +--- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml ++++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Zone Transfers from the Nameserver' + +diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +index 1c526f6b..05d61a7b 100644 +--- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml ++++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Install fapolicyd Package' + +@@ -22,7 +22,7 @@ references: + disa: CCI-001764 + nist: CM-6(a),SI-4(22) + srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154 +- stigid@rhel8: RHEL-08-040135 ++ stigid@almalinux8: RHEL-08-040135 + + ocil_clause: 'the package is not installed' + +diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +index 4a1cd166..2f00a8c2 100644 +--- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml ++++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhcos4,rhel8,rhel9 ++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Enable the File Access Policy Service' + +@@ -24,7 +24,7 @@ references: + nist: CM-6(a),SI-4(22) + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154 +- stigid@rhel8: RHEL-08-040136 ++ stigid@almalinux8: RHEL-08-040136 + + ocil_clause: 'the service is not enabled' + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +index 4602d5c7..2805c73a 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Uninstall vsftpd Package' + +@@ -33,7 +33,7 @@ references: + srg: SRG-OS-000074-GPOS-00042,SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040690 + stigid@rhel7: RHEL-07-040690 +- stigid@rhel8: RHEL-08-040360 ++ stigid@almalinux8: RHEL-08-040360 + stigid@sle12: SLES-12-030011 + stigid@sle15: SLES-15-010030 + +diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +index bdd7f045..d613b728 100644 +--- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml ++++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable vsftpd Service' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml +index f94beaf6..72143561 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable FTP Uploads if Possible' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml +index 62818647..6c59fe87 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Place the FTP Home Directory on its Own Partition' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml +index 3f9a0e0d..04625628 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Enable Logging of All FTP Transactions' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml +index 3cacb857..0ce945f0 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,sle12 ++prodtype: fedora,rhel7,rhel8,almalinux8,sle12 + + title: 'Create Warning Banners for All FTP Users' + +diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml +index 2782961b..e74183f3 100644 +--- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Restrict Access to Anonymous Users if Possible' + +diff --git a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml +index 6aa51e73..289415f1 100644 +--- a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml ++++ b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Install vsftpd Package' + +diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +index 0f543c9b..1e2a4465 100644 +--- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Uninstall httpd Package' + +diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +index cdc6ba69..6f6b1f12 100644 +--- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml ++++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable httpd Service' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +index bb71b36f..38cbb050 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Error Log Format' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +index 3a9b317b..e04b503d 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure The Number of Allowed Simultaneous Requests' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml +index 136cd7cc..77021742 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Scan All Uploaded Content for Malicious Software' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml +index 2d0a5c51..8de48bb4 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure firewall to Allow Access to the Web Server' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml +index afc9519f..09dc97cb 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure Remote Administrative Access Is Encrypted' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml +index 91174c07..50ceb9d0 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set Permissions on the /etc/httpd/conf/ Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml +index dedc508f..5f0e74c8 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set Permissions on the /var/log/httpd/ Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +index d8631eb9..1fc8f7b4 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,almalinux8,rhel9 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +index 5227203b..e31765b0 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,almalinux8,rhel9 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +index 1af8689b..a0623cc7 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,almalinux8,rhel9 + + title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml +index e09f15a6..8be87c58 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'HTTPD Log Files Must Be Owned By Root' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +index e04cdfd5..827288f8 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure HTTP PERL Scripts To Use TAINT Option' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +index 130a822f..dd60cb4a 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Web Content Directories Must Not Be Shared Anonymously' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +index 28cab365..226e53e4 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Remove Write Permissions From Filesystem Paths And Server Scripts' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +index 81f39f7b..49ce8bcd 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Anonymous FTP Access' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +index cb6e4ef5..813459fd 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ignore HTTPD .htaccess Files' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml +index fb02b8d4..93de1f84 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Limit Available Methods' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml +index 2194e268..496484d0 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Other Critical Directories' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml +index a02162aa..87ec21b7 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Root Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml +index cb5e5231..0f53af52 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Restrict Web Directory' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +index ea7ab8bf..89776d62 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'MIME types for csh or sh shell programs must be disabled' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +index f324b60e..bc49ebc1 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable HTTPD Error Logging' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +index e8bb96b2..d3d67773 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable HTTPD LogLevel' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +index 33b9a33e..2d953da2 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable HTTPD System Logging' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +index fcf1c504..b4d29e35 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'The web server password(s) must be entrusted to the SA or Web Manager' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml +index 97b49e06..47d23073 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Cache Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml +index 20ec65bd..34d59440 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable CGI Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml +index 5bef0902..ac5afa64 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable HTTP Digest Authentication' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +index 250f3ba6..6fbb5909 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable log_config_module For HTTPD Logging' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml +index 6afbb503..e3e7380a 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable LDAP Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml +index a49a797d..31d622a1 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable MIME Magic' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml +index e72cd1b1..35f2881e 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable HTTP mod_rewrite' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml +index 49ddb85a..013c1e90 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Proxy Support' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml +index 59b00d06..d5ed46a4 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Server Activity Status' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml +index 3b7a1c74..43335230 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Web Server Configuration Display' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml +index 119cfb6a..cf8848f9 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Server Side Includes' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml +index b11038c3..875c149a 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable URL Correction on Misspelled Entries' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml +index 0dbde818..b0ea54ca 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable WebDAV (Distributed Authoring and Versioning)' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml +index 8389ba24..a1e675f5 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install mod_security' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +index 4fcb6742..e1802d1e 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable Transport Layer Security (TLS) Encryption' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +index 2fbe3e26..451af3fc 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure A Valid Server Certificate' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml +index f845c3e9..46eb5cf8 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Install mod_ssl' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +index 08429251..113b317d 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Require Client Certificates' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +index 65c10b74..ee0f8eda 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ extension' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +index c0a8e19c..d75e3f3f 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Installation of a compiler on production web server is prohibited' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +index 177fc6b1..7515622f 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'A private web server must be located on a separate controlled access subnet' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +index 7b93fe2d..ca9dbde3 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Public web server resources must not be shared with private assets' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +index c26a075a..79294345 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Backup interactive scripts on the production web server are prohibited' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml +index 433ce96d..56729d6b 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set httpd ServerSignature Directive to Off' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml +index af49aaeb..9aa5d9a2 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Set httpd ServerTokens Directive to Prod' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +index f885d2ce..d573f442 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure A Banner Page For Each Website' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +index b3a76b83..de57edf1 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Each Web Content Directory Must Contain An index.html File' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +index ea3b87ed..f75f9612 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Web Content Symbolic Links' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +index f84d6d5c..0773ee07 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Encrypt All File Uploads' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +index 4e519379..62902b85 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Remove .java And .jpp Files' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +index cc7c33d1..e585f723 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'The robots.txt Files Must Not Exist' + +diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +index 6d7e27f4..bd29cf0b 100644 +--- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml ++++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Ensure Web Content Located on Separate partition' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml +index d03ccdc5..420b1a6d 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Dovecot to Use the SSL Certificate file' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml +index 34c4865f..0c1a2b7b 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Dovecot to Use the SSL Key file' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml +index cd829dd8..cfedf22c 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Plaintext Authentication' + +diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml +index d88e1120..5744fe45 100644 +--- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml ++++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Enable the SSL flag in /etc/dovecot.conf' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +index 8b31a76b..30c73587 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Uninstall dovecot Package' + +diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +index d460c186..46ebf86a 100644 +--- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml ++++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable Dovecot Service' + +diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml +index d6bf12ad..892bd7bd 100644 +--- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml ++++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml +@@ -22,7 +22,7 @@ references: + ism: 0418,1055,1402 + ospp: FTP_ITC_EXT.1 + srg: SRG-OS-000120-GPOS-00061 +- stigid@rhel8: RHEL-08-010161 ++ stigid@almalinux8: RHEL-08-010161 + + ocil_clause: 'it is present on the system' + +diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +index 52efaf10..b6a8f0fb 100644 +--- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml ++++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Remove the Kerberos Server Package' + +diff --git a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +index a85ce9dd..c8551652 100644 +--- a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml ++++ b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8 ++prodtype: rhcos4,rhel7,rhel8,almalinux8 + + title: 'Uninstall 389-ds-base Package' + +diff --git a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml +index 9a86c7ab..5a8e1fda 100644 +--- a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the LDAP Client For Use in Authconfig' + +diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +index fbaef339..0e7f24c3 100644 +--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml +index 4f64afff..348ddaa5 100644 +--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure LDAP Client to Use TLS For All Transactions' + +diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml +index e05e43a9..9ea470b8 100644 +--- a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure Certificate Directives for LDAP Use of TLS' + +diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +index e5f56cb0..f368cc2b 100644 +--- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Ensure LDAP client is not installed' + +diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +index c39d7eaa..44f46747 100644 +--- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml ++++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Uninstall openldap-servers Package' + +diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +index e423e23e..5f1be867 100644 +--- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml ++++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Uninstall Sendmail Package' + +@@ -32,7 +32,7 @@ references: + nist: CM-7(a),CM-7(b),CM-6(a) + nist-csf: PR.IP-1,PR.PT-3 + srg: SRG-OS-000480-GPOS-00227,SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-040002 ++ stigid@almalinux8: RHEL-08-040002 + + {{{ complete_ocil_entry_package(package="sendmail") }}} + +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml +index f36e8751..192706bc 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml +@@ -31,7 +31,7 @@ references: + nist: CM-6(a) + nist@sle12: AU-5(a),AU-5.1(ii) + srg: SRG-OS-000046-GPOS-00022 +- stigid@rhel8: RHEL-08-030030 ++ stigid@almalinux8: RHEL-08-030030 + stigid@sle12: SLES-12-020050 + stigid@sle15: SLES-15-030580 + +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +index e1c9d00d..df00159e 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +index 2ef07dd1..13153d5d 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +index 096020ef..9c4f38a6 100644 +--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml ++++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable Postfix Network Listening' + +diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml +index e169429a..d9f0688b 100644 +--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Configure SMTP Greeting Banner' + +diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh +index 20230621..be441dc9 100644 +--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_ol,multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_ol,multi_platform_wrlinux,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + if ! grep -q ^smtpd_client_restrictions /etc/postfix/main.cf; then + echo "smtpd_client_restrictions = permit_mynetworks,reject" >> /etc/postfix/main.cf +diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +index 9b4c7656..fbb2dd34 100644 +--- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml ++++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Prevent Unrestricted Mail Relaying' + +@@ -25,7 +25,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040680 + stigid@rhel7: RHEL-07-040680 +- stigid@rhel8: RHEL-08-040290 ++ stigid@almalinux8: RHEL-08-040290 + + ocil_clause: 'it is not' + +diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +index 0906d520..b2edb453 100644 +--- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml ++++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Enable Postfix Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml +index 2524bf79..e398c312 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Network File System Lock Service (nfslock)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +index a44f0c1c..b0ed3ec0 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable rpcbind Service' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml +index 965d781c..3119d78b 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Secure RPC Client Service (rpcgssd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml +index 9dded936..672b5bdf 100644 +--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable RPC ID Mapping Service (rpcidmapd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml +index 322d5924..c93b5d14 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure lockd to use static TCP port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml +index ca67db92..a1aaad35 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure lockd to use static UDP port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml +index 7d8839f5..563cd079 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure mountd to use static port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml +index adcc2e18..c9a2bc06 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Configure statd to use static port' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml +index 73a0d70b..36a53e46 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Specify UID and GID for Anonymous NFS Connections' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +index f99879c8..6224464d 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable Network File System (nfs)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/disabled.pass.sh b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/disabled.pass.sh +index 30af5520..722a8f2e 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/disabled.pass.sh ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/disabled.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = nfs-utils + + systemctl stop nfs-server +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/enabled.fail.sh b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/enabled.fail.sh +index 8e4eee8b..db823921 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/enabled.fail.sh ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/enabled.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # packages = nfs-utils + + systemctl start nfs-server +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml +index bb5788e3..3703a84c 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Disable Secure RPC Server Service (rpcsvcgssd)' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +index 65bcba60..97f66925 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,wrlinux1019 + + title: 'Mount Remote Filesystems with Kerberos Security' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +index d63203f4..c7e60f8c 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,rhv4 ++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Mount Remote Filesystems with nodev' + +@@ -27,7 +27,7 @@ references: + nist: CM-6(a),MP-2 + nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010640 ++ stigid@almalinux8: RHEL-08-010640 + + ocil_clause: 'the setting does not show' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +index 1cf30f82..03862b9c 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Mount Remote Filesystems with noexec' + +@@ -33,7 +33,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-021021 + stigid@rhel7: RHEL-07-021021 +- stigid@rhel8: RHEL-08-010630 ++ stigid@almalinux8: RHEL-08-010630 + stigid@sle12: SLES-12-010820 + stigid@sle15: SLES-15-040170 + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +index e49d8c01..f8b49e72 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Mount Remote Filesystems with nosuid' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-021020 + stigid@rhel7: RHEL-07-021020 +- stigid@rhel8: RHEL-08-010650 ++ stigid@almalinux8: RHEL-08-010650 + stigid@sle12: SLES-12-010810 + stigid@sle15: SLES-15-040160 + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml +index daaf44ae..548c4d83 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Ensure Insecure File Locking is Not Allowed' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml +index 0978d54c..00145705 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Restrict NFS Clients to Privileged Ports' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +index 2bffffda..912a4d99 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Use Kerberos Security on All Exports' + +diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml +index c5983cbe..0f39d0ff 100644 +--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Use Root-Squashing on All Exports' + +diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +index 887320e1..3e194ea1 100644 +--- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml ++++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Uninstall nfs-utils Package' + +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +index f6c14e4f..c2a7dfc4 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +index 630d8fdc..c649ceb9 100644 +--- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Disable chrony daemon from acting as server' + +@@ -26,7 +26,7 @@ references: + disa: CCI-000381 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-030741 ++ stigid@almalinux8: RHEL-08-030741 + + ocil_clause: 'it does not exist or port is set to non-zero value' + +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +index 13f20d64..97cfbaae 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +index 6b834911..96d5c240 100644 +--- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Disable network management of chrony daemon' + +@@ -26,7 +26,7 @@ references: + disa: CCI-000381 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049 +- stigid@rhel8: RHEL-08-030742 ++ stigid@almalinux8: RHEL-08-030742 + + ocil_clause: 'it does not exist or port is set to non-zero value' + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +index b23deffb..a9e4d9ba 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_time_service_set_maxpoll") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +index 854e8e80..24d067d6 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Configure Time Service Maxpoll Interval' + +@@ -93,7 +93,7 @@ references: + srg: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144,SRG-OS-000359-GPOS-00146 + stigid@ol7: OL07-00-040500 + stigid@rhel7: RHEL-07-040500 +- stigid@rhel8: RHEL-08-030740 ++ stigid@almalinux8: RHEL-08-030740 + stigid@sle12: SLES-12-030300 + stigid@sle15: SLES-15-010400 + stigid@ubuntu2004: UBTU-20-010435 +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh +index 9add69d3..944e1865 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_multiple_time_servers") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml +index 7dc18858..7a2de3bf 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Specify Additional Remote NTP Servers' + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh +index 0a3f6364..d0e0610b 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_multiple_time_servers") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +index a97cf1a9..f285ebb4 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +index 27df8595..dd740663 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Specify a Remote NTP Server' + +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +index e60dd11e..12f4bd92 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +index bce31f0e..d85d64ec 100644 +--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml ++++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Ensure that chronyd is running under chrony user account' + +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh +index 44712c37..4bd3cd36 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh +index 50a57359..49717a28 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh +index 2eda5b94..ed3a7926 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "" > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh +index 4221c059..b27978a4 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + rm -f /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh +index 7ca6378d..69a0286e 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "some line" > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh +index d31254c6..7bb31ac7 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "server 0.pool.ntp.org" > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh +index fbe2933f..eea0c083 100644 +--- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = chrony +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + + echo "server " > /etc/chrony.conf +diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh +index c95dccf9..b07b8798 100644 +--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh ++++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + + if {{{ bash_package_installed("chrony") }}} ; then + if ! /usr/sbin/pidof ntpd ; then +diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +index 00739816..dc5def62 100644 +--- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml ++++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,ubuntu2004 + + title: 'Enable the NTP Daemon' + +diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +index b582a3d6..5ee8c663 100644 +--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Uninstall xinetd Package' + +diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +index 5583ef26..a114f271 100644 +--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Disable xinetd Service' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +index 87f57cda..a1b432ca 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Remove NIS Client' + +diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +index d36144ea..df89ad6a 100644 +--- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 + + title: 'Uninstall ypserv Package' + +diff --git a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml +index 29f66c6f..8a2e364f 100644 +--- a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable ypbind Service' + +diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +index 26b3c514..f65fd861 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +index 6917a73b..56ebbc98 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019,sle15 + + title: 'Remove Host-Based Authentication Files' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040550 + stigid@rhel7: RHEL-07-040550 +- stigid@rhel8: RHEL-08-010460 ++ stigid@almalinux8: RHEL-08-010460 + stigid@sle12: SLES-12-010410 + stigid@sle15: SLES-15-040030 + +diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +index 7354a691..9f44e331 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +index d4cc7ef2..64a86cc0 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + find /home -maxdepth 2 -type f -name .rhosts -exec rm -f '{}' \; + + if [ -f /etc/hosts.equiv ]; then +diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +index 6e902385..3a6461d6 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol + + # Identify local mounts + MOUNT_LIST=$(df --local | awk '{ print $6 }') +diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +index 545c0608..afb87693 100644 +--- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,wrlinux1019,sle15 + + title: 'Remove User Host-Based Authentication Files' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040540 + stigid@rhel7: RHEL-07-040540 +- stigid@rhel8: RHEL-08-010470 ++ stigid@almalinux8: RHEL-08-010470 + stigid@sle12: SLES-12-010400 + stigid@sle15: SLES-15-040020 + +diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +index d7d088d3..fa4b6c86 100644 +--- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,wrlinux1019 + + title: 'Uninstall rsh-server Package' + +@@ -36,7 +36,7 @@ references: + srg: SRG-OS-000095-GPOS-00049 + stigid@ol7: OL07-00-020000 + stigid@rhel7: RHEL-07-020000 +- stigid@rhel8: RHEL-08-040010 ++ stigid@almalinux8: RHEL-08-040010 + stigid@ubuntu2004: UBTU-20-010406 + + {{{ complete_ocil_entry_package(package="rsh-server") }}} +diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +index c1e7afcf..a0c8ffe0 100644 +--- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Uninstall rsh Package' + +diff --git a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml +index 136571ce..c70437bf 100644 +--- a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # potentially outdated requirement, rsh-server may not be a RHEL9 package +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Disable rexec Service' + +diff --git a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +index d6fa7eaf..e618c678 100644 +--- a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # potentially obsolete, rsh-server is not available in RHEL9 +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Disable rlogin Service' + +diff --git a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml +index 70d6cb15..7241a8d0 100644 +--- a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Disable rsh Service' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +index addfd018..13ca156c 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Ensure rsyncd service is diabled' + +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/disabled.pass.sh b/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/disabled.pass.sh +index 583d717f..9f256e72 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/disabled.pass.sh ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/disabled.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8,multi_platform_fedora,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,multi_platform_fedora,multi_platform_rhv + # packages = rsync-daemon + + systemctl stop rsyncd +diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/enabled.fail.sh b/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/enabled.fail.sh +index ce669993..bc728f24 100644 +--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/enabled.fail.sh ++++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/tests/enabled.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8,multi_platform_fedora,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8,multi_platform_fedora,multi_platform_rhv + # packages = rsync-daemon + + systemctl start rsyncd +diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +index e0667d88..bcc22345 100644 +--- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Uninstall talk-server Package' + +diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +index 592d56ce..51343ca2 100644 +--- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Uninstall talk Package' + +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +index d6e3d01f..61916185 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Uninstall telnet-server Package' + +@@ -46,7 +46,7 @@ references: + srg: SRG-OS-000095-GPOS-00049 + stigid@ol7: OL07-00-021710 + stigid@rhel7: RHEL-07-021710 +- stigid@rhel8: RHEL-08-040000 ++ stigid@almalinux8: RHEL-08-040000 + stigid@sle12: SLES-12-030000 + stigid@sle15: SLES-15-010180 + +diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +index 18f5f11a..52f99449 100644 +--- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Remove telnet Clients' + +diff --git a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +index 36dd48df..bb497e0f 100644 +--- a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Disable telnet Service' + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +index 0511b110..b2fc12a4 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Uninstall tftp-server Package' + +@@ -35,7 +35,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040700 + stigid@rhel7: RHEL-07-040700 +- stigid@rhel8: RHEL-08-040190 ++ stigid@almalinux8: RHEL-08-040190 + + {{{ complete_ocil_entry_package(package="tftp-server") }}} + +diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +index 50b22bb8..5c32712b 100644 +--- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,almalinux8,rhel9 + + title: 'Remove tftp Daemon' + +diff --git a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml +index 1d6d6c81..f9aebbf5 100644 +--- a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle15 ++prodtype: rhel7,rhel8,almalinux8,sle15 + + title: 'Disable tftp Service' + +diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml +index 359670e3..0192b27e 100644 +--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,WRLinux 1019 ++# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,WRLinux 1019 + # reboot = false + # complexity = low + # strategy = configure +diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh +index cf090191..e84f7d1d 100644 +--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,WRLinux 1019 ++# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,WRLinux 1019 + + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +index 75304d43..db6bc6c0 100644 +--- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml ++++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'Ensure tftp Daemon Uses Secure Mode' + +@@ -38,7 +38,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040720 + stigid@rhel7: RHEL-07-040720 +- stigid@rhel8: RHEL-08-040350 ++ stigid@almalinux8: RHEL-08-040350 + + ocil_clause: 'this flag is missing' + +diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml +index 07e05068..99d2c008 100644 +--- a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml ++++ b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Printer Browsing Entirely if Possible' + +diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml +index 0455776f..e37dae84 100644 +--- a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml ++++ b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Print Server Capabilities' + +diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +index dd72c6f7..00241a47 100644 +--- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml ++++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Disable the CUPS Service' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +index 4e661231..fb67f277 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Uninstall squid Package' + +diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +index f12fa6f2..0b1a4ea5 100644 +--- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml ++++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable Squid' + +diff --git a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +index 7c01c09b..89f28d22 100644 +--- a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml ++++ b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Remove the FreeRadius Server Package' + +diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +index 274a4ff6..83b062a6 100644 +--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml ++++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Enable the Hardware RNG Entropy Gatherer Service' + +@@ -23,7 +23,7 @@ references: + disa: CCI-000366 + ospp: FCS_RBG_EXT.1 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010471 ++ stigid@almalinux8: RHEL-08-010471 + + ocil_clause: 'the service is not enabled' + +diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +index b63deaa8..285c1b64 100644 +--- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml ++++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Uninstall quagga Package' + +diff --git a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml +index 8f76acc7..51dea573 100644 +--- a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml ++++ b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml +@@ -1,7 +1,7 @@ + documentation_complete: true + + # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Disable Quagga Service' + +diff --git a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +index da59b70a..c2835fba 100644 +--- a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9 ++prodtype: rhel7,rhel8,almalinux8,rhel9 + + title: 'Require Client SMB Packet Signing, if using mount.cifs' + +diff --git a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +index 1f7d56c1..4e5fb508 100644 +--- a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Install the Samba Common Package' + +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +index a6606860..f25b9504 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +index 9e1f01f5..d7d4c265 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + ###################################################################### + #By Luke "Brisk-OH" Brisk + #luke.brisk@boeing.com or luke.brisk@gmail.com +diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml +index 103130bc..77660a77 100644 +--- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Require Client SMB Packet Signing, if using smbclient' + +diff --git a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml +index 0cf80fb6..d9978cea 100644 +--- a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml ++++ b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Disable Root Access to SMB Shares' + +diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +index cd4634ac..15b48438 100644 +--- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Uninstall Samba Package' + +diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +index 41375ebd..12bf35bf 100644 +--- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml ++++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable Samba' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +index 6d30c0ea..49b44a61 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Uninstall net-snmp Package' + +diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +index 66a71f85..80ff0aab 100644 +--- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml ++++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,rhel7,rhel8,rhel9,sle15 ++prodtype: debian10,debian9,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Disable snmpd Service' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh +index 084c8934..c38f2b92 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + if grep -s "rwuser" /etc/snmp/snmpd.conf | grep -qv "^#"; then + sed -i "/^\s*#/b;/rwuser/ s/^/#/" /etc/snmp/snmpd.conf +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +index 6e3dd2c4..455f9912 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8 ++prodtype: fedora,rhel7,rhel8,almalinux8 + + title: 'Ensure SNMP Read Write is disabled' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +index 4e4f24f3..76e256fe 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,WRLinux 1019 ++# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,WRLinux 1019 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +index 4271bdc3..abbe006b 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,WRLinux 1019 ++# platform = debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,WRLinux 1019 + + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml +index 19775b8c..dc6e7d8e 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Ensure Default SNMP Password Is Not Used' + +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +index 789f2264..ef5b6e8d 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhel9 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9 + + title: 'Configure SNMP Service to Use Only SNMPv3 or Newer' + +diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +index 7cf916d7..efb01b6d 100644 +--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Group Who Owns SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +index 5b833370..fb924e19 100644 +--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Owner on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +index 60783301..3a61e051 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Verify Permissions on SSH Server config file' + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +index 4ea47383..b9afa0aa 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +@@ -39,7 +39,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040420 + stigid@rhel7: RHEL-07-040420 +- stigid@rhel8: RHEL-08-010490 ++ stigid@almalinux8: RHEL-08-010490 + stigid@sle12: SLES-12-030220 + stigid@sle15: SLES-15-040250 + +diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +index a5ceac0e..3a777473 100644 +--- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml ++++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +@@ -34,7 +34,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040410 + stigid@rhel7: RHEL-07-040410 +- stigid@rhel8: RHEL-08-010480 ++ stigid@almalinux8: RHEL-08-010480 + stigid@sle12: SLES-12-030210 + stigid@sle15: SLES-15-040240 + +diff --git a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml +index d49b5e58..a948b56c 100644 +--- a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml ++++ b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8 ++prodtype: rhel7,rhel8,almalinux8 + + title: 'Remove SSH Server firewalld Firewall exception (Unusual)' + +diff --git a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +index d90a6482..791df38c 100644 +--- a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml ++++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhel9 ++prodtype: ol8,rhel8,almalinux8,rhel9 + + title: 'Install OpenSSH client software' + +diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +index b551f08f..ae59870d 100644 +--- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml ++++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +@@ -30,7 +30,7 @@ references: + srg: SRG-OS-000423-GPOS-00187,SRG-OS-000424-GPOS-00188,SRG-OS-000425-GPOS-00189,SRG-OS-000426-GPOS-00190 + stigid@ol7: OL07-00-040300 + stigid@rhel7: RHEL-07-040300 +- stigid@rhel8: RHEL-08-040159 ++ stigid@almalinux8: RHEL-08-040159 + stigid@ubuntu2004: UBTU-20-010042 + + ocil_clause: 'the package is not installed' +diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +index ac4bb8e4..55a512b3 100644 +--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml ++++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Enable the OpenSSH Service' + +@@ -40,7 +40,7 @@ references: + srg: SRG-OS-000423-GPOS-00187,SRG-OS-000423-GPOS-00188,SRG-OS-000423-GPOS-00189,SRG-OS-000423-GPOS-00190 + stigid@ol7: OL07-00-040310 + stigid@rhel7: RHEL-07-040310 +- stigid@rhel8: RHEL-08-040160 ++ stigid@almalinux8: RHEL-08-040160 + stigid@sle12: SLES-12-030100 + stigid@sle15: SLES-15-010530 + stigid@ubuntu2004: UBTU-20-010042 +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml +index f43f92c2..bba72681 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8,rhcos4 ++prodtype: ol8,rhel8,almalinux8,rhcos4 + + title: 'Configure session renegotiation for SSH client' + +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml +index 1c878701..be1bff4c 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh +index f29280fb..f2d7c156 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + # put line into the file + echo "setenv SSH_USE_STRONG_RNG 32" > /etc/profile.d/cc-ssh-strong-rng.csh +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml +index cbd17bf0..6b50d0a8 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,almalinux8 + + title: 'SSH client uses strong entropy to seed (for CSH like shells)' + +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml +index 29c64602..1be957f9 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh +index 4a166356..24a426a5 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + # put line into the file + echo "export SSH_USE_STRONG_RNG=32" > /etc/profile.d/cc-ssh-strong-rng.sh +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml +index 53728a2b..6021e093 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,almalinux8 + + title: 'SSH client uses strong entropy to seed (Bash-like shells)' + +diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +index 5a97f74d..104b27f3 100644 +--- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml +index 2553a4d2..034183d2 100644 +--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + # reboot = false + # complexity = low + # strategy = configure +diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +index 4945d060..050ce57c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Enable SSH Server firewalld Firewall Exception' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +index 39102e5d..2dcfeeb0 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +index 590e96d1..b310e547 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +index f8d422c6..aafcd046 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +index 408c97d4..108868fc 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml +index 672bcabd..bf25eb57 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml +@@ -39,7 +39,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040470 + stigid@rhel7: RHEL-07-040470 +- stigid@rhel8: RHEL-08-010510 ++ stigid@almalinux8: RHEL-08-010510 + stigid@sle12: SLES-12-030250 + stigid@sle15: SLES-15-040280 + vmmsrg: SRG-OS-000480-VMM-002000 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml +index 8100b685..a4ec7a24 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml +@@ -47,7 +47,7 @@ references: + srg: SRG-OS-000106-GPOS-00053,SRG-OS-000480-GPOS-00229,SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-010300 + stigid@rhel7: RHEL-07-010300 +- stigid@rhel8: RHEL-08-020330 ++ stigid@almalinux8: RHEL-08-020330 + stigid@sle12: SLES-12-030150 + stigid@sle15: SLES-15-040440 + stigid@ubuntu2004: UBTU-20-010047 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml +index 2134da28..e980b9e1 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml +@@ -36,7 +36,7 @@ references: + srg: SRG-OS-000364-GPOS-00151,SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040430 + stigid@rhel7: RHEL-07-040430 +- stigid@rhel8: RHEL-08-010522 ++ stigid@almalinux8: RHEL-08-010522 + vmmsrg: SRG-OS-000480-VMM-002000 + + ocil_clause: 'it is commented out or is not disabled' +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml +index 5f585d6c..40d0424e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml +@@ -37,7 +37,7 @@ references: + srg: SRG-OS-000364-GPOS-00151,SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040440 + stigid@rhel7: RHEL-07-040440 +- stigid@rhel8: RHEL-08-010521 ++ stigid@almalinux8: RHEL-08-010521 + vmmsrg: SRG-OS-000480-VMM-002000 + + ocil_clause: 'it is commented out or is not disabled' +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +index 228a1166..6ba91af4 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +index 319ec5cb..93a302d8 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +index 9993d5f8..692ac40c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +@@ -47,7 +47,7 @@ references: + srg: SRG-OS-000109-GPOS-00056,SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040370 + stigid@rhel7: RHEL-07-040370 +- stigid@rhel8: RHEL-08-010550 ++ stigid@almalinux8: RHEL-08-010550 + stigid@sle12: SLES-12-030140 + stigid@sle15: SLES-15-020040 + vmmsrg: SRG-OS-000480-VMM-002000 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml +index 027fc4e7..1756277e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml +@@ -39,7 +39,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040380 + stigid@rhel7: RHEL-07-040380 +- stigid@rhel8: RHEL-08-010520 ++ stigid@almalinux8: RHEL-08-010520 + stigid@sle12: SLES-12-030200 + stigid@sle15: SLES-15-040230 + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +index 3feaa9d6..95457e1d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +@@ -41,7 +41,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040710 + stigid@rhel7: RHEL-07-040710 +- stigid@rhel8: RHEL-08-040340 ++ stigid@almalinux8: RHEL-08-040340 + stigid@sle15: SLES-15-040290 + stigid@ubuntu2004: UBTU-20-010048 + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +index 791ff49a..383141d3 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +@@ -41,7 +41,7 @@ references: + srg: SRG-OS-000480-GPOS-00229 + stigid@ol7: OL07-00-010460 + stigid@rhel7: RHEL-07-010460 +- stigid@rhel8: RHEL-08-010830 ++ stigid@almalinux8: RHEL-08-010830 + stigid@sle12: SLES-12-030151 + stigid@sle15: SLES-15-040440 + stigid@ubuntu2004: UBTU-20-010047 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml +index dc8ef0d9..dc19af07 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml +@@ -37,7 +37,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040450 + stigid@rhel7: RHEL-07-040450 +- stigid@rhel8: RHEL-08-010500 ++ stigid@almalinux8: RHEL-08-010500 + stigid@sle12: SLES-12-030230 + stigid@sle15: SLES-15-040260 + vmmsrg: SRG-OS-000480-VMM-002000 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml +index c50c8d69..6a0332cf 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml +@@ -43,7 +43,7 @@ references: + srg: SRG-OS-000023-GPOS-00006,SRG-OS-000024-GPOS-00007,SRG-OS-000228-GPOS-00088 + stigid@ol7: OL07-00-040170 + stigid@rhel7: RHEL-07-040170 +- stigid@rhel8: RHEL-08-010040 ++ stigid@almalinux8: RHEL-08-010040 + stigid@sle12: SLES-12-030050 + stigid@sle15: SLES-15-010040 + vmmsrg: SRG-OS-000023-VMM-000060,SRG-OS-000024-VMM-000070 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml +index 80e9d455..5231e81b 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml +@@ -33,7 +33,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040360 + stigid@rhel7: RHEL-07-040360 +- stigid@rhel8: RHEL-08-020350 ++ stigid@almalinux8: RHEL-08-020350 + stigid@sle12: SLES-12-030130 + stigid@sle15: SLES-15-020120 + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml +index 5a2d154d..0b065076 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml +@@ -24,7 +24,7 @@ references: + disa: CCI-000068 + ospp: FCS_SSHS_EXT.1 + srg: SRG-OS-000480-GPOS-00227,SRG-OS-000033-GPOS-00014 +- stigid@rhel8: RHEL-08-040161 ++ stigid@almalinux8: RHEL-08-040161 + + ocil_clause: 'it is commented out or is not set' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh +index b9834e6d..8b86e146 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_ospp + + sed -e '/RekeyLimit/d' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +index 5b54ab89..4213bc15 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +index 5a442550..6c5e8548 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +@@ -53,7 +53,7 @@ references: + srg: SRG-OS-000126-GPOS-00066,SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109,SRG-OS-000395-GPOS-00175 + stigid@ol7: OL07-00-040320 + stigid@rhel7: RHEL-07-040320 +- stigid@rhel8: RHEL-08-010201 ++ stigid@almalinux8: RHEL-08-010201 + stigid@sle12: SLES-12-030190 + stigid@sle15: SLES-15-010280 + stigid@ubuntu2004: UBTU-20-010037 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml +index b280e21e..8e1c1810 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh +index 19b14c14..6f9fb212 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml +index 3ce782bc..a02c1194 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml +@@ -50,7 +50,7 @@ references: + srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109 + stigid@ol7: OL07-00-040340 + stigid@rhel7: RHEL-07-040340 +- stigid@rhel8: RHEL-08-010200 ++ stigid@almalinux8: RHEL-08-010200 + stigid@sle12: SLES-12-030191 + stigid@sle15: SLES-15-010320 + vmmsrg: SRG-OS-000480-VMM-002000 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +index 16e31302..71125a8d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +index 2451c164..67e21b52 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh +index 4cc6d659..5e911b46 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + # profiles = xccdf_org.ssgproject.content_profile_cis +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + #!/bin/bash + SSHD_CONFIG="/etc/ssh/sshd_config" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh +index bc0c4784..3b775739 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + # profiles = xccdf_org.ssgproject.content_profile_cis +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + #!/bin/bash + SSHD_CONFIG="/etc/ssh/sshd_config" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +index 46a31548..0250b71d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle12,ubuntu2004,wrlinux1019,wrlinux8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,ubuntu2004,wrlinux1019,wrlinux8 + + title: 'Use Only FIPS 140-2 Validated Ciphers' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +index 821b0ae0..b437a257 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle12,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,ubuntu2004,wrlinux1019 + + title: 'Use Only FIPS 140-2 Validated MACs' + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +index 798c4043..322c83cd 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config + echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +index 19faca73..22bf6bdc 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +index 77330241..c5adffff 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config + echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +index 8d33596e..beafbd6d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel,multi_platform_fedora ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora + + sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +index bd9c5fbe..32f49012 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +@@ -2,7 +2,7 @@ documentation_complete: true + + # TODO: The plan is not to need this for RHEL>=8.4 + # TODO: Compliant setting is SSH_USE_STRONG_RNG set to 32 or more +-prodtype: ol8,rhel8 ++prodtype: ol8,rhel8,almalinux8 + + title: 'SSH server uses strong entropy to seed' + +@@ -27,7 +27,7 @@ references: + disa: CCI-000366 + ospp: FCS_RBG_EXT.1.2 + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-010292 ++ stigid@almalinux8: RHEL-08-010292 + + ocil: |- + To determine whether the SSH service is configured to use strong entropy seed, +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh +index f4f8c22f..1884e87d 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + echo 'SSH_USE_STRONG_RNG=1' > /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh +index 70f53ac2..54420303 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + echo 'SSH_USE_STRONG_RNG=32' > /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh +index 1e5f0b29..bb5137b2 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + rm -f /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh +index a10d24a7..d0b4e3a9 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + echo 'SSH_USE_STRONG_RNG="32"' > /etc/sysconfig/sshd +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +index 93b612c6..b0e4f6a7 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12,ubuntu2004 + + title: 'Prevent remote hosts from connecting to the proxy display' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040711 + stigid@rhel7: RHEL-07-040711 +- stigid@rhel8: RHEL-08-040341 ++ stigid@almalinux8: RHEL-08-040341 + stigid@sle12: SLES-12-030261 + stigid@ubuntu2004: UBTU-20-010049 + +diff --git a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml +index ec0cf86d..dce874ce 100644 +--- a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml ++++ b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install sssd-ipa Package' + +diff --git a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml +index 0b683c07..8ab70a39 100644 +--- a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml ++++ b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Install the SSSD Package' + +diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml +index 123d5ee0..8806239f 100644 +--- a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml ++++ b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Enable the SSSD Service' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml +index 01a2cdb1..c2cb1cbf 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client CA Certificate' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +index 202fc7f4..711cc57c 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +index 614f597e..1c617584 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml +index 430f0e65..c78b10d6 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client CA Certificate Location' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +index 891b3e2f..6cb0bce2 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +index 62c2febc..ce073f12 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml +index 4b9636fb..46b8d977 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server' + +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +index b38bc41f..33c5c903 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +index 805f7ad3..6046494d 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml +index 1f48dc7e..4872f285 100644 +--- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml ++++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 + + title: 'Configure SSSD LDAP Backend to Use TLS For All Transactions' + +diff --git a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml +index 67c02f4f..28d15851 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,almalinux8 + + title: 'Enable Certmap in SSSD' + +@@ -29,7 +29,7 @@ references: + disa: CCI-000187 + nist: IA-5 (2) (c) + srg: SRG-OS-000068-GPOS-00036 +- stigid@rhel8: RHEL-08-020090 ++ stigid@almalinux8: RHEL-08-020090 + + warnings: + - general: |- +diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +index 680ad113..fe5ace89 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +index 984ee37a..dcc31030 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure PAM in SSSD Services' + +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +index 010b4b87..03e87e16 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh +index ddd141f0..ee070eb3 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +index a3a8c636..4a55e1dc 100644 +--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,rhcos4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,rhcos4 + + title: 'Enable Smartcards in SSSD' + +@@ -38,7 +38,7 @@ references: + disa: CCI-001954,CCI-000765 + ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 + srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052 +- stigid@rhel8: RHEL-08-020250 ++ stigid@almalinux8: RHEL-08-020250 + vmmsrg: SRG-OS-000107-VMM-000530 + + ocil_clause: 'smart cards are not enabled in SSSD' +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +index 7cfba003..fb36bb09 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +index 8bc689da..e697f252 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml +index ae98eb6e..ef2e1802 100644 +--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 + + title: 'Configure SSSD''s Memory Cache to Expire' + +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +index ebdf0136..73916d8d 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +index 8a20f0c5..42987796 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +index 56996e52..fb9c327b 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004 + + title: 'Configure SSSD to Expire Offline Credentials' + +@@ -37,7 +37,7 @@ references: + nist: CM-6(a),IA-5(13) + nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 + srg: SRG-OS-000383-GPOS-00166 +- stigid@rhel8: RHEL-08-020290 ++ stigid@almalinux8: RHEL-08-020290 + stigid@sle12: SLES-12-010680 + stigid@sle15: SLES-15-010500 + stigid@ubuntu2004: UBTU-20-010441 +diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +index 12ad20b8..1a2df72e 100644 +--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + + found=false + for f in /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf; do +diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml +index b5e841d8..35dc3d00 100644 +--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhcos4,ol8,rhel8 ++prodtype: fedora,rhcos4,ol8,rhel8,almalinux8 + + title: 'Configure SSSD to run as user sssd' + +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +index 5bbe0ece..58a41ada 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +index e957d1c6..baadbdef 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml +index 9390dfd4..18970027 100644 +--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 + + title: 'Configure SSSD to Expire SSH Known Hosts' + +diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml +index a1e83870..e097b6be 100644 +--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml +@@ -1,3 +1,3 @@ + --- +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + {{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}} +diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +index 59ca09ef..c9c0a141 100644 +--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml ++++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Log USBGuard daemon audit events using Linux Audit' + +@@ -25,7 +25,7 @@ references: + disa: CCI-000169 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000062-GPOS-00031 +- stigid@rhel8: RHEL-08-030603 ++ stigid@almalinux8: RHEL-08-030603 + + ocil_clause: 'AuditBackend is not set to LinuxAudit' + +diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml +index d9ea0648..03256e44 100644 +--- a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +index 19ef8aac..e5b47db3 100644 +--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml ++++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Install usbguard Package' + +@@ -48,7 +48,7 @@ references: + disa: CCI-001958 + ism: "1418" + srg: SRG-OS-000378-GPOS-00163 +- stigid@rhel8: RHEL-08-040139 ++ stigid@almalinux8: RHEL-08-040139 + + ocil_clause: 'the package is not installed' + +diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml +index 9f1c7879..de556cd5 100644 +--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + metadata: +diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +index 4f008129..1a9fdfed 100644 +--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml ++++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Enable the USBGuard Service' + +@@ -27,7 +27,7 @@ references: + nist: CM-8(3)(a),IA-3 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000378-GPOS-00163 +- stigid@rhel8: RHEL-08-040141 ++ stigid@almalinux8: RHEL-08-040141 + + ocil_clause: 'the service is not enabled' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +index 35039ee7..d04b9090 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Authorize Human Interface Devices in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml +index 03825010..b072e299 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + {{% macro usbguard_hid_and_hub_config_source() %}} + allow with-interface match-all { 03:*:* 09:00:* } + {{%- endmacro -%}} +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +index d16d0092..af44407c 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +index d0e11ad2..31033934 100644 +--- a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Authorize USB hubs in USBGuard daemon' + +diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml +index 3ff0d386..ee971e2e 100644 +--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml ++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh +index d3fe0650..794f1be9 100644 +--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh ++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml +index ca42efc0..c092e7cb 100644 +--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml ++++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'Generate USBGuard Policy' + +@@ -26,7 +26,7 @@ references: + nist: CM-8(3)(a),IA-3 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000378-GPOS-00163 +- stigid@rhel8: RHEL-08-040140 ++ stigid@almalinux8: RHEL-08-040140 + + ocil_clause: '/etc/usbguard/rules.conf does not exist or is empty' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +index 6e739d21..d8bd59f2 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Remove the X Windows Package Group' + +@@ -9,7 +9,7 @@ description: |- + installed. If X Windows is not installed then the system cannot boot into graphical user mode. + This prevents the system from being accidentally or maliciously booted into a graphical.target + mode. To do so, run the following command: +- {{%- if product == "rhel8" or product == "rhv4" -%}} ++ {{%- if product == "rhel8" or product == "rhv4" or product == "almalinux8" -%}} + 
$ sudo {{{ pkg_manager }}} groupremove base-x
+ {{%- else %}} + 
$ sudo {{{ pkg_manager }}} groupremove "X Window System"
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml +index 5b3afb32..49d06563 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +index 935766db..7987f10f 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Disable graphical user interface' + +@@ -47,7 +47,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040730 + stigid@rhel7: RHEL-07-040730 +- stigid@rhel8: RHEL-08-040320 ++ stigid@almalinux8: RHEL-08-040320 + + ocil_clause: 'xorg related packages are not removed and run level is not correctly configured' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh +index 14f1a97b..fe071168 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_correct_target.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils,xorg-x11-server-Xwayland + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh +index c678ef71..5b835c55 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/tests/rhel8_packages_installed_wrong_target.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + # packages = xorg-x11-server-Xorg,xorg-x11-server-common,xorg-x11-server-utils,xorg-x11-server-Xwayland + + systemctl set-default graphical.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml +index 7c3ef557..fbf7bcec 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +index de0e359a..1afa0d74 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 + + title: 'Disable X Windows Startup By Setting Default Target' + +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +index f7837a25..232f3740 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + systemctl set-default multi-user.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +index dc698edc..bd52c73a 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +index 5a20e8ce..5c80ef64 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + systemctl set-default graphical.target +diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh +index 408409b9..3cc5a7b9 100644 +--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh ++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +index 4f6d64fd..3c980eea 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +index f6d5f160..3f901f27 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +index 185b8246..e08e5d5f 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Modify the System Login Banner' + +@@ -106,7 +106,7 @@ references: + srg: SRG-OS-000023-GPOS-00006,SRG-OS-000024-GPOS-00007 + stigid@ol7: OL07-00-010050 + stigid@rhel7: RHEL-07-010050 +- stigid@rhel8: RHEL-08-010060 ++ stigid@almalinux8: RHEL-08-010060 + stigid@sle12: SLES-12-010030 + stigid@sle15: SLES-15-010020 + vmmsrg: SRG-OS-000023-VMM-000060,SRG-OS-000024-VMM-000070 +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +index 2c645889..ab68929b 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +index 4a3844a7..bf49e397 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +index bb74c68d..ad43307f 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 + + title: 'Modify the System Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +index 01c1244d..0543798a 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,ubuntu2004,wrlinux1019 + + title: 'Verify Group Ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +index 983c0b60..f8a6cee2 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,ubuntu2004,wrlinux1019 + + title: 'Verify Group Ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +index d73943a2..4095965a 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,ubuntu2004,wrlinux1019 + + title: 'Verify ownership of System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +index 9a05169c..e703f8e1 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,ubuntu2004,wrlinux1019 + + title: 'Verify ownership of Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +index cc7ab4b5..0e82ddd2 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Verify permissions on System Login Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +index ee01ebf3..92b16e2a 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Verify permissions on Message of the Day Banner' + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +index 5814a30b..aa4aa4c5 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +index b6ba3edc..a4d11762 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Enable GNOME3 Login Warning Banner' + +@@ -54,7 +54,7 @@ references: + srg: SRG-OS-000023-GPOS-00006,SRG-OS-000024-GPOS-00007,SRG-OS-000228-GPOS-00088 + stigid@ol7: OL07-00-010030 + stigid@rhel7: RHEL-07-010030 +- stigid@rhel8: RHEL-08-010049 ++ stigid@almalinux8: RHEL-08-010049 + stigid@sle12: SLES-12-010040 + stigid@sle15: SLES-15-010080 + stigid@ubuntu2004: UBTU-20-010002 +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +index 86aff54f..b295782b 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = unknown + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh +index d15a814e..f914cdf0 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_sle + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("login_banner_text") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +index 2a58d096..10e69440 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Set the GNOME3 Login Warning Banner Text' + +@@ -52,7 +52,7 @@ references: + srg: SRG-OS-000023-GPOS-00006,SRG-OS-000024-GPOS-00007,SRG-OS-000228-GPOS-00088 + stigid@ol7: OL07-00-010040 + stigid@rhel7: RHEL-07-010040 +- stigid@rhel8: RHEL-08-010050 ++ stigid@almalinux8: RHEL-08-010050 + stigid@sle12: SLES-12-010050 + stigid@sle15: SLES-15-010090 + stigid@ubuntu2004: UBTU-20-010003 +diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh +index 4f31757c..0ed60e11 100644 +--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8 + # profiles = xccdf_org.ssgproject.content_profile_stig + # packages = dconf,gdm + +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml +index 7184cb2f..7da232a4 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml +@@ -4,7 +4,7 @@ + {{% set pam_lastlog_filename = "postlogin" %}} + {{% endif %}} + +-# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +index f39293d6..41cd9809 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +@@ -3,7 +3,7 @@ + {{% else %}} + {{% set pam_lastlog_path = "/etc/pam.d/postlogin" %}} + {{% endif %}} +-# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + + ensure_pam_module_options '{{{ pam_lastlog_path }}}' 'session' 'required' 'pam_lastlog.so' 'showfailed' "" "" +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +index e8403af7..32ea4dff 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +@@ -47,7 +47,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-040530 + stigid@rhel7: RHEL-07-040530 +- stigid@rhel8: RHEL-08-020340 ++ stigid@almalinux8: RHEL-08-020340 + stigid@sle12: SLES-12-010390 + stigid@sle15: SLES-15-020080 + stigid@ubuntu2004: UBTU-20-010453 +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh +index 73500d38..90c6989b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + rm -f /etc/pam.d/postlogin + echo "session required pam_lastlog.so showfailed" >> /etc/pam.d/postlogin +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/default_config.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/default_config.fail.sh +index 0a732124..87afb9f2 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/default_config.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/default_config.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + rm -f /etc/pam.d/postlogin + +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh +index 319fdefa..49a5a712 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + rm -f /etc/pam.d/postlogin + # pamd ansible module has a bug that if there is only one line in the file it raises an Out of Index exception +diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value_silent.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value_silent.fail.sh +index 8a1791e9..7b618636 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value_silent.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/wrong_value_silent.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + + rm -f /etc/pam.d/postlogin + # pamd ansible module has a bug that if there is only one line in the file it raises an Out of Index exception +diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml +index bd7ad0c9..b11a08e0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh +index b1d8a452..ed798c23 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then + echo "session required pam_namespace.so" >> "/etc/pam.d/login" + fi +diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml +index c21c1cb8..e663f820 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: Set Up a Private Namespace in PAM Configuration + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml +index 8b004c12..a2f505b5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh +index 2d2b50f1..46bc9fde 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +index 62b6f55e..0fb9273f 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Limit Password Reuse: password-auth' + +@@ -41,7 +41,7 @@ references: + srg: SRG-OS-000077-GPOS-00045 + stigid@ol7: OL07-00-010270 + stigid@rhel7: RHEL-07-010270 +- stigid@rhel8: RHEL-08-020220 ++ stigid@almalinux8: RHEL-08-020220 + vmmsrg: SRG-OS-000077-VMM-000440 + + ocil_clause: |- +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_argument_missing.fail.sh +index 773e68ea..b462705c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_argument_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_argument_missing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + # variables = var_password_pam_remember_control_flag=required + # packages = pam + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_correct_value.pass.sh +index 89f88502..a9d6d878 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + # variables = var_password_pam_remember_control_flag=required + # packages = pam + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_wrong_value.fail.sh +index 148a4519..93a4e361 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/rhel8_wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + # variables = var_password_pam_remember_control_flag=required + # packages = pam + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml +index 57394231..610fd9e6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh +index 2ccc2024..15561950 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +index 8cc56eb8..c7a1d0da 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Limit Password Reuse: system-auth' + +@@ -41,7 +41,7 @@ references: + srg: SRG-OS-000077-GPOS-00045 + stigid@ol7: OL07-00-010270 + stigid@rhel7: RHEL-07-010270 +- stigid@rhel8: RHEL-08-020220 ++ stigid@almalinux8: RHEL-08-020220 + vmmsrg: SRG-OS-000077-VMM-000440 + + ocil_clause: |- +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_argument_missing.fail.sh +index e8f36c8d..0d23f6c6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_argument_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_argument_missing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + # variables = var_password_pam_remember_control_flag=required + # packages = pam + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_correct_value.pass.sh +index 6aee4cd7..1c489449 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + # variables = var_password_pam_remember_control_flag=required + # packages = pam + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_wrong_value.fail.sh +index 2bf4eebf..bb6d67c1 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/rhel8_wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + # variables = var_password_pam_remember_control_flag=required + # packages = pam + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +index dcaff8a5..abdaed66 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +index e0dabe67..543d2e2c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_remember") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +index a2b66fc4..5fd4bcd2 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Limit Password Reuse' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/argument_missing.fail.sh +index c8993ef2..ade70b89 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/argument_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/argument_missing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux ++# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux + + for auth_file in system-auth password-auth + do +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_correct_value.pass.sh +index 3f37257c..518883a6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + remember_cnt=5 + for auth_file in system-auth password-auth +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_wrong_value.fail.sh +index 86ec2380..d349b1a3 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/rhel8_wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + remember_cnt=3 + for auth_file in system-auth password-auth +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +index 0622ae76..8359d1fa 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +index 3157d341..9af8913c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +index 141f4c5b..1baa8f5e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 + + title: 'Set Deny For Failed Password Attempts' + +@@ -49,7 +49,7 @@ references: + srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005 + stigid@ol7: OL07-00-010320 + stigid@rhel7: RHEL-07-010320 +- stigid@rhel8: RHEL-08-020010 ++ stigid@almalinux8: RHEL-08-020010 + vmmsrg: SRG-OS-000021-VMM-000050 + + ocil_clause: 'that is not the case' +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +index d81d8d87..28148b44 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +index d43c33d2..57b4374d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + AUTH_FILES[0]="/etc/pam.d/system-auth" + AUTH_FILES[1]="/etc/pam.d/password-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +index 25dfb328..90ec1676 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 + + title: 'Configure the root Account for Failed Password Attempts' + +@@ -46,7 +46,7 @@ references: + srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005 + stigid@ol7: OL07-00-010330 + stigid@rhel7: RHEL-07-010330 +- stigid@rhel8: RHEL-08-020022 ++ stigid@almalinux8: RHEL-08-020022 + + ocil_clause: 'that is not the case' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +index 5aec848f..cadf5993 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,almalinux8,rhel9 + + title: 'Enforce pam_faillock for Local Accounts Only' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +index 96adcef6..b158fee5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +index 87310288..8b7a7bdd 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # include our remediation functions library + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +index 1df46bd4..601cec5d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Set Interval For Counting Failed Password Attempts' + +@@ -54,7 +54,7 @@ references: + srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005 + stigid@ol7: OL07-00-010320 + stigid@rhel7: RHEL-07-010320 +- stigid@rhel8: RHEL-08-020012 ++ stigid@almalinux8: RHEL-08-020012 + vmmsrg: SRG-OS-000021-VMM-000050 + + ocil_clause: 'fail_interval is less than the required value' +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +index db44ce4f..329103e5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +index 7e36721d..4561783d 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +index ea8c8fea..9ca6071b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Set Lockout Time for Failed Password Attempts' + +@@ -52,7 +52,7 @@ references: + srg: SRG-OS-000329-GPOS-00128,SRG-OS-000021-GPOS-00005 + stigid@ol7: OL07-00-010320 + stigid@rhel7: RHEL-07-010320 +- stigid@rhel8: RHEL-08-020014 ++ stigid@almalinux8: RHEL-08-020014 + vmmsrg: SRG-OS-000329-VMM-001180 + + ocil_clause: 'unlock_time is less than the expected value' +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +index 8dad49f0..3ff43ace 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' + +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000071-GPOS-00039 + stigid@ol7: OL07-00-010140 + stigid@rhel7: RHEL-07-010140 +- stigid@rhel8: RHEL-08-020130 ++ stigid@almalinux8: RHEL-08-020130 + stigid@ubuntu2004: UBTU-20-010052 + vmmsrg: SRG-OS-000071-VMM-000380 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +index d0d4b8c5..eca44d53 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,ubuntu2004 ++prodtype: fedora,rhel8,almalinux8,ubuntu2004 + + title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words' + +@@ -28,7 +28,7 @@ references: + disa: CCI-000366 + nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4) + srg: SRG-OS-000480-GPOS-00225 +- stigid@rhel8: RHEL-08-020300 ++ stigid@almalinux8: RHEL-08-020300 + stigid@ubuntu2004: UBTU-20-010056 + + ocil_clause: 'dictcheck is not found or not equal to the required value' +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +index d601c53e..8fbefbb6 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters' + +@@ -47,7 +47,7 @@ references: + srg: SRG-OS-000072-GPOS-00040 + stigid@ol7: OL07-00-010160 + stigid@rhel7: RHEL-07-010160 +- stigid@rhel8: RHEL-08-020170 ++ stigid@almalinux8: RHEL-08-020170 + stigid@ubuntu2004: UBTU-20-010053 + vmmsrg: SRG-OS-000072-VMM-000390 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +index ae762335..9fb6286e 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,almalinux8,rhel9 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +index 33dcaf08..7fe6101a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9 ++prodtype: fedora,rhel8,almalinux8,rhel9 + + title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +index 0f00a166..cb287eb0 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' + +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000070-GPOS-00038 + stigid@ol7: OL07-00-010130 + stigid@rhel7: RHEL-07-010130 +- stigid@rhel8: RHEL-08-020120 ++ stigid@almalinux8: RHEL-08-020120 + stigid@ubuntu2004: UBTU-20-010051 + vmmsrg: SRG-OS-000070-VMM-000370 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +index 1d53a714..e537640a 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class' + +@@ -39,7 +39,7 @@ references: + srg: SRG-OS-000072-GPOS-00040 + stigid@ol7: OL07-00-010190 + stigid@rhel7: RHEL-07-010190 +- stigid@rhel8: RHEL-08-020140 ++ stigid@almalinux8: RHEL-08-020140 + + ocil_clause: 'that is not the case' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +index 9855b104..05b877ac 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Set Password Maximum Consecutive Repeating Characters' + +@@ -41,7 +41,7 @@ references: + srg: SRG-OS-000072-GPOS-00040 + stigid@ol7: OL07-00-010180 + stigid@rhel7: RHEL-07-010180 +- stigid@rhel8: RHEL-08-020150 ++ stigid@almalinux8: RHEL-08-020150 + + ocil_clause: 'maxrepeat is not found or not greater than or equal to the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +index 35b4e357..9a719b34 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' + +@@ -57,7 +57,7 @@ references: + srg: SRG-OS-000072-GPOS-00040 + stigid@ol7: OL07-00-010170 + stigid@rhel7: RHEL-07-010170 +- stigid@rhel8: RHEL-08-020160 ++ stigid@almalinux8: RHEL-08-020160 + + ocil_clause: 'minclass is not found or not set equal to or greater than the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +index db404151..6644947c 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Length' + +@@ -47,7 +47,7 @@ references: + srg: SRG-OS-000078-GPOS-00046 + stigid@ol7: OL07-00-010280 + stigid@rhel7: RHEL-07-010280 +- stigid@rhel8: RHEL-08-020230 ++ stigid@almalinux8: RHEL-08-020230 + stigid@ubuntu2004: UBTU-20-010054 + vmmsrg: SRG-OS-000072-VMM-000390,SRG-OS-000078-VMM-000450 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +index 34614935..241f3bc3 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' + +@@ -49,7 +49,7 @@ references: + srg: SRG-OS-000266-GPOS-00101 + stigid@ol7: OL07-00-010150 + stigid@rhel7: RHEL-07-010150 +- stigid@rhel8: RHEL-08-020280 ++ stigid@almalinux8: RHEL-08-020280 + stigid@ubuntu2004: UBTU-20-010055 + vmmsrg: SRG-OS-000266-VMM-000940 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +index d4017ce6..d0e015ab 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +index 36ef711c..ae7be267 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' + +@@ -43,7 +43,7 @@ references: + srg: SRG-OS-000480-GPOS-00225,SRG-OS-000069-GPOS-00037 + stigid@ol7: OL07-00-010119 + stigid@rhel7: RHEL-07-010119 +- stigid@rhel8: RHEL-08-020100 ++ stigid@almalinux8: RHEL-08-020100 + stigid@ubuntu2004: UBTU-20-010057 + + ocil_clause: 'it is not the required value' +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_argument_missing.fail.sh +index fb3acb2b..20f3d945 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_argument_missing.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_argument_missing.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + for auth_file in system-auth password-auth + do +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_correct_value.pass.sh +index d6f07df7..5c4b5569 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + retry_cnt=3 + for auth_file in system-auth password-auth +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_wrong_value.fail.sh +index f4988fa1..d94dfaaf 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/rhel8_wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + retry_cnt=7 + for auth_file in system-auth password-auth +diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +index 2a3bb9e1..18b8b205 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' + +@@ -45,7 +45,7 @@ references: + srg: SRG-OS-000069-GPOS-00037 + stigid@ol7: OL07-00-010120 + stigid@rhel7: RHEL-07-010120 +- stigid@rhel8: RHEL-08-020110 ++ stigid@almalinux8: RHEL-08-020110 + stigid@ubuntu2004: UBTU-20-010050 + vmmsrg: SRG-OS-000069-VMM-000360 + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +index f0b884d9..59e66c07 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +index f929a6e9..9145de3b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + LIBUSER_CONF="/etc/libuser.conf" + CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*' +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +index f3b9c7ba..b5173e62 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Set Password Hashing Algorithm in /etc/libuser.conf' + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +index 8dedf993..51c76b11 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +index 377570ae..c6ed161b 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +index 7183cf0e..e4cd63f5 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Set Password Hashing Algorithm in /etc/login.defs' + +@@ -42,7 +42,7 @@ references: + srg: SRG-OS-000073-GPOS-00041 + stigid@ol7: OL07-00-010210 + stigid@rhel7: RHEL-07-010210 +- stigid@rhel8: RHEL-08-010110 ++ stigid@almalinux8: RHEL-08-010110 + stigid@sle12: SLES-12-010210 + stigid@sle15: SLES-15-010260 + stigid@ubuntu2004: UBTU-20-010404 +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh +index 02af406f..67248912 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + AUTH_FILES[0]="/etc/pam.d/system-auth" + AUTH_FILES[1]="/etc/pam.d/password-auth" +diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +index 24ab30d7..cae46763 100644 +--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: "Set PAM's Password Hashing Algorithm" + +@@ -69,7 +69,7 @@ references: + srg: SRG-OS-000073-GPOS-00041 + stigid@ol7: OL07-00-010200 + stigid@rhel7: RHEL-07-010200 +- stigid@rhel8: RHEL-08-010160 ++ stigid@almalinux8: RHEL-08-010160 + stigid@sle12: SLES-12-010230 + stigid@sle15: SLES-15-020170 + vmmsrg: SRG-OS-000480-VMM-002000 +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml +index f6888e51..cae502b8 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = disable + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh +index 7d4faedf..8e068a06 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +index 3045574e..7ce6bb46 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +index 139d230b..1c712f97 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Disable Ctrl-Alt-Del Burst Action' + +@@ -70,7 +70,7 @@ references: + nist-csf: PR.AC-4,PR.DS-5 + nist@sle15: CM-6(b),CM-6.1(iv) + srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-040172 ++ stigid@almalinux8: RHEL-08-040172 + stigid@sle15: SLES-15-040062 + stigid@ubuntu2004: UBTU-20-010460 + +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml +index 8ea1de86..a4edf584 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = disable + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +index 94767ad5..662dc0dd 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +@@ -1,6 +1,6 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + {{%- if init_system == "systemd" -%}} +-{{% if product in ["rhel7", "rhel8"] %}} ++{{% if product in ["rhel7", "rhel8", "almalinux8"] %}} + # The process to disable ctrl+alt+del has changed in RHEL7. + # Reference: https://access.redhat.com/solutions/1123873 + {{% endif %}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml +index 517c83c6..041e9a29 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +index 7c82f4a3..83c162a9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Disable Ctrl-Alt-Del Reboot Activation' + +@@ -75,7 +75,7 @@ references: + srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020230 + stigid@rhel7: RHEL-07-020230 +- stigid@rhel8: RHEL-08-040170 ++ stigid@almalinux8: RHEL-08-040170 + stigid@sle12: SLES-12-010610 + stigid@sle15: SLES-15-040060 + stigid@ubuntu2004: UBTU-20-010460 +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh +index b56b59b2..0e0b89ca 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + systemctl disable --now ctrl-alt-del.target + systemctl mask --now ctrl-alt-del.target +diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh +index 74342f02..9582fbea 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + systemctl unmask ctrl-alt-del.target +diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml +index 9e69fdf4..9eabacb9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh +index 08876d7a..ad55d965 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +index bc371853..ace64b71 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Verify that Interactive Boot is Disabled' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml +index 9e9556cb..610dcf76 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml +@@ -9,7 +9,7 @@ + create: yes + dest: /usr/lib/systemd/system/emergency.service + regexp: "^#?ExecStart=" +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency" + {{%- else -%}} + line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +index d8640d84..462a8279 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +@@ -1,8 +1,8 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + service_file="/usr/lib/systemd/system/emergency.service" + +-{{% if product in ["fedora", "rhel8", "ol8"] -%}} ++{{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + sulogin="/usr/lib/systemd/systemd-sulogin-shell emergency" + {{%- else -%}} + sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +index 51de85f6..9f2b3780 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +@@ -12,7 +12,7 @@ + + + + /usr/lib/systemd/system/emergency.service +- {{%- if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{%- if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + ^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency + {{%- else -%}} + ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" +@@ -43,8 +43,8 @@ + 1 + + +- + + +@@ -55,7 +55,7 @@ + ^emergency.service$ + + +- + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +index e2f61432..29683160 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Require Authentication for Emergency Systemd Target' + +@@ -42,7 +42,7 @@ references: + srg: SRG-OS-000080-GPOS-00048 + stigid@ol7: OL07-00-010481 + stigid@rhel7: RHEL-07-010481 +- stigid@rhel8: RHEL-08-010152 ++ stigid@almalinux8: RHEL-08-010152 + + ocil_clause: 'the output is different' + +@@ -50,7 +50,7 @@ ocil: |- + To check if authentication is required for emergency mode, run the following command: + 
$ grep sulogin /usr/lib/systemd/system/emergency.service
+ The output should be similar to the following, and the line must begin with +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + ExecStart and /usr/lib/systemd/systemd-sulogin-shell. + 
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
+ {{%- else -%}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh +index d3cd3035..c94f7b5f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/emergency.service" + sulogin="/usr/lib/systemd/systemd-sulogin-shell" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh +index 9fa5cf84..2aec856e 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/emergency.service" + sulogin="/bin/bash" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml +index 4164c163..186cc053 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml +@@ -10,7 +10,7 @@ + create: yes + dest: /usr/lib/systemd/system/rescue.service + regexp: "^#?ExecStart=" +- {{% if product in ["fedora", "rhel8", "ol8"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue" + {{%- else -%}} + line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +index b022a8e2..3d7cf90c 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +@@ -1,10 +1,10 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + {{% if init_system == "systemd" -%}} + + service_file="/usr/lib/systemd/system/rescue.service" + +-{{% if product in ["fedora", "rhel8", "ol8"] -%}} ++{{% if product in ["fedora", "rhel8", "ol8", "almalinux8"] -%}} + sulogin="/usr/lib/systemd/systemd-sulogin-shell rescue" + {{%- else -%}} + sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml +index 49070519..605a28a0 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml +@@ -20,7 +20,7 @@ + {{%- if init_system == "systemd" -%}} + + + /usr/lib/systemd/system/rescue.service +- {{%- if product in ["fedora", "rhel8", "ol8", "rhcos4"] -%}} ++ {{%- if product in ["fedora", "rhel8", "ol8", "rhcos4", "almalinux8"] -%}} + ^ExecStart=\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue + {{%- else -%}} + ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" +@@ -51,8 +51,8 @@ + 1 + + +- + + +@@ -63,7 +63,7 @@ + ^rescue.service$ + + +- + +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +index 1ed97c35..2ad171fb 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 + + title: 'Require Authentication for Single User Mode' + +@@ -46,7 +46,7 @@ references: + srg: SRG-OS-000080-GPOS-00048 + stigid@ol7: OL07-00-010481 + stigid@rhel7: RHEL-07-010481 +- stigid@rhel8: RHEL-08-010151 ++ stigid@almalinux8: RHEL-08-010151 + + ocil_clause: 'the output is different' + +@@ -55,7 +55,7 @@ ocil: |- + To check if authentication is required for single-user mode, run the following command: + 
$ grep sulogin /usr/lib/systemd/system/rescue.service
+ The output should be similar to the following, and the line must begin with +- {{% if product in ["fedora", "rhel8", "ol8", "rhcos4"] -%}} ++ {{% if product in ["fedora", "rhel8", "ol8", "rhcos4", "almalinux8"] -%}} + ExecStart and /usr/lib/systemd/systemd-sulogin-shell. + 
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
+ {{%- else -%}} +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +index f8cd337b..19925a1e 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/rescue.service" + sulogin="/usr/lib/systemd/systemd-sulogin-shell" +diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh +index 0d76d825..ba2681b0 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora + + service_file="/usr/lib/systemd/system/rescue.service" + sulogin="/bin/bash" +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh +index 0c544bfb..0b6fa7c1 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + if ! grep -x ' case "$name" in sshd|login) exec tmux ;; esac' /etc/bashrc; then + cat >> /etc/bashrc <<'EOF' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +index c43b8cb7..7ed86b6a 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Support session locking with tmux' + +@@ -23,7 +23,7 @@ references: + disa: CCI-000056 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009 +- stigid@rhel8: RHEL-08-020041 ++ stigid@almalinux8: RHEL-08-020041 + + ocil_clause: 'exec tmux is not present at the end of bashrc' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +index dc63eb65..dc693130 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh +index 233047af..33549331 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + tmux_conf="/etc/tmux.conf" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +index a3902b1f..dca9b85f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Configure tmux to lock session after inactivity' + +@@ -24,7 +24,7 @@ references: + disa: CCI-000057 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000029-GPOS-00010 +- stigid@rhel8: RHEL-08-020070 ++ stigid@almalinux8: RHEL-08-020070 + + ocil_clause: 'lock-after-time is not set or set to zero' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh +index f2430618..b2e711bd 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora ++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora + + tmux_conf="/etc/tmux.conf" + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +index e2436ca2..fde6e6e9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Configure the tmux Lock Command' + +@@ -28,7 +28,7 @@ references: + disa: CCI-000056,CCI-000058 + nist: AC-11(a),AC-11(b),CM-6(a) + srg: SRG-OS-000028-GPOS-00009 +- stigid@rhel8: RHEL-08-020040 ++ stigid@almalinux8: RHEL-08-020040 + vmmsrg: SRG-OS-000028-VMM-000090,SRG-OS-000030-VMM-000110 + + ocil_clause: 'lock-command is not set' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh +index dacc9147..8a7eebd0 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo > '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh +index 3b5a134b..34b13717 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo '# set -g lock-command vlock' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh +index 7862a7e9..d1806b59 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo 'set -g lock-command vlock' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh +index e747275d..07b43ed4 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo 'set -g lock-command locker' >> '/etc/tmux.conf' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh +index 45c43e8d..441cef39 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 + + if grep -q 'tmux$' /etc/shells ; then + sed -i '/tmux$/d' /etc/shells +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +index 6b2d6cd5..c20712c9 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +index 595ddd6a..3df26783 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 + + title: 'Prevent user from disabling the screen lock' + +@@ -24,7 +24,7 @@ references: + disa: CCI-000056 + ospp: FMT_SMF_EXT.1 + srg: SRG-OS-000324-GPOS-00125,SRG-OS-000028-GPOS-00009 +- stigid@rhel8: RHEL-08-020042 ++ stigid@almalinux8: RHEL-08-020042 + + ocil_clause: 'tmux is listed in /etc/shells' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +index 120d1c49..3a609963 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4 ++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4 + + title: 'Install the tmux Package' + +@@ -40,7 +40,7 @@ references: + nist-csf: PR.AC-7 + ospp: FMT_MOF_EXT.1 + srg: SRG-OS-000030-GPOS-00011,SRG-OS-000028-GPOS-00009 +- stigid@rhel8: RHEL-08-020039 ++ stigid@almalinux8: RHEL-08-020039 + vmmsrg: SRG-OS-000030-VMM-000110 + + ocil_clause: 'the package is not installed' +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml +index 37602754..5834c77f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh +index 4e80be4f..28db2a10 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +index 54fff733..9212c077 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Configure opensc Smart Card Drivers' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml +index f05423c0..4334b8a3 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh +index 7c763a87..df907379 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +index a69968b6..b895cf75 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Force opensc To Use Defined Smart Card Driver' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml +index 54524233..3697fd65 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml +@@ -5,7 +5,7 @@ title: 'Hardware Tokens for Authentication' + description: |- + The use of hardware tokens such as smart cards for system login + provides stronger, two-factor authentication than using a username and password. +- {{% if product in ['ol7', 'ol8'] %}} ++ {{% if product in ['ol7', 'ol8', 'almalinux8'] %}} + In {{{ full_name }}} servers, hardware token login + {{% else %}} + In Red Hat Enterprise Linux servers and workstations, hardware token login +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +index 43b96404..ac689dcb 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +@@ -8,7 +8,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Install Smart Card Packages For Multifactor Authentication' + +@@ -46,7 +46,7 @@ references: + srg: SRG-OS-000105-GPOS-00052,SRG-OS-000375-GPOS-00160,SRG-OS-000375-GPOS-00161,SRG-OS-000377-GPOS-00162 + stigid@ol7: OL07-00-041001 + stigid@rhel7: RHEL-07-041001 +- stigid@rhel8: RHEL-08-010390 ++ stigid@almalinux8: RHEL-08-010390 + stigid@sle12: SLES-12-030500 + stigid@sle15: SLES-15-010460 + stigid@ubuntu2004: UBTU-20-010063 +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +index 5d88eb4d..f4d70ff2 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004 + + title: 'Install the opensc Package For Multifactor Authentication' + +@@ -35,7 +35,7 @@ references: + ism: 1382,1384,1386 + nist: CM-6(a) + srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161 +- stigid@rhel8: RHEL-08-010410 ++ stigid@almalinux8: RHEL-08-010410 + stigid@ubuntu2004: UBTU-20-010064 + vmmsrg: SRG-OS-000376-VMM-001520 + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +index 0652fbea..215abe8b 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Install the pcsc-lite package' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +index 23a63bf4..05eb3b88 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 + + title: 'Enable the pcscd Service' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh +index d02a9674..9bdafdc1 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol + + # Install required packages + if ! rpm --quiet -q pam_pkcs11; then yum -y -d 1 install pam_pkcs11; fi +diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml +index 73185c44..61701686 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Configure Smart Card Certificate Status Checking' + +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +index ff493491..082c8e61 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +index 157ef461..be23be4f 100644 +--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Disable debug-shell SystemD Service' + +@@ -34,7 +34,7 @@ references: + hipaa: 164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii) + ospp: FIA_UAU.1 + srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-040180 ++ stigid@almalinux8: RHEL-08-040180 + + ocil: |- + {{{ ocil_service_disabled(service="debug-shell") }}} +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +index 74598bc7..680caf4b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +index c8c2a90e..c42ae5d6 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +index a3d81cf7..7b20a031 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Set Account Expiration Following Inactivity' + +@@ -51,7 +51,7 @@ references: + srg: SRG-OS-000118-GPOS-00060 + stigid@ol7: OL07-00-010310 + stigid@rhel7: RHEL-07-010310 +- stigid@rhel8: RHEL-08-020260 ++ stigid@almalinux8: RHEL-08-020260 + stigid@sle12: SLES-12-010340 + stigid@sle15: SLES-15-020050 + stigid@ubuntu2004: UBTU-20-010409 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml +index a47c7f39..a935a880 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8 ++prodtype: fedora,rhel8,almalinux8 + + title: 'Assign Expiration Date to Emergency Accounts' + +@@ -40,7 +40,7 @@ references: + nist: AC-2(2),AC-2(3),CM-6(a) + nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6 + srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002 +- stigid@rhel8: RHEL-08-020270 ++ stigid@almalinux8: RHEL-08-020270 + vmmsrg: SRG-OS-000002-VMM-000020,SRG-OS-000123-VMM-000620 + + ocil_clause: 'any emergency accounts have no expiration date set or do not expire within a documented time frame' +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +index b4f3688c..54de04ff 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004 + + title: 'Assign Expiration Date to Temporary Accounts' + +@@ -43,7 +43,7 @@ references: + nist: AC-2(2),AC-2(3),CM-6(a) + nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6 + srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002 +- stigid@rhel8: RHEL-08-020000 ++ stigid@almalinux8: RHEL-08-020000 + stigid@sle12: SLES-12-010360 + stigid@sle15: SLES-15-020000 + stigid@ubuntu2004: UBTU-20-010000 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +index 5cfdf48d..16e11ddb 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15 + + title: 'Ensure All Accounts on the System Have Unique User IDs' + +@@ -21,7 +21,7 @@ references: + disa: CCI-000764,CCI-000804 + nist@sle12: IA-2,IA-2.1,IA-8,IA-8.1 + srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020 +- stigid@rhel8: RHEL-08-020240 ++ stigid@almalinux8: RHEL-08-020240 + stigid@sle12: SLES-12-010640 + stigid@sle15: SLES-15-010230 + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml +index e2311f6a..9c02a9f1 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,sle12,sle15,fedora,rhel8 ++prodtype: ol7,sle12,sle15,fedora,rhel8,almalinux8 + + title: 'Only Authorized Local User Accounts Exist on Operating System' + +@@ -34,7 +34,7 @@ references: + disa: CCI-000366 + nist@sle12: CM-6(b),CM-6.1(iv) + srg: SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-020320 ++ stigid@almalinux8: RHEL-08-020320 + stigid@sle12: SLES-12-010630 + stigid@sle15: SLES-15-020090 + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh +index d942f81d..bcafb5e8 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh +@@ -1,5 +1,5 @@ + #! /bin/bash +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$" + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +index bed135a4..1df8f3a2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh +index 135eb49d..2ad49f24 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_fedora ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_fedora + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_maximum_age_login_defs") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +index 1a0f05a7..af196b8f 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +@@ -51,7 +51,7 @@ references: + srg: SRG-OS-000076-GPOS-00044 + stigid@ol7: OL07-00-010250 + stigid@rhel7: RHEL-07-010250 +- stigid@rhel8: RHEL-08-020200 ++ stigid@almalinux8: RHEL-08-020200 + stigid@sle12: SLES-12-010280 + stigid@sle15: SLES-15-020220 + stigid@ubuntu2004: UBTU-20-010008 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +index 0c81c0ee..29f31c65 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +index 0b777e36..2096018a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +@@ -49,7 +49,7 @@ references: + srg: SRG-OS-000075-GPOS-00043 + stigid@ol7: OL07-00-010230 + stigid@rhel7: RHEL-07-010230 +- stigid@rhel8: RHEL-08-020190 ++ stigid@almalinux8: RHEL-08-020190 + stigid@sle12: SLES-12-010270 + stigid@sle15: SLES-15-020200 + stigid@ubuntu2004: UBTU-20-010007 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +index eee37bda..a231fa41 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +index 0b47d1f4..2a4f751b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml +index f65c2d2b..d93a45d8 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml +@@ -45,7 +45,7 @@ references: + nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 + ospp: FMT_MOF_EXT.1 + srg: SRG-OS-000078-GPOS-00046 +- stigid@rhel8: RHEL-08-020231 ++ stigid@almalinux8: RHEL-08-020231 + + ocil_clause: 'it is not set to the required value' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh +index c1acf5e2..9b209867 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + if grep -q "^PASS_MIN_LEN" /etc/login.defs; then + sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 10/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh +index 0e31bd79..a2ff1105 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + if grep -q "^PASS_MIN_LEN" /etc/login.defs; then + sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 12/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh +index 88509363..64a38232 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + if grep -q "^PASS_MIN_LEN" /etc/login.defs; then + sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 15/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh +index bd7ed7a2..78ff205e 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + sed -i "s/.*PASS_MIN_LEN.*/#PASS_MIN_LEN 12/" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh +index 88ecd439..678d3b6d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # + # profiles = xccdf_org.ssgproject.content_profile_ospp +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 + + sed -i "/^PASS_MIN_LEN.*/d" /etc/login.defs +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +index 8b5e0962..faa4da48 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Set Existing Passwords Maximum Age' + +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000076-GPOS-00044 + stigid@ol7: OL07-00-010260 + stigid@rhel7: RHEL-07-010260 +- stigid@rhel8: RHEL-08-020210 ++ stigid@almalinux8: RHEL-08-020210 + stigid@sle12: SLES-12-010290 + stigid@sle15: SLES-15-020230 + vmmsrg: SRG-OS-000076-VMM-000430 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +index b250979f..bfe4e52b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Set Existing Passwords Minimum Age' + +@@ -32,7 +32,7 @@ references: + srg: SRG-OS-000075-GPOS-00043 + stigid@ol7: OL07-00-010240 + stigid@rhel7: RHEL-07-010240 +- stigid@rhel8: RHEL-08-020180 ++ stigid@almalinux8: RHEL-08-020180 + stigid@sle12: SLES-12-010260 + stigid@sle15: SLES-15-020210 + vmmsrg: SRG-OS-000075-VMM000420 +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +index 1091f8c8..00da1b03 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml +index d3a1b85c..1353a811 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,sle12,sle15,ubuntu2004 ++prodtype: fedora,rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Verify All Account Password Hashes are Shadowed with SHA512' + +@@ -34,7 +34,7 @@ references: + disa: CCI-000196,CCI-000803 + nist: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1 + srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061 +- stigid@rhel8: RHEL-08-010120 ++ stigid@almalinux8: RHEL-08-010120 + stigid@sle12: SLES-12-010220 + stigid@sle15: SLES-15-020180 + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +index 85f98d2f..4f2f1232 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +index 258a7615..ef4ea1fc 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +index 459692f4..2fbcc118 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Set number of Password Hashing Rounds - password-auth' + +@@ -32,7 +32,7 @@ references: + anssi: BP28(R32) + disa: CCI-000196 + srg: SRG-OS-000073-GPOS-00041 +- stigid@rhel8: RHEL-08-010130 ++ stigid@almalinux8: RHEL-08-010130 + + ocil_clause: 'it does not set the appropriate number of hashing rounds' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +index e7dccf38..21382076 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +index b2c81662..b6a5e1f1 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +index 0b694b0e..314c0a1f 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Set number of Password Hashing Rounds - system-auth' + +@@ -32,7 +32,7 @@ references: + anssi: BP28(R32) + disa: CCI-000196 + srg: SRG-OS-000073-GPOS-00041 +- stigid@rhel8: RHEL-08-010131 ++ stigid@almalinux8: RHEL-08-010131 + + ocil_clause: 'it does not set the appropriate number of hashing rounds' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +index db35dac3..b5c8d349 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +index 837c46b2..cf1e4f4d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + sed --follow-symlinks -i 's/\//g' /etc/pam.d/system-auth + sed --follow-symlinks -i 's/\//g' /etc/pam.d/password-auth +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +index 075cc631..47e67288 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +index 75f988ff..d5a15e3b 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +@@ -53,7 +53,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-010290 + stigid@rhel7: RHEL-07-010290 +- stigid@rhel8: RHEL-08-020331 ++ stigid@almalinux8: RHEL-08-020331 + stigid@sle12: SLES-12-010231 + stigid@sle15: SLES-15-020300 + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml +index acf0496e..7f1fb69d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +index 126f2ba5..9c45e22a 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/group' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml +index 5baef258..84ddc1e0 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +index 12e9a125..6bf3b7cc 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/passwd' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml +index c969414d..7b71e4ce 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 ++# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +index 102c4def..9dd2ada2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Ensure there are no legacy + NIS entries in /etc/shadow' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +index edde64a7..69be3dfb 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020310 + stigid@rhel7: RHEL-07-020310 +- stigid@rhel8: RHEL-08-040200 ++ stigid@almalinux8: RHEL-08-040200 + stigid@sle12: SLES-12-010650 + stigid@sle15: SLES-15-020100 + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +index 6fbb7c72..d8e71c19 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +index 8f87bf06..6bed5ef5 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml +index b5bfabab..6742eeb2 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Restrict Web Browser Use for Administrative Accounts' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +index 5129557e..08dcd47d 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +index 5f9c92aa..119219eb 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml +index 84560835..c0f76497 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 + + title: 'Root Path Must Be Vendor Default' + +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +index 94594008..c71e3c69 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +index 7194be9c..33bf1622 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +index d001e733..7c7000ed 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # uncomment the option if commented + sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su +diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +index 20648132..c1b3d384 100644 +--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu2004 + + title: 'Enforce usage of pam_wheel for su authentication' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml +index e53f7863..f8bfacd0 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh +index be3cc99c..6770cf9e 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh +@@ -1,3 +1,3 @@ +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora + + {{{ set_config_file("/etc/login.defs", "CREATE_HOME", "yes", create=true, insert_after="", insert_before="^\s*CREATE_HOME", insensitive=true) }}} +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +index f478f78e..1f3c358d 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,fedora ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019,fedora + + title: 'Ensure Home Directories are Created for New Users' + +@@ -29,7 +29,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020610 + stigid@rhel7: RHEL-07-020610 +- stigid@rhel8: RHEL-08-010760 ++ stigid@almalinux8: RHEL-08-010760 + stigid@sle12: SLES-12-010720 + stigid@sle15: SLES-15-020110 + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +index 53b68079..2a6b6612 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol + # disruption = low + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +index a352897a..b42bcca5 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml +index 3d7c3771..b839c129 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml +@@ -31,7 +31,7 @@ references: + srg: SRG-OS-000480-GPOS-00226 + stigid@ol7: OL07-00-010430 + stigid@rhel7: RHEL-07-010430 +- stigid@rhel8: RHEL-08-020310 ++ stigid@almalinux8: RHEL-08-020310 + stigid@sle12: SLES-12-010140 + + ocil_clause: 'the above command returns no output, or FAIL_DELAY is configured less than the expected value' +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +index 536ac295..d1bff5ff 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +index 65066e77..fd616495 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml +index 5ac0a7db..aa22264c 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml +@@ -38,7 +38,7 @@ references: + srg: SRG-OS-000027-GPOS-00008 + stigid@ol7: OL07-00-040000 + stigid@rhel7: RHEL-07-040000 +- stigid@rhel8: RHEL-08-020024 ++ stigid@almalinux8: RHEL-08-020024 + stigid@sle12: SLES-12-010120 + stigid@sle15: SLES-15-020020 + stigid@ubuntu2004: UBTU-20-010400 +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml +index 1bd99ce7..a4f03471 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml +index 81a86072..678586dd 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +index f37ac948..dc8eb410 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +index 7d90a3f6..89b62218 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Set Interactive Session Timeout' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml +index a9cf96af..b988b245 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,ubuntu2004,wrlinux1019 + + title: 'User Initialization Files Must Be Group-Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +index 13019f6d..53c7cbb7 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12,sle15 + + title: 'User Initialization Files Must Not Run World-Writable Programs' + +@@ -29,7 +29,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020730 + stigid@rhel7: RHEL-07-020730 +- stigid@rhel8: RHEL-08-010660 ++ stigid@almalinux8: RHEL-08-010660 + stigid@sle12: SLES-12-010780 + stigid@sle15: SLES-15-040130 + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml +index 37efb159..e74c5317 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,ubuntu2004,wrlinux1019 + + title: 'User Initialization Files Must Be Owned By the Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +index f49c5a9e..e44c3f42 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12,sle15 + + title: 'Ensure that Users Path Contains Only Local Directories' + +@@ -33,7 +33,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020720 + stigid@rhel7: RHEL-07-020720 +- stigid@rhel8: RHEL-08-010690 ++ stigid@almalinux8: RHEL-08-010690 + stigid@sle12: SLES-12-010770 + stigid@sle15: SLES-15-040120 + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +index 1863ab76..f9548568 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12,sle15 + + title: 'All Interactive Users Must Have A Home Directory Defined' + +@@ -25,7 +25,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020600 + stigid@rhel7: RHEL-07-020600 +- stigid@rhel8: RHEL-08-010720 ++ stigid@almalinux8: RHEL-08-010720 + stigid@sle12: SLES-12-010710 + stigid@sle15: SLES-15-040070 + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +index 8a111943..db4fdd25 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'All Interactive Users Home Directories Must Exist' + +@@ -33,7 +33,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020620 + stigid@rhel7: RHEL-07-020620 +- stigid@rhel8: RHEL-08-010750 ++ stigid@almalinux8: RHEL-08-010750 + stigid@sle12: SLES-12-010730 + stigid@sle15: SLES-15-040080 + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml +index 1c0f93ad..720a5a8f 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle15 + + title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml +index 13f6bfe2..770562eb 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle15 + + title: 'All User Files and Directories In The Home Directory Must Be Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml +index c434cc96..15e0bb4c 100644 +--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle15 + + title: 'All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +index 2e6ce604..2b44a8e6 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' + +@@ -32,7 +32,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020650 + stigid@rhel7: RHEL-07-020650 +- stigid@rhel8: RHEL-08-010740 ++ stigid@almalinux8: RHEL-08-010740 + stigid@sle12: SLES-12-010750 + stigid@sle15: SLES-15-040100 + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +index 198a9be7..c13180b4 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019 + + title: 'All Interactive User Home Directories Must Be Owned By The Primary User' + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +index 5244533a..62ef0971 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive' + +@@ -28,7 +28,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020710 + stigid@rhel7: RHEL-07-020710 +- stigid@rhel8: RHEL-08-010770 ++ stigid@almalinux8: RHEL-08-010770 + stigid@sle12: SLES-12-010760 + stigid@sle15: SLES-15-040110 + +diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +index 1f7a5ffa..30b8be81 100644 +--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive' + +@@ -29,7 +29,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-020630 + stigid@rhel7: RHEL-07-020630 +- stigid@rhel8: RHEL-08-010730 ++ stigid@almalinux8: RHEL-08-010730 + stigid@sle12: SLES-12-010740 + stigid@sle15: SLES-15-040090 + +diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +index 4e7ea875..ecbce672 100644 +--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh +index a8301696..ec78ad7a 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +index aa763481..6ac17762 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 + + title: 'Ensure the Default Bash Umask is Set Correctly' + +@@ -37,7 +37,7 @@ references: + nist: AC-6(1),CM-6(a) + nist-csf: PR.IP-2 + srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227 +- stigid@rhel8: RHEL-08-020353 ++ stigid@almalinux8: RHEL-08-020353 + + ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh +index eaaf1d3b..c5abfe41 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # profiles = xccdf_org.ssgproject.content_profile_stig +-# platform = Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 + + sed -i '/umask/d' /etc/bashrc + echo "umask 077" >> /etc/bashrc +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +index 716dede4..51ce94dd 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +index 1b71c7d3..cfa4fecc 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,sle15,ubuntu2004 + + title: 'Ensure the Default C Shell Umask is Set Correctly' + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +index 259997f7..acff4ae7 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +index f74cbfe5..b418c6da 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_accounts_user_umask") }}} + +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +index 51f8e51f..23fa9ee3 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +@@ -38,7 +38,7 @@ references: + srg: SRG-OS-000480-GPOS-00228 + stigid@ol7: OL07-00-020240 + stigid@rhel7: RHEL-07-020240 +- stigid@rhel8: RHEL-08-020351 ++ stigid@almalinux8: RHEL-08-020351 + stigid@sle12: SLES-12-010620 + stigid@sle15: SLES-15-040420 + stigid@ubuntu2004: UBTU-20-010016 +diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +index 36032c66..08f847a7 100644 +--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml ++++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure the Default Umask is Set Correctly For Interactive Users' + +@@ -26,7 +26,7 @@ references: + srg: SRG-OS-000480-GPOS-00227 + stigid@ol7: OL07-00-021040 + stigid@rhel7: RHEL-07-021040 +- stigid@rhel8: RHEL-08-020352 ++ stigid@almalinux8: RHEL-08-020352 + + ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +index 07d37b18..10325371 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203 + stigid@ol7: OL07-00-030410 + stigid@rhel7: RHEL-07-030410 +- stigid@rhel8: RHEL-08-030490 ++ stigid@almalinux8: RHEL-08-030490 + stigid@sle12: SLES-12-020460 + stigid@sle15: SLES-15-030290 + stigid@ubuntu2004: UBTU-20-010152 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +index e2d9944a..37701323 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219 + stigid@ol7: OL07-00-030370 + stigid@rhel7: RHEL-07-030370 +- stigid@rhel8: RHEL-08-030480 ++ stigid@almalinux8: RHEL-08-030480 + stigid@sle12: SLES-12-020420 + stigid@sle15: SLES-15-030250 + stigid@ubuntu2004: UBTU-20-010148 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +index 6c3cc559..1c450020 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203 + stigid@ol7: OL07-00-030420 + stigid@rhel7: RHEL-07-030420 +- stigid@rhel8: RHEL-08-030540 ++ stigid@almalinux8: RHEL-08-030540 + stigid@sle12: SLES-12-020470 + stigid@sle15: SLES-15-030300 + stigid@ubuntu2004: UBTU-20-010153 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +index 3e51d482..d9416b03 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203 + stigid@ol7: OL07-00-030430 + stigid@rhel7: RHEL-07-030430 +- stigid@rhel8: RHEL-08-030530 ++ stigid@almalinux8: RHEL-08-030530 + stigid@sle12: SLES-12-020480 + stigid@sle15: SLES-12-030310 + stigid@ubuntu2004: UBTU-20-010154 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +index d89875fc..1d8cb96f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219 + stigid@ol7: OL07-00-030380 + stigid@rhel7: RHEL-07-030380 +- stigid@rhel8: RHEL-08-030520 ++ stigid@almalinux8: RHEL-08-030520 + stigid@sle12: SLES-12-020430 + stigid@sle15: SLES-15-030260 + stigid@ubuntu2004: UBTU-20-010149 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +index e6caaeb5..c60ea30d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219 + stigid@ol7: OL07-00-030400 + stigid@rhel7: RHEL-07-030400 +- stigid@rhel8: RHEL-08-030510 ++ stigid@almalinux8: RHEL-08-030510 + stigid@sle12: SLES-12-020450 + stigid@sle15: SLES-15-030280 + stigid@ubuntu2004: UBTU-20-010150 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +index b9ad3c79..7efc9a2c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +@@ -72,7 +72,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033 + stigid@ol7: OL07-00-030480 + stigid@rhel7: RHEL-07-030480 +- stigid@rhel8: RHEL-08-030240 ++ stigid@almalinux8: RHEL-08-030240 + stigid@sle12: SLES-12-020410 + stigid@sle15: SLES-15-030210 + stigid@ubuntu2004: UBTU-20-010147 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +index cedf05f9..ad793205 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +@@ -67,7 +67,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033 + stigid@ol7: OL07-00-030450 + stigid@rhel7: RHEL-07-030450 +- stigid@rhel8: RHEL-08-030230 ++ stigid@almalinux8: RHEL-08-030230 + stigid@sle12: SLES-12-020380 + stigid@sle15: SLES-15-030230 + stigid@ubuntu2004: UBTU-20-010144 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +index 190509c0..578d214a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000466-GPOS-00210,SRG-OS-000458-GPOS-00203,SRG-OS-000474-GPOS-00219 + stigid@ol7: OL07-00-030390 + stigid@rhel7: RHEL-07-030390 +- stigid@rhel8: RHEL-08-030500 ++ stigid@almalinux8: RHEL-08-030500 + stigid@sle12: SLES-12-020440 + stigid@sle15: SLES-15-030270 + stigid@ubuntu2004: UBTU-20-010151 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +index ffdacdf0..394b26ef 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +@@ -72,7 +72,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033 + stigid@ol7: OL07-00-030490 + stigid@rhel7: RHEL-07-030490 +- stigid@rhel8: RHEL-08-030200 ++ stigid@almalinux8: RHEL-08-030200 + stigid@sle12: SLES-12-020400 + stigid@sle15: SLES-15-030200 + stigid@ubuntu2004: UBTU-20-010146 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +index 3662262f..f05f4d8e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +@@ -66,7 +66,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000064-GPOS-00033 + stigid@ol7: OL07-00-030460 + stigid@rhel7: RHEL-07-030460 +- stigid@rhel8: RHEL-08-030220 ++ stigid@almalinux8: RHEL-08-030220 + stigid@sle15: SLES-15-030240 + stigid@ubuntu2004: UBTU-20-010143 + vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +index ac9d3492..45ecd956 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +@@ -71,7 +71,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000458-GPOS-00203,SRG-OS-000462-GPOS-00206,SRG-OS-000463-GPOS-00207,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000474-GPOS-00219,SRG-OS-000466-GPOS-00210,SRG-OS-000064-GPOS-00033 + stigid@ol7: OL07-00-030470 + stigid@rhel7: RHEL-07-030470 +- stigid@rhel8: RHEL-08-030210 ++ stigid@almalinux8: RHEL-08-030210 + stigid@sle12: SLES-12-020390 + stigid@sle15: SLES-15-030190 + stigid@ubuntu2004: UBTU-20-010145 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +index b661a1f9..b79ee03b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +@@ -67,7 +67,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203 + stigid@ol7: OL07-00-030440 + stigid@rhel7: RHEL-07-030440 +- stigid@rhel8: RHEL-08-030270 ++ stigid@almalinux8: RHEL-08-030270 + stigid@sle12: SLES-12-020370 + stigid@sle15: SLES-15-030220 + stigid@ubuntu2004: UBTU-20-010142 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +index 735817e4..5d6f6973 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,sle12,sle15,ubuntu2004 ++prodtype: rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Record Any Attempts to Run chacl' + +@@ -35,7 +35,7 @@ references: + disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884 + nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210 +- stigid@rhel8: RHEL-08-030570 ++ stigid@almalinux8: RHEL-08-030570 + stigid@sle12: SLES-12-020620 + stigid@sle15: SLES-15-030440 + stigid@ubuntu2004: UBTU-20-010168 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +index 341790d7..222c9853 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,sle12,sle15,ubuntu2004 ++prodtype: rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Record Any Attempts to Run setfacl' + +@@ -35,7 +35,7 @@ references: + disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884 + nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 +- stigid@rhel8: RHEL-08-030330 ++ stigid@almalinux8: RHEL-08-030330 + stigid@sle12: SLES-12-020610 + stigid@sle15: SLES-15-030430 + stigid@ubuntu2004: UBTU-20-010167 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +index 4a5f4337..86ef5b52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Any Attempts to Run chcon' + +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209 + stigid@ol7: OL07-00-030580 + stigid@rhel7: RHEL-07-030580 +- stigid@rhel8: RHEL-08-030260 ++ stigid@almalinux8: RHEL-08-030260 + stigid@sle12: SLES-12-020630 + stigid@sle15: SLES-15-030450 + stigid@ubuntu2004: UBTU-20-010165 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +index eb913156..5c51715f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Any Attempts to Run restorecon' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +index a945ce16..4b88bd97 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run semanage' + +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209 + stigid@ol7: OL07-00-030560 + stigid@rhel7: RHEL-07-030560 +- stigid@rhel8: RHEL-08-030313 ++ stigid@almalinux8: RHEL-08-030313 + vmmsrg: SRG-OS-000463-VMM-001850 + + ocil: |- +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +index 6db7d1da..e3a2f24a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Any Attempts to Run setfiles' + +@@ -46,7 +46,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209 + stigid@ol7: OL07-00-030590 + stigid@rhel7: RHEL-07-030590 +- stigid@rhel8: RHEL-08-030314 ++ stigid@almalinux8: RHEL-08-030314 + vmmsrg: SRG-OS-000463-VMM-001850 + + ocil: |- +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +index c357c48f..ef3ecb90 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Record Any Attempts to Run setsebool' + +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000463-GPOS-00207,SRG-OS-000465-GPOS-00209 + stigid@ol7: OL07-00-030570 + stigid@rhel7: RHEL-07-030570 +- stigid@rhel8: RHEL-08-030316 ++ stigid@almalinux8: RHEL-08-030316 + vmmsrg: SRG-OS-000463-VMM-001850 + + ocil: |- +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +index e317a2d5..0ee53626 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Any Attempts to Run seunshare' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +index 2b5e6649..5664dae0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +index 1c9cf37d..f76ade39 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects File Deletion Events by User' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +index 2f2d75a4..609151ec 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212 + stigid@ol7: OL07-00-030880 + stigid@rhel7: RHEL-07-030880 +- stigid@rhel8: RHEL-08-030361 ++ stigid@almalinux8: RHEL-08-030361 + stigid@ubuntu2004: UBTU-20-010269 + vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +index 37620a38..ffb34db7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212 + stigid@ol7: OL07-00-030890 + stigid@rhel7: RHEL-07-030890 +- stigid@rhel8: RHEL-08-030362 ++ stigid@almalinux8: RHEL-08-030362 + stigid@ubuntu2004: UBTU-20-010270 + vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +index e6b40042..89cf23af 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +@@ -47,7 +47,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212 + stigid@ol7: OL07-00-030900 + stigid@rhel7: RHEL-07-030900 +- stigid@rhel8: RHEL-08-030363 ++ stigid@almalinux8: RHEL-08-030363 + vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 + + {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +index bfe53b7d..d6a1340b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212 + stigid@ol7: OL07-00-030910 + stigid@rhel7: RHEL-07-030910 +- stigid@rhel8: RHEL-08-030364 ++ stigid@almalinux8: RHEL-08-030364 + stigid@ubuntu2004: UBTU-20-010267 + vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +index bd246f1b..ea4b92b3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +@@ -48,7 +48,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210,SRG-OS-000467-GPOS-00211,SRG-OS-000468-GPOS-00212 + stigid@ol7: OL07-00-030920 + stigid@rhel7: RHEL-07-030920 +- stigid@rhel8: RHEL-08-030365 ++ stigid@almalinux8: RHEL-08-030365 + stigid@ubuntu2004: UBTU-20-010268 + vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +index d3b01863..2bb5eb1b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 + + title: 'Record Successful Permission Changes to Files - chmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +index 241d1d63..f9749a32 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +index a1f8f395..173d16fb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Access Attempts to Files - creat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +index ce7070ed..8fdaba2d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +index 4b6cee01..3f60a691 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fchmodat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +index 6bc0b959..71a0383b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +index e882a57b..ef4a46a9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - fchownat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +index ee4ff3a8..9aaea3ee 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +index d40bfdee..8ce3cb3a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - fsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +index 4fe00220..d99a82aa 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Access Attempts to Files - ftruncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +index 90873b10..2e82232c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Ownership Changes to Files - lchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +index acbfbc0e..dfdcfbad 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - lremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +index b669f750..9897c41b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - lsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +index 9cc9ff86..3de02e18 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Access Attempts to Files - open' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +index 89a65e14..bc586252 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Access Attempts to Files - open_by_handle_at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +index 38a00312..ad07bfd0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +index 5ed132a5..0352431c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +index bef2d87a..ac4e2ebe 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Successful Creation Attempts to Files - open O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +index 653e1d8e..d6cf93b7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Successful Creation Attempts to Files - open O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +index 16e9b483..7ede712e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Access Attempts to Files - openat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +index 75ead44a..1d342e48 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Successful Creation Attempts to Files - openat O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +index 13ff5e23..11279f4b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +index 7d7e3ebe..6e115c37 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - removexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +index 82d103ec..84fa9b87 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - rename' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +index 1736c971..046a17f3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - renameat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +index 75809f4a..852c7f93 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Permission Changes to Files - setxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +index 4d850dc8..c1a49a4f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Access Attempts to Files - truncate' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +index 91e8f67b..0c57eabc 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlink' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +index a11b195b..3e87d37f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Record Successful Delete Attempts to Files - unlinkat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +index 5cb4dbe6..f88cd458 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +index e2ff8a02..f106a17b 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +index ddfe1e9d..ec62165d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - chmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +index 6ca6e27b..bb624b8f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Ownership Changes to Files - chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +index 5c751cb2..14cf1b53 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - creat' + +@@ -60,7 +60,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205 + stigid@ol7: OL07-00-030500 + stigid@rhel7: RHEL-07-030500 +- stigid@rhel8: RHEL-08-030470 ++ stigid@almalinux8: RHEL-08-030470 + stigid@sle12: SLES-12-020520 + stigid@sle15: SLES-15-030160 + stigid@ubuntu2004: UBTU-20-010158 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +index 1a93b453..170e0027 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - fchmod' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +index dd77cd60..bc79016c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - fchmodat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +index 3e5da890..6e55b2a9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Ownership Changes to Files - fchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +index 76f0e177..016e13c9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Ownership Changes to Files - fchownat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +index a6fbb185..c1455d6c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - fremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +index bf1ff867..ac79f42c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - fsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +index 76bcea15..f5cf3e82 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - ftruncate' + +@@ -63,7 +63,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205 + stigid@ol7: OL07-00-030550 + stigid@rhel7: RHEL-07-030550 +- stigid@rhel8: RHEL-08-030460 ++ stigid@almalinux8: RHEL-08-030460 + stigid@sle12: SLES-12-020510 + stigid@sle15: SLES-15-030320 + stigid@ubuntu2004: UBTU-20-010157 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +index 3d42cea2..d6d0f45e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Ownership Changes to Files - lchown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +index 05c1f7c8..a464da9f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - lremovexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +index e388ec2d..314b64f7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - lsetxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +index 7c6764d2..28974844 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - open' + +@@ -63,7 +63,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205 + stigid@ol7: OL07-00-030510 + stigid@rhel7: RHEL-07-030510 +- stigid@rhel8: RHEL-08-030440 ++ stigid@almalinux8: RHEL-08-030440 + stigid@sle12: SLES-12-020490 + stigid@sle15: SLES-15-030150 + stigid@ubuntu2004: UBTU-20-010155 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +index 9bb5ffe3..706edf61 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' + +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205 + stigid@ol7: OL07-00-030530 + stigid@rhel7: RHEL-07-030530 +- stigid@rhel8: RHEL-08-030450 ++ stigid@almalinux8: RHEL-08-030450 + stigid@sle12: SLES-12-020540 + stigid@sle15: SLES-15-030180 + stigid@ubuntu2004: UBTU-20-010160 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +index c93a8d88..5d2171bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +index dbca575d..f00a0ff9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +index c93a8d88..5d2171bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +index b3a06000..462ad0a1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +index 282e673c..b7c5f1bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +index 650f5b6d..7104f6cd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +index e0d4117e..222d70c8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +index 1cc53b18..2d82f928 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +index 282e673c..b7c5f1bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +index 34e5d448..7d6ab8dc 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +index c99656cc..5a0651b2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - openat' + +@@ -63,7 +63,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205 + stigid@ol7: OL07-00-030520 + stigid@rhel7: RHEL-07-030520 +- stigid@rhel8: RHEL-08-030430 ++ stigid@almalinux8: RHEL-08-030430 + stigid@sle12: SLES-12-020530 + stigid@sle15: SLES-15-030170 + stigid@ubuntu2004: UBTU-20-010159 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +index b66f7225..e6c6c787 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +index 1e021c4f..41533c52 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +index bf575128..4081e603 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +index 282e673c..b7c5f1bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol + # + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +index 4a09bc68..40f06aae 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +index b16b964d..f5d1c1ea 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - removexattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +index ae390fc9..bc2c87f4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Record Unsuccessul Delete Attempts to Files - rename' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +index ab5d3b8d..a943e75f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Record Unsuccessul Delete Attempts to Files - renameat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +index a45d0cda..69fc6720 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Unsuccessul Permission Changes to Files - setxattr' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +index 12771beb..fc214ad6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Unsuccessful Access Attempts to Files - truncate' + +@@ -62,7 +62,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000064-GPOS-00033,SRG-OS-000458-GPOS-00203,SRG-OS-000461-GPOS-00205 + stigid@ol7: OL07-00-030540 + stigid@rhel7: RHEL-07-030540 +- stigid@rhel8: RHEL-08-030420 ++ stigid@almalinux8: RHEL-08-030420 + stigid@sle12: SLES-12-020500 + stigid@sle15: SLES-15-030610 + stigid@ubuntu2004: UBTU-20-010156 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +index c78957ba..97e31b51 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Record Unsuccessul Delete Attempts to Files - unlink' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +index 8fa62518..b5bc00b2 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 + + title: 'Record Unsuccessul Delete Attempts to Files - unlinkat' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +index 905c14fe..fb7f6cff 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +index 55246da9..20b1a3ea 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +index f5469c0e..6caf0ab7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +index 51a61028..71df13a4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +index 052d21b4..584c6a3e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' + +@@ -51,7 +51,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222 + stigid@ol7: OL07-00-030830 + stigid@rhel7: RHEL-07-030830 +- stigid@rhel8: RHEL-08-030390 ++ stigid@almalinux8: RHEL-08-030390 + stigid@sle12: SLES-12-020730 + stigid@sle15: SLES-15-030520 + stigid@ubuntu2004: UBTU-20-010302 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +index 2e0780af..2ecb0742 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +index 90d7d43d..818c3cad 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +index aa170023..bb9ee295 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' + +@@ -50,7 +50,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222 + stigid@ol7: OL07-00-030821 + stigid@rhel7: RHEL-07-030821 +- stigid@rhel8: RHEL-08-030380 ++ stigid@almalinux8: RHEL-08-030380 + stigid@sle12: SLES-12-020740 + stigid@sle15: SLES-15-030530 + stigid@ubuntu2004: UBTU-20-010180 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +index 6f6bd182..d20223bf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol + # reboot = false + # complexity = low + # disruption = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +index 2fb9a7ff..7cef862d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +index 1d826043..26eebc3d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' + +@@ -50,7 +50,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222 + stigid@ol7: OL07-00-030820 + stigid@rhel7: RHEL-07-030820 +- stigid@rhel8: RHEL-08-030360 ++ stigid@almalinux8: RHEL-08-030360 + stigid@sle12: SLES-12-020750 + stigid@sle15: SLES-15-030540 + stigid@ubuntu2004: UBTU-20-010179 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +index 9c86d272..3e329261 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml +index c062cf52..9c29b4e1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +index 94d044ff..593a6d56 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events - faillock' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +index 25f578b1..cc309bec 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events - lastlog' + +@@ -51,7 +51,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000470-GPOS-00214 + stigid@ol7: OL07-00-030620 + stigid@rhel7: RHEL-07-030620 +- stigid@rhel8: RHEL-08-030600 ++ stigid@almalinux8: RHEL-08-030600 + stigid@sle12: SLES-12-020660 + stigid@sle15: SLES-15-030480 + stigid@ubuntu2004: UBTU-20-010171 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +index 0da92228..441f051e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Attempts to Alter Logon and Logout Events - tallylog' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +index 850b4b1b..89815499 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +index 9e55247a..bf32011e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +index 7e15005a..59b04990 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +index fd97dc6e..78add9a6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules + sed -i '/newgrp/d' /etc/audit/audit.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +index 3f534d4d..209478b1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/audit.rules + sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +index 11463a77..cc44abea 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules + sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh +index 0ba1cfb2..77a72fb3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules + sed -i -E 's/^(.*path=[[:graph:]]+ )(.*$)/\1-F perm=x \2/' /etc/audit/audit.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +index 8293c08f..03770257 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + # augenrules is default for rhel7 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +index c8017b46..576f0d55 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # Remediation for this rule cannot remove the duplicates + # remediation = none +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /tmp/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +index 83b00b1e..56866ef9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +index ff78e3de..192f8919 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +index ff080377..1743b072 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +index 694bc049..92b92961 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh +index 473d8a0b..2374ffeb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +index 8c7f0479..289aaae3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +index b7258fe0..beecff6e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + mkdir -p /etc/audit/rules.d + echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +index 3a947ea1..8471b399 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash + # remediation = bash +-# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 ++# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 + + ./generate_privileged_commands_rule.sh 1000 own_key /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +index c6464dbf..2961fb6d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +index b5a9e29d..0f3b5781 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage' + +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000468-GPOS-00212,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030660 + stigid@rhel7: RHEL-07-030660 +- stigid@rhel8: RHEL-08-030250 ++ stigid@almalinux8: RHEL-08-030250 + stigid@sle12: SLES-12-020690 + stigid@sle15: SLES-15-030120 + stigid@ubuntu2004: UBTU-20-010175 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +index 8cc2b236..d97ac264 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh' + +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030720 + stigid@rhel7: RHEL-07-030720 +- stigid@rhel8: RHEL-08-030410 ++ stigid@almalinux8: RHEL-08-030410 + stigid@sle12: SLES-12-020580 + stigid@sle15: SLES-15-030100 + stigid@ubuntu2004: UBTU-20-010163 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +index 86633fb6..c9994260 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab' + +@@ -57,7 +57,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030800 + stigid@rhel7: RHEL-07-030800 +- stigid@rhel8: RHEL-08-030400 ++ stigid@almalinux8: RHEL-08-030400 + stigid@sle12: SLES-12-020710 + stigid@sle15: SLES-15-030130 + stigid@ubuntu2004: UBTU-20-010177 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +index ac5bfb2c..fc55348f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd' + +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030650 + stigid@rhel7: RHEL-07-030650 +- stigid@rhel8: RHEL-08-030370 ++ stigid@almalinux8: RHEL-08-030370 + stigid@sle12: SLES-12-020560 + stigid@sle15: SLES-15-030080 + stigid@ubuntu2004: UBTU-20-010174 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +index 5baa999e..cb49a4d7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +index 8e4fa636..04619986 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +index b469e42b..ad89b5f9 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +@@ -8,7 +8,7 @@ + + documentation_complete: true + +-prodtype: rhel8,sle12,sle15,ubuntu2004 ++prodtype: rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - kmod' + +@@ -44,7 +44,7 @@ references: + disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884 + nist: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)AU-12(c),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222 +- stigid@rhel8: RHEL-08-030580 ++ stigid@almalinux8: RHEL-08-030580 + stigid@sle12: SLES-12-020360 + stigid@sle15: SLES-15-030410 + stigid@ubuntu2004: UBTU-20-010297 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +index 8f61ee32..07ddf429 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +index 59ebc0fd..f0cc57e1 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +index 56bd72b6..ee8f032c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount' + +@@ -50,7 +50,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030740 + stigid@rhel7: RHEL-07-030740 +- stigid@rhel8: RHEL-08-030300 ++ stigid@almalinux8: RHEL-08-030300 + stigid@sle12: SLES-12-020290 + stigid@sle15: SLES-15-030350 + stigid@ubuntu2004: UBTU-20-010138 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +index f636e162..2f9498cf 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +index 4c14ea50..b841a3fa 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp' + +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030710 + stigid@rhel7: RHEL-07-030710 +- stigid@rhel8: RHEL-08-030350 ++ stigid@almalinux8: RHEL-08-030350 + stigid@sle12: SLES-12-020570 + stigid@sle15: SLES-15-030090 + stigid@ubuntu2004: UBTU-20-010164 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +index d75f2051..696b4e0e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +index c34eeb54..dc4ec5dd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +@@ -11,7 +11,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check' + +@@ -65,7 +65,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030810 + stigid@rhel7: RHEL-07-030810 +- stigid@rhel8: RHEL-08-030340 ++ stigid@almalinux8: RHEL-08-030340 + stigid@sle12: SLES-12-020720 + stigid@sle15: SLES-15-030510 + stigid@ubuntu2004: UBTU-20-010178 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +index 2af86f50..7cb88891 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd' + +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030630 + stigid@rhel7: RHEL-07-030630 +- stigid@rhel8: RHEL-08-030290 ++ stigid@almalinux8: RHEL-08-030290 + stigid@sle12: SLES-12-020550 + stigid@sle15: SLES-15-030070 + stigid@ubuntu2004: UBTU-20-010172 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +index 9509216e..859a508e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop' + +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030760 + stigid@rhel7: RHEL-07-030760 +- stigid@rhel8: RHEL-08-030311 ++ stigid@almalinux8: RHEL-08-030311 + vmmsrg: SRG-OS-000471-VMM-001910 + + ocil_clause: 'it is not the case' +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +index c5d1a82c..95d5f841 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,ubuntu2004,wrlinux1019 ++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue' + +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030770 + stigid@rhel7: RHEL-07-030770 +- stigid@rhel8: RHEL-08-030312 ++ stigid@almalinux8: RHEL-08-030312 + vmmsrg: SRG-OS-000471-VMM-001910 + + ocil_clause: 'it is not the case' +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +index cb5995c1..7dbcaa68 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +index f3c3324e..d5545d32 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +index 699b21f9..c16036a3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_sle,multi_platform_rhel ++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +index f2ebca45..113b4c55 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,sle12,sle15,ubuntu2004 ++prodtype: rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Record Any Attempts to Run ssh-agent' + +@@ -37,7 +37,7 @@ references: + disa: CCI-000130,CCI-000169,CCI-000172 + nist@sle12: AU-3,AU-3.1,AU-12(a),AU-12(c),AU-12.1(a),AU-12.1(ii),AU-12.1(iv),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 +- stigid@rhel8: RHEL-08-030280 ++ stigid@almalinux8: RHEL-08-030280 + stigid@sle12: SLES-12-020310 + stigid@sle15: SLES-15-030370 + stigid@ubuntu2004: UBTU-20-010140 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +index 604cbcda..4ad6e2ad 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +@@ -10,7 +10,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign' + +@@ -64,7 +64,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030780 + stigid@rhel7: RHEL-07-030780 +- stigid@rhel8: RHEL-08-030320 ++ stigid@almalinux8: RHEL-08-030320 + stigid@sle12: SLES-12-020320 + stigid@sle15: SLES-15-030060 + stigid@ubuntu2004: UBTU-20-010141 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +index 87a81ee0..1177a271 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su' + +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-0003,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210 + stigid@ol7: OL07-00-030680 + stigid@rhel7: RHEL-07-030680 +- stigid@rhel8: RHEL-08-030190 ++ stigid@almalinux8: RHEL-08-030190 + stigid@sle12: SLES-12-020250 + stigid@sle15: SLES-15-030550 + stigid@ubuntu2004: UBTU-20-010136 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +index e9890918..e533bfed 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' + +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210 + stigid@ol7: OL07-00-030690 + stigid@rhel7: RHEL-07-030690 +- stigid@rhel8: RHEL-08-030550 ++ stigid@almalinux8: RHEL-08-030550 + stigid@sle12: SLES-12-020260 + stigid@sle15: SLES-15-030560 + stigid@ubuntu2004: UBTU-20-010161 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +index b65afabb..c6b62ef0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +index 5d47508b..71f9546c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount' + +@@ -58,7 +58,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030750 + stigid@rhel7: RHEL-07-030750 +- stigid@rhel8: RHEL-08-030301 ++ stigid@almalinux8: RHEL-08-030301 + stigid@sle12: SLES-12-020300 + stigid@sle15: SLES-15-030360 + stigid@ubuntu2004: UBTU-20-010139 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +index 5be7f486..459617f7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd' + +@@ -59,7 +59,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030640 + stigid@rhel7: RHEL-07-030640 +- stigid@rhel8: RHEL-08-030317 ++ stigid@almalinux8: RHEL-08-030317 + stigid@sle12: SLES-12-020680 + stigid@sle15: SLES-15-030110 + vmmsrg: SRG-OS-000471-VMM-001910 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +index 7ef800da..d645e83c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_update' + +@@ -37,7 +37,7 @@ identifiers: + references: + disa: CCI-000169 + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 +- stigid@rhel8: RHEL-08-030310 ++ stigid@almalinux8: RHEL-08-030310 + + ocil_clause: 'it is not the case' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +index 6dccc806..11e8adad 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +@@ -4,7 +4,7 @@ + + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper' + +@@ -55,7 +55,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030670 + stigid@rhel7: RHEL-07-030670 +- stigid@rhel8: RHEL-08-030315 ++ stigid@almalinux8: RHEL-08-030315 + vmmsrg: SRG-OS-000471-VMM-001910 + + ocil_clause: 'it is not the case' +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +index 70890161..bfc61715 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,sle12,sle15,ubuntu2004 ++prodtype: rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usermod' + +@@ -39,7 +39,7 @@ references: + disa: CCI-000130,CCI-000169,CCI-000172,CCI-002884 + nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a) + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210 +- stigid@rhel8: RHEL-08-030560 ++ stigid@almalinux8: RHEL-08-030560 + stigid@sle12: SLES-12-020700 + stigid@sle15: SLES-15-030500 + stigid@ubuntu2004: UBTU-20-010176 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +index 82aee103..b3f858f6 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +index 1624800e..4779206a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +index 40a4dbe1..c2bd2b96 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +index 9fc74c8d..eaf19da7 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +index 6d8b3825..48d2733e 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +index 193ba904..f8cfe822 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +index b4c62c06..80570cd3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +index 5a2720c7..ae278d24 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +index ffbc6bb7..ed4ab674 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +index 82f30df8..2c22c45d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +index 1f108ace..35527d88 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +index 524503c7..2b263578 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +index cf135641..ff19970a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 + + title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +index 36e06914..1e43efa0 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Traverse all of: + # +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +index 26d02c24..28daa910 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfig + spec: +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +index 6818e5c7..74f4a76a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +@@ -48,4 +48,4 @@ references: + nist-csf: DE.AE-3,DE.AE-5,ID.SC-4,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 + pcidss: Req-10.5.2 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 +- stigid@rhel8: RHEL-08-030121 ++ stigid@almalinux8: RHEL-08-030121 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +index 4633be5a..cb5dd0dc 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +index 0d731ffc..48457226 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +index 4534624b..7d1db5bb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +index 298aec87..772cf5d4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +@@ -49,7 +49,7 @@ references: + srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 + stigid@ol7: OL07-00-030740 + stigid@rhel7: RHEL-07-030740 +- stigid@rhel8: RHEL-08-030302 ++ stigid@almalinux8: RHEL-08-030302 + stigid@sle12: SLES-12-020290 + + ocil_clause: 'there is no output' +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +index b5262d79..ffe98233 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot =false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +index 3c5e593d..5504f293 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +index 08694d30..dc3e8362 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +index e8801374..95ec4a64 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +index 1decbff9..083f80bd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +index f39bfa7e..02c5a419 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers' + +@@ -29,7 +29,7 @@ identifiers: + references: + disa: CCI-000169 + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,CCI-002884,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 +- stigid@rhel8: RHEL-08-030171 ++ stigid@almalinux8: RHEL-08-030171 + + ocil_clause: 'there is not output' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +index d4a35a79..c2acf809 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8,rhel9 ++prodtype: rhel8,almalinux8,rhel9 + + title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/' + +@@ -29,7 +29,7 @@ identifiers: + references: + disa: CCI-000169 + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,CCI-002884,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 +- stigid@rhel8: RHEL-08-030172 ++ stigid@almalinux8: RHEL-08-030172 + + ocil_clause: 'there is not output' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +index fadb4c86..7df2e0cb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +index 39769793..8b5bfffb 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +index 04c4ce92..d1c71c4c 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,sle12,sle15,ubuntu2004 ++prodtype: rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Record Events When Privileged Executables Are Run' + +@@ -38,7 +38,7 @@ references: + nist: CM-5(1),AU-7(a),AU-7(b),AU-8(b),AU-12(3),AC-6(9) + srg: SRG-OS-000326-GPOS-00126,SRG-OS-000327-GPOS-00127,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000359-GPOS-00146,SRG-OS-000365-GPOS-00152 + stigid@rhel7: RHEL-07-030360 +- stigid@rhel8: RHEL-08-030000 ++ stigid@almalinux8: RHEL-08-030000 + stigid@sle12: SLES-12-020240 + stigid@sle15: SLES-15-030640 + stigid@ubuntu2004: UBTU-20-010211 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +index b6a4e7ef..31367467 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +index 5c99e72f..88c36f80 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +index bf283323..83356ccd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 + + title: 'Shutdown System When Auditing Failures Occur' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +index bb030985..53d33c43 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux ++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +index 11c8f823..62fe8fa3 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Events that Modify User/Group Information - /etc/group' + +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,CCI-002884,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 + stigid@ol7: OL07-00-030871 + stigid@rhel7: RHEL-07-030871 +- stigid@rhel8: RHEL-08-030170 ++ stigid@almalinux8: RHEL-08-030170 + stigid@sle12: SLES-12-020210 + stigid@sle15: SLES-15-030010 + stigid@ubuntu2004: UBTU-20-010101 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +index 8ccf265d..44bafe70 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Events that Modify User/Group Information - /etc/gshadow' + +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 + stigid@ol7: OL07-00-030872 + stigid@rhel7: RHEL-07-030872 +- stigid@rhel8: RHEL-08-030160 ++ stigid@almalinux8: RHEL-08-030160 + stigid@sle12: SLES-12-020590 + stigid@sle15: SLES-15-030040 + stigid@ubuntu2004: UBTU-20-010103 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +index b8e99f21..9b0b5353 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' + +@@ -57,7 +57,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000476-GPOS-00221,SRG-OS-000463-GPOS-00207 + stigid@ol7: OL07-00-030874 + stigid@rhel7: RHEL-07-030874 +- stigid@rhel8: RHEL-08-030140 ++ stigid@almalinux8: RHEL-08-030140 + stigid@sle12: SLES-12-020230 + stigid@sle15: SLES-15-030030 + stigid@ubuntu2004: UBTU-20-010104 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +index aae128fe..a1d9ee19 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Events that Modify User/Group Information - /etc/passwd' + +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221,SRG-OS-000274-GPOS-00104,SRG-OS-000275-GPOS-00105,SRG-OS-000276-GPOS-00106,SRG-OS-000277-GPOS-00107 + stigid@ol7: OL07-00-030870 + stigid@rhel7: RHEL-07-030870 +- stigid@rhel8: RHEL-08-030150 ++ stigid@almalinux8: RHEL-08-030150 + stigid@sle12: SLES-12-020200 + stigid@sle15: SLES-15-030000 + stigid@ubuntu2004: UBTU-20-010100 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +index d6cede0d..971dea81 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Record Events that Modify User/Group Information - /etc/shadow' + +@@ -56,7 +56,7 @@ references: + srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 + stigid@ol7: OL07-00-030873 + stigid@rhel7: RHEL-07-030873 +- stigid@rhel8: RHEL-08-030130 ++ stigid@almalinux8: RHEL-08-030130 + stigid@sle12: SLES-12-020220 + stigid@sle15: SLES-15-030020 + stigid@ubuntu2004: UBTU-20-010102 +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +index 1eeb41de..f0d60ef4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +index 3fbd4948..27378a92 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +index 0d51b6b9..72a9ab19 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +index 18bb2671..8f0bffdd 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +index 1eeb41de..f0d60ef4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +index e2f2d649..bd5c2434 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +index 1eeb41de..f0d60ef4 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +index 7ea72adf..28662fe8 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +index ed5ff647..09d8474f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # Include source function library. + . /usr/share/scap-security-guide/remediation_functions + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +index ac72267a..67ee8659 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +@@ -1,5 +1,5 @@ + --- +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos + # reboot = true + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +index ec17adf5..0ecb4079 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv + # reboot = false + # strategy = restrict + # complexity = low +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +index 3915300c..ac1e9e88 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'System Audit Directories Must Be Group Owned By Root' + +@@ -32,7 +32,7 @@ references: + nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 + pcidss: Req-10.5.1 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 +- stigid@rhel8: RHEL-08-030110 ++ stigid@almalinux8: RHEL-08-030110 + + ocil: |- + {{{ describe_file_group_owner(file="/var/log/audit", group="root") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +index cd6c45e2..6b327227 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'System Audit Directories Must Be Owned By Root' + +@@ -30,7 +30,7 @@ references: + nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 + pcidss: Req-10.5.1 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 +- stigid@rhel8: RHEL-08-030100 ++ stigid@almalinux8: RHEL-08-030100 + + ocil: |- + {{{ describe_file_owner(file="/var/log/audit", owner="root") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +index fb64c243..30e0c22f 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = Red Hat Virtualization 4,multi_platform_rhel ++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux + + if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then + GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +index fde4f452..372023ef 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +@@ -30,7 +30,7 @@ references: + nist: CM-6(a),AC-6(1),AU-9 + nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 +- stigid@rhel8: RHEL-08-030120 ++ stigid@almalinux8: RHEL-08-030120 + + ocil_clause: 'any are more permissive' + +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +index 767c8c89..6b0b1074 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'System Audit Logs Must Be Group Owned By Root' + +@@ -32,7 +32,7 @@ references: + nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 + pcidss: Req-10.5.1 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 +- stigid@rhel8: RHEL-08-030090 ++ stigid@almalinux8: RHEL-08-030090 + + ocil: |- + {{{ describe_file_group_owner(file="/var/log/audit/*", group="root") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml +index 7f895759..c6d2eb2d 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel8 ++prodtype: rhel8,almalinux8 + + title: 'System Audit Logs Must Be Owned By Root' + +@@ -30,7 +30,7 @@ references: + nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 + pcidss: Req-10.5.1 + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 +- stigid@rhel8: RHEL-08-030080 ++ stigid@almalinux8: RHEL-08-030080 + + ocil: |- + {{{ describe_file_owner(file="/var/log/audit/*", owner="root") }}} +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +index d6c45867..17a30a70 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv + + if LC_ALL=C grep -m 1 -q ^log_group /etc/audit/auditd.conf; then + GROUP=$(awk -F "=" '/log_group/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') +diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +index 9a9d68be..c22dbf8a 100644 +--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml ++++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 + + title: 'System Audit Logs Must Have Mode 0640 or Less Permissive' + +@@ -38,7 +38,7 @@ references: + srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 + stigid@ol7: OL07-00-910055 + stigid@rhel7: RHEL-07-910055 +- stigid@rhel8: RHEL-08-030070 ++ stigid@almalinux8: RHEL-08-030070 + + ocil_clause: 'any are more permissive' + +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +index eb3fd508..6dec3bcd 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +@@ -1,11 +1,11 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle + # reboot = false + # strategy = configure + # complexity = low + # disruption = low + {{{ ansible_instantiate_variables("var_audispd_remote_server") }}} + +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + {{% set audisp_config_file_path = "/etc/audit/audisp-remote.conf" %}} + {{% else %}} + {{% set audisp_config_file_path = "/etc/audisp/audisp-remote.conf" %}} +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +index 4d37c760..88367768 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +@@ -1,8 +1,8 @@ +-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle ++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle + . /usr/share/scap-security-guide/remediation_functions + {{{ bash_instantiate_variables("var_audispd_remote_server") }}} + +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + AUDITCONFIG=/etc/audit/audisp-remote.conf + {{% else %}} + AUDITCONFIG=/etc/audisp/audisp-remote.conf +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml +index 8fa77047..4faca2da 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml +@@ -1,4 +1,4 @@ +-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} ++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}} + {{% set audisp_config_file_path = "/etc/audit/audisp-remote.conf" %}} + {{% else %}} + {{% set audisp_config_file_path = "/etc/audisp/audisp-remote.conf" %}} +diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +index 507f7d33..52943889 100644 +--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml ++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 ++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 + + title: 'Configure audispd Plugin To Send Logs To Remote Server' + +@@ -8,7 +8,7 @@ description: |- + Configure the audispd plugin to off-load audit records onto a different + system or media from the system being audited. + Set the remote_server option in 
+-{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
++{{%- if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] -%}}
+     /etc/audit/audisp-remote.conf
+ {{%- else -%}}
+     /etc/audisp/audisp-remote.conf
+@@ -48,11 +48,10 @@ ocil_clause: 'audispd is not sending logs to a remote system'
+ ocil: |-
+     To verify the audispd plugin off-loads audit records onto a different system or
+     media from the system being audited, run the following command:
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+     
$ sudo grep -i remote_server /etc/audit/audisp-remote.conf

+ {{% else %}}
+     
$ sudo grep -i remote_server /etc/audisp/audisp-remote.conf

+ {{% endif %}}
+     The output should return something similar to
+     
remote_server = {{{ xccdf_value("var_audispd_remote_server") }}}

+-
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
+index f3401af3..dc069b05 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
+index 29cf6015..61a9640e 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+index a7f7a069..e37cc11c 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,sle12,sle15,ubuntu2004
++prodtype: rhel8,almalinux8,sle12,sle15,ubuntu2004
+ 
+ title: 'Configure a Sufficiently Large Partition for Audit Logs'
+ 
+@@ -43,7 +43,7 @@ references:
+     disa: CCI-001849
+     nist@sle15: AU-4
+     srg: SRG-OS-000341-GPOS-00132,SRG-OS-000342-GPOS-00133
+-    stigid@rhel8: RHEL-08-030660
++    stigid@almalinux8: RHEL-08-030660
+     stigid@sle12: SLES-12-020020 
+     stigid@sle15: SLES-15-030660
+     stigid@ubuntu2004: UBTU-20-010215
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
+index e5c33838..b855ec67 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
+ 
+ title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full'
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
+index 344ff384..fda02e3f 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
+@@ -1,7 +1,7 @@
+ # platform = multi_platform_wrlinux,multi_platform_all
+ . /usr/share/scap-security-guide/remediation_functions
+ 
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+ AUDISP_REMOTE_CONFIG="/etc/audit/audisp-remote.conf"
+ option="^transport"
+ value="KRB5"
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
+index 1e21e071..04f841d1 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
+@@ -1,6 +1,6 @@
+ 
+   
+-    {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++    {{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+     {{{ oval_metadata("transport setting in /etc/audit/audisp-remote.conf is set to 'KRB5'") }}}
+     {{% else %}}
+     {{{ oval_metadata("enable_krb5 setting in /etc/audisp/audisp-remote.conf is set to 'yes'") }}}
+@@ -17,14 +17,14 @@
+   
+ 
+   
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+     /etc/audit/audisp-remote.conf
+ {{% else %}}
+     /etc/audisp/audisp-remote.conf
+ {{% endif %}}
+     
+     
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+     ^[ ]*transport[ ]+=[ ]+KRB5[ ]*$
+ {{% else %}}
+     ^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+index 9c3f34e2..cad24ae9 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+@@ -1,13 +1,13 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
+ 
+ title: 'Encrypt Audit Records Sent With audispd Plugin'
+ 
+ description: |-
+     Configure the operating system to encrypt the transfer of off-loaded audit
+     records onto a different system or media from the system being audited.
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+     Set the transport option in 
/etc/audit/audisp-remote.conf

+     to KRB5.
+ {{% else %}}
+@@ -44,7 +44,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
+ ocil: |-
+     To verify the audispd plugin encrypts audit records off-loaded onto a different
+     system or media from the system being audited, run the following command:
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+     
$ sudo grep -i transport /etc/audit/audisp-remote.conf

+     The output should return the following:
+     
transport = KRB5

+@@ -53,4 +53,3 @@ ocil: |-
+     The output should return the following:
+     
enable_krb5 = yes

+ {{% endif %}}
+-
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
+index 9b2f37fd..4f7164e3 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
+index 8933828d..75fe1ce1 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
+index 5d6fb974..a8e33c70 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
+index 7d594d64..5d1ae6e8 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ . $SHARED/auditd_utils.sh
+ prepare_auditd_test_enviroment
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
+index 08d2794f..8e3bc55b 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
+ 
+ title: 'Configure audispd''s Plugin network_failure_action On Network Failure'
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
+index 56611725..5e7c5327 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
+@@ -6,7 +6,7 @@
+ 
+ - name: enable syslog plugin
+   lineinfile:
+-    {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
++    {{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] -%}}
+     dest: /etc/audit/plugins.d/syslog.conf
+     {{%- else -%}}
+     dest: /etc/audisp/plugins.d/syslog.conf
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
+index 6f2b49d4..7b0d6072 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
+@@ -2,7 +2,7 @@
+ . /usr/share/scap-security-guide/remediation_functions
+ var_syslog_active="yes"
+ 
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+ AUDISP_SYSLOGCONFIG=/etc/audit/plugins.d/syslog.conf
+ {{% else %}}
+ AUDISP_SYSLOGCONFIG=/etc/audisp/plugins.d/syslog.conf
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
+index 834225ca..6c4ff9cd 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
+@@ -1,6 +1,6 @@
+ 
+   
+-    {{{ oval_metadata("active setting in " + ("/etc/audit/plugins.d/syslog.conf" if product in ["rhel8", "fedora", "ol8", "rhv4"] else "/etc/audisp/plugins.d/syslog.conf") + " is set to 'yes'") }}}
++    {{{ oval_metadata("active setting in " + ("/etc/audit/plugins.d/syslog.conf" if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] else "/etc/audisp/plugins.d/syslog.conf") + " is set to 'yes'") }}}
+ 
+     
+         
+@@ -13,7 +13,7 @@
+   
+ 
+   
+-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] %}}
+     /etc/audit/plugins.d/syslog.conf
+ {{% else %}}
+     /etc/audisp/plugins.d/syslog.conf
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
+index dbea37d7..41dce950 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
+@@ -6,7 +6,7 @@ description: |-
+     To configure the auditd service to use the
+     syslog plug-in of the audispd audit event multiplexor, set
+     the active line in 
+-{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
++{{%- if product in ["rhel8", "fedora", "ol8", "rhv4", "almalinux8"] -%}}
+     /etc/audit/plugins.d/syslog.conf
+ {{%- else -%}}
+     /etc/audisp/plugins.d/syslog.conf
+@@ -49,10 +49,9 @@ ocil_clause: 'it is not activated'
+ 
+ ocil: |-
+     To verify the audispd's syslog plugin is active, run the following command:
+-{{% if product in ["rhel8", "fedora", "rhv4"] %}}
++{{% if product in ["rhel8", "fedora", "rhv4", "almalinux8"] %}}
+     
$ sudo grep active /etc/audit/plugins.d/syslog.conf

+ {{% else %}}
+     
$ sudo grep active /etc/audisp/plugins.d/syslog.conf

+ {{% endif %}}
+     If the plugin is active, the output will show yes.
+-
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
+index e2df674c..d71a83db 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # remediation = bash
+ 
+ . $SHARED/auditd_utils.sh
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
+index b05ad85b..d03bbb3d 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # remediation = bash
+ 
+ . $SHARED/auditd_utils.sh
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
+index 151f2aff..3cb652bf 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # remediation = bash
+ 
+ . $SHARED/auditd_utils.sh
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
+index 06f4a10c..ba788edb 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
+index 2b17ddd8..bccaaab8 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}}
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
+index c5980c53..d84e6760 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
+@@ -37,7 +37,7 @@ references:
+     nist: AU-5(b),AU-5(2),AU-5(1),AU-5(4),CM-6(a)
+     nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
+     srg: SRG-OS-000047-GPOS-00023
+-    stigid@rhel8: RHEL-08-030040
++    stigid@almalinux8: RHEL-08-030040
+ 
+ ocil_clause: 'the system is not configured to switch to single-user mode for corrective action'
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
+index 61cc4751..7f66a5c1 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
+index b136cc1a..47d47eb7 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+index 8639563f..4add5423 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+@@ -42,7 +42,7 @@ references:
+     nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
+     nist@sle12: AU-5(b),AU-5.1(iv)
+     srg: SRG-OS-000047-GPOS-00023
+-    stigid@rhel8: RHEL-08-030060
++    stigid@almalinux8: RHEL-08-030060
+     stigid@sle12: SLES-12-020060
+     stigid@sle15: SLES-15-030590
+     stigid@ubuntu2004: UBTU-20-010118
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
+index b82e6d17..717e52b9 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
+index ac78fe87..5fcd1604 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}}
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+index 938096ef..73e0e8cb 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000046-GPOS-00022,SRG-OS-000343-GPOS-00134
+     stigid@ol7: OL07-00-030350
+     stigid@rhel7: RHEL-07-030350
+-    stigid@rhel8: RHEL-08-030020
++    stigid@almalinux8: RHEL-08-030020
+     stigid@sle12: SLES-12-020040
+     stigid@sle15: SLES-15-030570
+     stigid@ubuntu2004: UBTU-20-010117
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
+index 93d076fa..02b862b9 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
+index 0c23a906..4b96b471 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux
+ . /usr/share/scap-security-guide/remediation_functions
+ 
+ {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}}
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
+index f909e5ec..72f7c8c4 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
+index efe151c6..88fb23c1 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_auditd_flush") }}}
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
+index 3fb448e5..d8217375 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure auditd flush priority'
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
+index 9817ba88..1a718d62 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
+index 2dc2791e..eb6d3368 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
+index dadc03e8..ae2b6248 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
+index 741e5487..453786c9 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
+index fb0da2f5..3206a5a3 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
+index 9a930ab2..0b4e4944 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ # remediation = bash
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
+index 65c77aa3..2440e259 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
+index 9f405890..ceda723b 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_auditd_max_log_file") }}}
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
+index 595959e0..28abf5c2 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
+index 42f987dd..8e13a71d 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
+index 15e21e45..be2d0fbb 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
+@@ -49,7 +49,7 @@ references:
+     nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
+     pcidss: Req-10.7
+     srg: SRG-OS-000047-GPOS-00023
+-    stigid@rhel8: RHEL-08-030050
++    stigid@almalinux8: RHEL-08-030050
+ 
+ ocil_clause: 'the system has not been properly configured to rotate audit logs'
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
+index 6fe9e014..7b15c894 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
+index ab0bea58..a6158699 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
+index 9b79489b..1315f39b 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_auditd_space_left") }}}
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
+index a652d15d..f88a86d9 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Configure auditd space_left on Low Disk Space'
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
+index 04062e34..3b30d2ea 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
+index 1d2b211c..d7fdf9be 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+index 7569a677..8069100c 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+@@ -53,7 +53,7 @@ references:
+     srg: SRG-OS-000343-GPOS-00134
+     stigid@ol7: OL07-00-030340
+     stigid@rhel7: RHEL-07-030340
+-    stigid@rhel8: RHEL-08-030731
++    stigid@almalinux8: RHEL-08-030731
+     stigid@ubuntu2004: UBTU-20-010217
+     vmmsrg: SRG-OS-000343-VMM-001240
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
+index ea9d9fcc..4ad6fc13 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype:  fedora,rhel7,rhel8,rhel9
++prodtype:  fedora,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditd space_left on Low Disk Space'
+ 
+@@ -35,7 +35,7 @@ references:
+     pcidss: Req-10.7
+     srg: SRG-OS-000343-GPOS-00134
+     stigid@rhel7: RHEL-07-030330
+-    stigid@rhel8: RHEL-08-030730
++    stigid@almalinux8: RHEL-08-030730
+     vmmsrg: SRG-OS-000343-VMM-001240
+ 
+ ocil_clause: 'the system is not configured with a specific percentage to notify administrators of an issue'
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
+index 0eaf0d3e..28016ed4 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
+@@ -23,7 +23,7 @@ references:
+     disa: CCI-000366
+     ospp: FAU_GEN.1.1.c
+     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-030061
++    stigid@almalinux8: RHEL-08-030061
+ 
+ ocil_clause: local_events isn't set to yes
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
+index 7113b0c6..4463bd2e 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
+@@ -24,7 +24,7 @@ references:
+     disa: CCI-000366
+     ospp: FAU_GEN.1
+     srg: SRG-OS-000255-GPOS-00096,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-030063
++    stigid@almalinux8: RHEL-08-030063
+ 
+ ocil_clause: log_format isn't set to ENRICHED
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+index b0bbf91f..aa24cbc0 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+@@ -26,7 +26,7 @@ references:
+     ospp: FAU_GEN.1
+     srg: SRG-OS-000039-GPOS-00017,SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+     stigid@ol7: OL07-00-030211
+-    stigid@rhel8: RHEL-08-030062
++    stigid@almalinux8: RHEL-08-030062
+ 
+ ocil_clause: name_format isn't set to hostname
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
+index e1569b22..2ff0cf3b 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
+index b397c811..dc9f2eae 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
+index d41ca000..f9946de8 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
+@@ -21,7 +21,7 @@ references:
+     disa: CCI-001851
+     nist: AU-4(1)
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+-    stigid@rhel8: RHEL-08-030700
++    stigid@almalinux8: RHEL-08-030700
+ 
+ ocil_clause: 'auditd overflow action is not setup correctly'
+ 
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
+index c865ad76..f226ae34 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
+index bcafc35b..9e8abe6c 100644
+--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
++++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
+@@ -3,7 +3,7 @@ documentation_complete: true
+ title: 'Remote server for audispd to send audit records'
+ 
+ description: |-
+-{{% if product in ["rhel8", "fedora"] %}}
++{{% if product in ["rhel8", "fedora", "almalinux8"] %}}
+     The setting for remote_server in /etc/audit/audisp-remote.conf
+ {{% else %}}
+     The setting for remote_server in /etc/audisp/audisp-remote.conf
+diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+index 73317286..8047c909 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
++++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon'
+ 
+@@ -47,7 +47,7 @@ references:
+     nist-csf: DE.AE-3,DE.AE-5,ID.SC-4,PR.AC-3,PR.PT-1,PR.PT-4,RS.AN-1,RS.AN-4
+     pcidss: Req-10.3
+     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095
+-    stigid@rhel8: RHEL-08-030601
++    stigid@almalinux8: RHEL-08-030601
+     stigid@ubuntu2004: UBTU-20-010198
+     vmmsrg: SRG-OS-000254-VMM-000880
+ 
+@@ -100,9 +100,9 @@ warnings:
+         
~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg

+         
  • On UEFI-based machines, issue the following command as root:
+ {{% if product in ["rhel7", "ol7", "rhel8", "ol8"] %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% endif %}}
+         
+ 
+diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh
+index dfffe3a7..1526a372 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh
++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Removes audit argument from kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh
+index 9823b08d..4522a4c6 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh
++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit=1"
+diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
+index 556b82c4..fa266b77 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the audit argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
+index 59f1ed22..e9cac86b 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
++++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the audit argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+index 93348c40..d62294e0 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004
+ 
+ title: 'Extend Audit Backlog Limit for the Audit Daemon'
+ 
+@@ -31,7 +31,7 @@ references:
+     disa: CCI-001849
+     nist: CM-6(a)
+     srg: SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132
+-    stigid@rhel8: RHEL-08-030602
++    stigid@almalinux8: RHEL-08-030602
+ 
+ ocil_clause: 'audit backlog limit is not configured'
+ 
+@@ -58,9 +58,9 @@ warnings:
+         
    ~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    
+         
  • On UEFI-based machines, issue the following command as root:
+ {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% endif %}}
+         
+ 
+diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
+index 3648f215..1db7652a 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit_backlog_limit=8192"
+diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
+index 921c9db9..d54cf31e 100644
+--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
++++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the audit_backlog_limit argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
+index 864e508b..7c9d8a3f 100644
+--- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
++++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install audispd-plugins Package'
+ 
+diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+index cfac7564..8525cdb5 100644
+--- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
++++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+@@ -26,7 +26,7 @@ references:
+     nist: AC-7(a),AU-7(1),AU-7(2),AU-14,AU-12(2),AU-2(a),CM-6(a)
+     nist@sle12: AU-7(a),AU-7(b),AU-8(b),AU-12.1(iv),AU-12(3),AU-12(c),CM-5(1)
+     srg: SRG-OS-000122-GPOS-00063,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000359-GPOS-00146,SRG-OS-000365-GPOS-00152,SRG-OS-000474-GPOS-00219,SRG-OS-000475-GPOS-00220,SRG-OS-000480-GPOS-00227,SRG-OS-000062-GPOS-00031
+-    stigid@rhel8: RHEL-08-030180
++    stigid@almalinux8: RHEL-08-030180
+     stigid@sle12: SLES-12-020000
+     stigid@sle15: SLES-15-030650
+     stigid@ubuntu2004: UBTU-20-010182
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml
+index e3314050..603abfb9 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
+index 5750df30..081f341f 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of unsuccessful file accesses'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
+index 41329308..3f8c50a3 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
+index 828ddf24..774bfe3b 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of successful file accesses'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
+index f6242690..bd3ddd10 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
+index 874c3d8b..89662c9a 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure basic parameters of Audit system'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml
+index 981a0c86..ab7d657c 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
+index 9da4d3b6..1a2380ac 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of unsuccessful file creations'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
+index dd3a8729..694f9d4e 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of successful file creations'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
+index 023388b6..655883af 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
+index 25446601..9e62b155 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of unsuccessful file deletions'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
+index 6c42b726..1da7bb5f 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ 
+ {{% set file_contents = """## Successful file delete
+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
+index 21e06846..cd3106a8 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of successful file deletions'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
+index 4b611673..42e1c3da 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
+index 261dc184..fa34df2d 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure immutable Audit login UIDs'
+ 
+@@ -39,7 +39,7 @@ references:
+     nist: AU-2(a)
+     ospp: FAU_GEN.1.1.c
+     srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
+-    stigid@rhel8: RHEL-08-030122
++    stigid@almalinux8: RHEL-08-030122
+ 
+ ocil_clause: 'the file does not exist or the content differs'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
+index 2d927984..ec647737 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
+index 0f5b9e71..348ffd3c 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of unsuccessful file modifications'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
+index c6f79696..7a6e545c 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
+index 4e9f89e2..1e21d871 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of successful file modifications'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
+index f8cd8b73..090554c0 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
+index 47b5571f..25d54199 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of loading and unloading of kernel modules'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
+index a93771e8..22e9b17b 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
+index c0e19ac1..9e4fac45 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Perform general configuration of Audit for OSPP'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
+index 16dbfe6d..2ad71622 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of unsuccessful ownership changes'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
+index a4db8e4b..44c40cc6 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of successful ownership changes'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
+index fcead862..353d4970 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of unsuccessful permission changes'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
+index 75fa61ad..bb9504db 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhcos4,rhel8,rhel9
++prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure auditing of successful permission changes'
+ 
+diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
+index d460ded7..5f1f0142 100644
+--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
++++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure audit according to OSPP requirements'
+ 
+diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
+index 0d05bd46..ea629355 100644
+--- a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+index c7ce75e8..6b99bd3e 100644
+--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
++++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+@@ -55,7 +55,7 @@ references:
+     stigid@sle12: SLES-12-020010
+     stigid@sle15: SLES-15-030050
+     nist@sle12: AU-3,AU-3(1),AU-3(1).1(ii),AU-3.1,AU-6(4),AU-6(4).1,AU-7(1),AU-7(1).1,AU-7(a),AU-14(1),AU-14(1).1,CM-6(b),CM-6.1(iv),MA-4(1)(a)
+-    stigid@rhel8: RHEL-08-030381
++    stigid@almalinux8: RHEL-08-030381
+ 
+ ocil: |-
+     {{{ ocil_service_enabled(service="auditd") }}}
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
+index 308ae9cb..514343ac 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhel8,rhel9
++prodtype: ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure kernel to trust the CPU random number generator'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+index 6201af25..49aa91dc 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable Kernel Page-Table Isolation (KPTI)'
+ 
+@@ -27,7 +27,7 @@ references:
+     disa: CCI-000381
+     nist: SI-16
+     srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040004
++    stigid@almalinux8: RHEL-08-040004
+ 
+ ocil_clause: 'Kernel page-table isolation is not enabled'
+ 
+@@ -54,9 +54,9 @@ warnings:
+         
    ~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    
+         
  • On UEFI-based machines, issue the following command as root:
+ {{% if product in ["rhel8", "ol8"] %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% endif %}}
+         
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh
+index f9b42970..2f0e238f 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh
++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ 
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Removes pti argument from kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh
+index dfebbbf7..25a0020c 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh
++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) pti=on"
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh
+index b4dd962b..c4092a2d 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the pti argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+index 6e020eb0..9e9156b8 100644
+--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable vsyscalls'
+ 
+@@ -26,7 +26,7 @@ references:
+     disa: CCI-001084
+     nist: CM-7(a)
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
+-    stigid@rhel8: RHEL-08-010422
++    stigid@almalinux8: RHEL-08-010422
+ 
+ ocil_clause: 'vsyscalls are enabled'
+ 
+@@ -53,9 +53,9 @@ warnings:
+         
    ~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    
+         
  • On UEFI-based machines, issue the following command as root:
+ {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% endif %}}
+         
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
+index ac36a68b..0979c2a8 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
+index 520d00ec..ecf99a1b 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
+index 9df7baf2..9943577a 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
+index bb2f1bae..728adcca 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Set the Boot Loader Admin Username to a Non-Default Value'
+ 
+@@ -49,7 +49,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010480
+     stigid@rhel7: RHEL-07-010480
+-    stigid@rhel8: RHEL-08-010149
++    stigid@almalinux8: RHEL-08-010149
+ 
+ ocil_clause: 'it does not'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml
+index c2b738aa..4bbff3f3 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019
+ 
+ title: 'Boot Loader Is Not Installed On Removeable Media'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+index 9936aaa6..a7af891e 100644
+--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Set Boot Loader Password in grub2'
+ 
+@@ -66,7 +66,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010482
+     stigid@rhel7: RHEL-07-010482
+-    stigid@rhel8: RHEL-08-010150
++    stigid@almalinux8: RHEL-08-010150
+     stigid@sle12: SLES-12-010430
+     stigid@sle15: SLES-15-010190
+     stigid@ubuntu2004: UBTU-20-010009
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
+index f44e85a0..96feebbd 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
+@@ -1,20 +1,20 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership'
+ 
+ description: |-
+ {{%- if product == "fedora" %}}
+-    The file /boot/efi/EFI/fedora/grub.cfg should
++    The file /boot/efi/EFI/almalinux/grub.cfg should
+     be group-owned by the root group to prevent
+     destruction or modification of the file.
+-    {{{ describe_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}}
++    {{{ describe_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
+ {{% else %}}
+-    The file /boot/efi/EFI/redhat/grub.cfg should
++    The file /boot/efi/EFI/almalinux/grub.cfg should
+     be group-owned by the root group to prevent
+     destruction or modification of the file.
+-    {{{ describe_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
++    {{{ describe_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
+ {{%- endif %}}
+ 
+ rationale: |-
+@@ -44,16 +44,16 @@ references:
+ 
+ ocil_clause: |-
+ {{%- if product == "fedora" %}}
+-    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}}
++    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
+ {{% else %}}
+-    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
++    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
+ {{%- endif %}}
+ 
+ ocil: |-
+ {{%- if product == "fedora" %}}
+-    {{{ ocil_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}}
++    {{{ ocil_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
+ {{% else %}}
+-    {{{ ocil_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
++    {{{ ocil_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
+ {{%- endif %}}
+ 
+ platform: machine
+@@ -61,6 +61,6 @@ platform: machine
+ template:
+     name: file_groupowner
+     vars:
+-        filepath: /boot/efi/EFI/redhat/grub.cfg
+-        filepath@fedora: /boot/efi/EFI/fedora/grub.cfg
++        filepath: /boot/efi/EFI/almalinux/grub.cfg
++        filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg
+         filegid: '0'
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
+index a9468d00..b4ee87fe 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
+@@ -1,20 +1,20 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Verify the UEFI Boot Loader grub.cfg User Ownership'
+ 
+ description: |-
+ {{%- if product == "fedora" %}}
+-    The file /boot/efi/EFI/fedora/grub.cfg should
++    The file /boot/efi/EFI/almalinux/grub.cfg should
+     be owned by the root user to prevent destruction
+     or modification of the file.
+-    {{{ describe_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}}
++    {{{ describe_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
+ {{% else %}}
+-    The file /boot/efi/EFI/redhat/grub.cfg should
++    The file /boot/efi/EFI/almalinux/grub.cfg should
+     be owned by the root user to prevent destruction
+     or modification of the file.
+-    {{{ describe_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
++    {{{ describe_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
+ {{%- endif %}}
+ 
+ rationale: 'Only root should be able to modify important boot parameters.'
+@@ -42,16 +42,16 @@ references:
+ 
+ ocil_clause: |-
+ {{%- if product == "fedora" %}}
+-    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}}
++    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
+ {{% else %}}
+-    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
++    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
+ {{%- endif %}}
+ 
+ ocil: |-
+ {{%- if product == "fedora" %}}
+-    {{{ ocil_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}}
++    {{{ ocil_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
+ {{% else %}}
+-    {{{ ocil_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
++    {{{ ocil_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
+ {{%- endif %}}
+ 
+ platform: machine
+@@ -59,6 +59,6 @@ platform: machine
+ template:
+     name: file_owner
+     vars:
+-        filepath: /boot/efi/EFI/redhat/grub.cfg
+-        filepath@fedora: /boot/efi/EFI/fedora/grub.cfg
++        filepath: /boot/efi/EFI/almalinux/grub.cfg
++        filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg
+         fileuid: '0'
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
+index bc4fdcc7..75c8c2c2 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
+@@ -1,16 +1,16 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Verify the UEFI Boot Loader grub.cfg Permissions'
+ 
+ description: |-
+ {{%- if product == "fedora" %}}
+-    File permissions for /boot/efi/EFI/fedora/grub.cfg should be set to 700.
+-    {{{ describe_file_permissions(file="/boot/efi/EFI/fedora/grub.cfg", perms="700") }}}
++    File permissions for /boot/efi/EFI/almalinux/grub.cfg should be set to 700.
++    {{{ describe_file_permissions(file="/boot/efi/EFI/almalinux/grub.cfg", perms="700") }}}
+ {{% else %}}
+-    File permissions for /boot/efi/EFI/redhat/grub.cfg should be set to 700.
+-    {{{ describe_file_permissions(file="/boot/efi/EFI/redhat/grub.cfg", perms="700") }}}
++    File permissions for /boot/efi/EFI/almalinux/grub.cfg should be set to 700.
++    {{{ describe_file_permissions(file="/boot/efi/EFI/almalinux/grub.cfg", perms="700") }}}
+ {{%- endif %}}
+ 
+ rationale: |-
+@@ -40,11 +40,11 @@ ocil_clause: 'it does not'
+ 
+ ocil: |-
+ {{%- if product == "fedora" %}}
+-    To check the permissions of /boot/efi/EFI/fedora/grub.cfg, run the command:
+-    
    $ sudo ls -lL /boot/efi/EFI/fedora/grub.cfg
    
++    To check the permissions of /boot/efi/EFI/almalinux/grub.cfg, run the command:
++    
    $ sudo ls -lL /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-    To check the permissions of /boot/efi/EFI/redhat/grub.cfg, run the command:
+-    
    $ sudo ls -lL /boot/efi/EFI/redhat/grub.cfg
    
++    To check the permissions of /boot/efi/EFI/almalinux/grub.cfg, run the command:
++    
    $ sudo ls -lL /boot/efi/EFI/almalinux/grub.cfg
    
+ {{%- endif %}}
+     If properly configured, the output should indicate the following
+     permissions: -rwx------
+@@ -54,6 +54,6 @@ platform: machine
+ template:
+     name: file_permissions
+     vars:
+-        filepath: /boot/efi/EFI/redhat/grub.cfg
+-        filepath@fedora: /boot/efi/EFI/fedora/grub.cfg
++        filepath: /boot/efi/EFI/almalinux/grub.cfg
++        filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg
+         filemode: '0700'
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml
+index 8545e8ab..9583e7fe 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/oval/shared.xml
+@@ -1,7 +1,7 @@
+ {{% if product == "fedora" %}}
+-{{% set grub_cfg_prefix = "/boot/efi/EFI/fedora" %}}
++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}}
+ {{% else %}}
+-{{% set grub_cfg_prefix = "/boot/efi/EFI/redhat" %}}
++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}}
+ {{% endif %}}
+ 
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
+index 8a98cbdc..6b4af975 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Set the UEFI Boot Loader Admin Username to a Non-Default Value'
+ 
+@@ -20,7 +20,7 @@ description: |-
+     Once the superuser account has been added,
+     update the
+     grub.cfg file by running:
+-    
    grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    
++    
    grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ 
+ rationale: |-
+     Having a non-default grub superuser username makes password-guessing attacks less effective.
+@@ -56,7 +56,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010490
+     stigid@rhel7: RHEL-07-010490
+-    stigid@rhel8: RHEL-08-010141
++    stigid@almalinux8: RHEL-08-010141
+ 
+ ocil_clause: 'it does not'
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
+index 230aab73..5c728f6b 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
+@@ -1,7 +1,7 @@
+ {{% if product == "fedora" %}}
+-{{% set grub_cfg_prefix = "/boot/efi/EFI/fedora" %}}
++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}}
+ {{% else %}}
+-{{% set grub_cfg_prefix = "/boot/efi/EFI/redhat" %}}
++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}}
+ {{% endif %}}
+ 
+ 
+@@ -31,7 +31,7 @@
+     1
+       
+ 
+-  
++  
+     
+   
+   
+@@ -40,7 +40,7 @@
+     1
+   
+ 
+-  
++  
+     
+   
+   
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+index cb0d60c3..bda0208e 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Set the UEFI Boot Loader Password'
+ 
+@@ -34,7 +34,7 @@ description: |-
+     {{% elif product in ["sle12", "sle15"] %}}
+     
    grub2-mkconfig -o /boot/efi/EFI/sles/grub.cfg
    
+     {{% else %}}
+-    
    grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    
++    
    grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+     {{% endif %}}
+ 
+ rationale: |-
+@@ -71,7 +71,7 @@ references:
+     srg: SRG-OS-000080-GPOS-00048
+     stigid@ol7: OL07-00-010491
+     stigid@rhel7: RHEL-07-010491
+-    stigid@rhel8: RHEL-08-010140
++    stigid@almalinux8: RHEL-08-010140
+     stigid@sle12: SLES-12-010440
+     stigid@sle15: SLES-15-010200
+     stigid@ubuntu2004: UBTU-20-010009
+@@ -102,7 +102,7 @@ ocil: |-
+     The output should contain something similar to:
+     
    password_pbkdf2 root grub.pbkdf2.sha512.10000.MFU48934NJA87HF8NSD34493GDHF84NG
    
+     {{% else %}}
+-    
    sudo cat /boot/efi/EFI/redhat/user.cfg
    
++    
    sudo cat /boot/efi/EFI/almalinux/user.cfg
    
+     The output should be similar to:
+     
    GRUB2_PASSWORD=grub.pbkdf2.sha512.10000.C4E08AC72FBFF7E837FD267BFAD7AEB3D42DDC
+     2C99F2A94DD5E2E75C2DC331B719FE55D9411745F82D1B6CFD9E927D61925F9BBDD1CFAA0080E0
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml
+index 72872d90..57b77cc8 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/oval/shared.xml
+@@ -1,7 +1,7 @@
+ {{% if product == "fedora" %}}
+-{{% set grub_cfg_prefix = "/boot/efi/EFI/fedora" %}}
++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}}
+ {{% else %}}
+-{{% set grub_cfg_prefix = "/boot/efi/EFI/redhat" %}}
++{{% set grub_cfg_prefix = "/boot/efi/EFI/almalinux" %}}
+ {{% endif %}}
+ 
+ 
+diff --git a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml
+index 051dd5b5..f7b08d5b 100644
+--- a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml
++++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'UEFI Boot Loader Is Not Installed On Removeable Media'
+ 
+@@ -31,7 +31,7 @@ ocil_clause: 'it is not'
+ ocil: |-
+     To verify the system is not configured to use a boot loader on removable media,
+     run the following command:
+-    
    $ sudo grep "set root='hd0" /boot/efi/EFI/redhat/grub.cfg
    
++    
    $ sudo grep "set root='hd0" /boot/efi/EFI/almalinux/grub.cfg
    
+     The output should return something similar to:
+     
    set root='hd0,msdos1'
    
+     usb0, cd, fd0, etc. are some examples of removeable
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
+index 483e0cf9..6b3f90d7 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9,ubuntu2004
++prodtype: rhcos4,rhel8,almalinux8,rhel9,ubuntu2004
+ 
+ title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL'
+ 
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
+index 7a828837..d13ae7f5 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Make sure boot loader entries contain audit=1
+ for file in /boot/loader/entries/*.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
+index 3af83d30..28a0af73 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Make sure boot loader entries contain audit=1
+ for file in /boot/loader/entries/*.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
+index 5650cc0a..1ee37320 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Remove audit=1 from all boot entries
+ sed -Ei 's/(^options.*\s)audit=1(.*?)$/\1\2/' /boot/loader/entries/*
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
+index 6d76e896..05d75257 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9,ubuntu2004
++prodtype: rhcos4,rhel8,almalinux8,rhel9,ubuntu2004
+ 
+ title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL'
+ 
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
+index 56b634d4..3ad83680 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9
++prodtype: rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure all zIPL boot entries are BLS compliant'
+ 
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
+index e3adb996..13e5314b 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ # Make sure no image configured in zipl config file
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
+index 47626442..2a88d2ab 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ # Make sure no image configured in zipl config file
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
+index 7f2be356..80f8b55f 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
+index 6c7e3396..b23d9d8c 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9
++prodtype: rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure zIPL bootmap is up to date'
+ 
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
+index 728c6b7b..b06f989e 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ touch /etc/zipl.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
+index 1ae4d631..0f115566 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ touch /boot/loader/entries/*.conf # Update current existing entries
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
+index 7981ba8c..8bfdce20 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
++++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # remediation = none
+ 
+ touch /etc/zipl.conf
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
+index a763429f..a0e5a7ba 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9
++prodtype: rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure SELinux Not Disabled in zIPL'
+ 
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
+index 0cd61ae2..0d87202c 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9
++prodtype: rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable page allocator poisoning in zIPL'
+ 
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
+index df0f6c3e..0f1501c9 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9
++prodtype: rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable SLUB/SLAB allocator poisoning in zIPL'
+ 
+diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
+index 52b192ff..7a10e35b 100644
+--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
++++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhcos4,rhel8,rhel9
++prodtype: rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable vsyscalls in zIPL'
+ 
+diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml
+index 555d53cb..9c53ce53 100644
+--- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml
++++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8
++prodtype: fedora,rhel7,rhel8,almalinux8
+ 
+ title: 'Configure Logwatch HostLimit Line'
+ 
+diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml
+index 405034e9..c1cab9d3 100644
+--- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml
++++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8
++prodtype: fedora,rhel7,rhel8,almalinux8
+ 
+ title: 'Configure Logwatch SplitHosts Line'
+ 
+diff --git a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml
+index 245b9fa8..60ad4244 100644
+--- a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml
++++ b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8
++prodtype: fedora,rhel7,rhel8,almalinux8
+ 
+ title: 'Disable Logwatch on Clients if a Logserver Exists'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
+index bae2c025..e279577c 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux
+ 
+ if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then
+ 	mkdir -p /etc/rsyslog.d
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
+index c627f52f..7cbe53cb 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Ensure cron Is Logging To Rsyslog'
+ 
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021100
+     stigid@rhel7: RHEL-07-021100
+-    stigid@rhel8: RHEL-08-030010
++    stigid@almalinux8: RHEL-08-030010
+ 
+ ocil_clause: 'cron is not logging to rsyslog'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
+index 637f9000..5adf93ef 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
+index 71d312f3..6005c2ed 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
+index beaf8ce9..d8a4b01d 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
+@@ -25,7 +25,7 @@ references:
+     disa: CCI-001851
+     nist: AU-4(1)
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+-    stigid@rhel8: RHEL-08-030720
++    stigid@almalinux8: RHEL-08-030720
+ 
+ 
+ ocil_clause: '$ActionSendStreamDriverAuthMode in /etc/rsyslog.conf is not set to x509/name'
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
+index bbd27a00..f8d1d6d5 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh
+index 36853d17..6d6132ec 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/bash/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ {{{ set_config_file(path="/etc/rsyslog.d/encrypt.conf",
+              parameter="\$ActionSendStreamDriverMode", value="1", create=true, separator=" ", separator_regex=" ")
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
+index 1bcc3392..cdc0c221 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
+@@ -25,7 +25,7 @@ references:
+     disa: CCI-001851
+     nist: AU-4(1)
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+-    stigid@rhel8: RHEL-08-030710
++    stigid@almalinux8: RHEL-08-030710
+ 
+ ocil_clause: 'rsyslogd ActionSendStreamDriverMode not set to 1'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
+index b215daae..457d0150 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh
+index 3955346c..b41b8619 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/bash/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ {{{ set_config_file(path="/etc/rsyslog.d/encrypt.conf",
+                     parameter="\$DefaultNetstreamDriver", value="gtls", create=true, separator=" ", separator_regex=" ")
+ }}}
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
+index eff85d3f..a64f17da 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
+@@ -25,7 +25,7 @@ references:
+     disa: CCI-001851
+     nist: AU-4(1)
+     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
+-    stigid@rhel8: RHEL-08-030710
++    stigid@almalinux8: RHEL-08-030710
+ 
+ ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls'
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
+index 9e3dd5bc..4f352cd4 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check rsyslog.conf with root group-owner log from rules and
+ # non root group-owner log from $IncludeConfig fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
+index 5954bffe..fa931512 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check rsyslog.conf with root group-owner log from rules and
+ # root group-owner log from $IncludeConfig passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
+index d45aa949..16e65401 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root group-owner log from rules and
+ # non root group-owner log from include() fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
+index 8d401167..33d41ce2 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root group-owner log from rules and
+ # root group-owner log from include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+index 29c36cd9..2a51f6b6 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root group-owner log from rules and
+ # non root group-owner log from include() fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+index 786a0497..8edd25b1 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root group-owner log from rules and
+ # root group-owner log from include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
+index dd8dbf4d..dcbbc80f 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root group-owner log from rules and
+ # root group-owner log from multiline include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
+index 85d125d6..9871fd3b 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check if log file with non root group-owner in rsyslog.conf fails.
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
+index 233bf313..1b1fd744 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check if log file with root group-owner in rsyslog.conf passes.
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
+index c7aba8d3..d748f0c3 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check rsyslog.conf with root user log from rules and
+ # non root user log from $IncludeConfig fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
+index c2d09af9..22f71719 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check rsyslog.conf with root user log from rules and
+ # root user log from $IncludeConfig passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
+index cee56549..8e6d8185 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root user log from rules and
+ # non root user log from include() fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
+index 6d0efc3b..ae232ac2 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root user log from rules and
+ # root user log from include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+index 713abe75..999d0b0f 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root user log from rules and
+ # non root user log from include() fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+index 8facc53b..796fe420 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root user log from rules and
+ # root user log from include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
+index c3a74aa2..7a1a743c 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with root user log from rules and
+ # root user log from multiline include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
+index c9768fc1..2d94ac8d 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check if log file with non root user in rsyslog.conf fails.
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
+index f61f9f63..dd6504a7 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check if log file with root user in rsyslog.conf passes.
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+index d9c2f79e..be4b4adc 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ # List of log file paths to be inspected for correct permissions
+ # * Primarily inspect log file paths listed in /etc/rsyslog.conf
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
+index 3bb5818d..ffc31bc3 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check rsyslog.conf with log file permissions 0600 from rules and
+ # log file permissions 0600 from $IncludeConfig passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
+index 2ae5c89a..f4133e40 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check rsyslog.conf with log file permissions 0600 from rules and
+ # log file permissions 0601 from $IncludeConfig fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
+index 358789c7..ff2e6ce4 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with log file permissions 0600 from rules and
+ # log file permissions 0600 from multiline include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
+index 0bd8212e..29c34e67 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with log file permissions 0600 from rules and
+ # log file permissions 0600 from include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
+index 357d4f97..2f4ea8df 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with log file permisssions 0600 from rules and
+ # log file permissions 0600 from include() passes.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
+index 7bdb830c..70025baa 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with log file permisssions 0600 from rules and
+ # log file permissions 0601 from include() fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
+index fd3f9e92..3b31950c 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ 
+ # Check rsyslog.conf with log file permissions 0600 from rules and
+ # log file permissions 0601 from include() fails.
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
+index e5111873..a2ea391f 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check if log file with permissions 0600 in rsyslog.conf passes.
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
+index 89d1e26c..7141e0da 100755
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ 
+ # Check if log file with permissions 0601 in rsyslog.conf fails.
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml
+index e0fa3b85..b8e50afb 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/bash/shared.sh
+index 5bf1641d..1de75c44 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/bash/shared.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
+ 
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
+index 82d8ba5b..478e6e46 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel8,ubuntu2004
++prodtype: fedora,rhel8,almalinux8,ubuntu2004
+ 
+ title: 'Ensure remote access methods are monitored in Rsyslog'
+ 
+@@ -30,7 +30,7 @@ references:
+     disa: CCI-000067
+     nist: AC-17(1)
+     srg: SRG-OS-000032-GPOS-00013
+-    stigid@rhel8: RHEL-08-010070
++    stigid@almalinux8: RHEL-08-010070
+     stigid@ubuntu2004: UBTU-20-010403
+ 
+ ocil_clause: 'remote access methods are not logging to rsyslog'
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh
+index aa1c190f..ddcd133c 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
+ RSYSLOG_CONF='/etc/rsyslog.conf'
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh
+index e36e21ad..71903c8b 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
+ RSYSLOG_CONF='/etc/rsyslog.conf'
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh
+index 86371c46..2e418bfe 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
+ RSYSLOG_CONF='/etc/rsyslog.conf'
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh
+index 46ea1de0..4aa7b2d6 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
+ RSYSLOG_CONF='/etc/rsyslog.conf'
+diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
+index 859ea93e..9b9ea07f 100644
+--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
++++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
+index 14559afc..b4a65f7e 100644
+--- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
++++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure rsyslog-gnutls is installed'
+ 
+@@ -23,7 +23,7 @@ references:
+     disa: CCI-000366
+     ospp: FTP_ITC_EXT.1.1
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
+-    stigid@rhel8: RHEL-08-030680
++    stigid@almalinux8: RHEL-08-030680
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+index cd66059c..59cfba27 100644
+--- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
++++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+@@ -30,7 +30,7 @@ references:
+     nist: CM-6(a)
+     nist-csf: PR.PT-1
+     srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-030670
++    stigid@almalinux8: RHEL-08-030670
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+index 2a9e1a9f..de765d95 100644
+--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
++++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server'
+ 
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
+index 74270442..8e8c6fdb 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
+index 836f0af2..78aba4d8 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux
+ 
+ . /usr/share/scap-security-guide/remediation_functions
+ 
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+index 5290a921..5852f5c5 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+@@ -62,7 +62,7 @@ references:
+     srg: SRG-OS-000479-GPOS-00224,SRG-OS-000480-GPOS-00227,SRG-OS-000342-GPOS-00133
+     stigid@ol7: OL07-00-031000
+     stigid@rhel7: RHEL-07-031000
+-    stigid@rhel8: RHEL-08-030690
++    stigid@almalinux8: RHEL-08-030690
+     stigid@sle12: SLES-12-030340
+     stigid@sle15: SLES-15-010580
+     vmmsrg: SRG-OS-000032-VMM-000130
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml
+index 9f30722a..349e61a8 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure TLS for rsyslog remote logging'
+ 
+diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
+index 0765a5db..ea7e8f37 100644
+--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
++++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure CA certificate for rsyslog remote logging'
+ 
+diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+index 04349e68..ab481838 100644
+--- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
++++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+@@ -32,7 +32,7 @@ references:
+     nist: CM-6(a),AU-4(1)
+     nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.DS-4,PR.PT-1
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010561
++    stigid@almalinux8: RHEL-08-010561
+     stigid@ubuntu2004: UBTU-20-010432
+ 
+ ocil: |-
+diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+index 25c930f8..9408fd6a 100644
+--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
+ 
+ title: 'Install firewalld Package'
+ 
+@@ -26,7 +26,7 @@ references:
+     nist: CM-6(a)
+     nist@sle15: CM-7,CM-7.1(iii),CM-7(b),AC-17(1)
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000298-GPOS-00116,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00232
+-    stigid@rhel8: RHEL-08-040100
++    stigid@almalinux8: RHEL-08-040100
+     stigid@sle15:  SLES-15-010220
+ 
+ ocil_clause: 'the package is not installed'
+diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+index 42849bdd..36ccd8b3 100644
+--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019
+ 
+ title: 'Verify firewalld Enabled'
+ 
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00231,SRG-OS-000480-GPOS-00232
+     stigid@ol7: OL07-00-040520
+     stigid@rhel7: RHEL-07-040520
+-    stigid@rhel8: RHEL-08-040101
++    stigid@almalinux8: RHEL-08-040101
+     stigid@sle15: SLES-15-010220
+ 
+ ocil: |-
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh
+index 0a698d3c..951e20e6 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_wrlinux,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_wrlinux,multi_platform_ol
+ # reboot = false
+ # complexity = low
+ # strategy = configure
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+index 8e49a685..47fb488d 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Configure the Firewalld Ports'
+ 
+@@ -53,7 +53,7 @@ references:
+     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115
+     stigid@ol7: OL07-00-040100
+     stigid@rhel7: RHEL-07-040100
+-    stigid@rhel8: RHEL-08-040030
++    stigid@almalinux8: RHEL-08-040030
+     vmmsrg: SRG-OS-000096-VMM-000490,SRG-OS-000480-VMM-002000
+ 
+ ocil_clause: 'the default rules are not configured'
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
+index 787eb697..b507337f 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
+diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+index f4d78fb7..41f0d78d 100644
+--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Set Default firewalld Zone for Incoming Packets'
+ 
+diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
+index 8d93bae8..08c7a78e 100644
+--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
++++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Verify Any Configured IPSec Tunnel Connections'
+ 
+diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
+index e89f9e0a..c9984c96 100644
+--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
++++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install libreswan Package'
+ 
+diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
+index 9f0b8595..970f04af 100644
+--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
++++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu2004
+ 
+ title: 'Install iptables Package'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml
+index 23dfed41..e90a8c6a 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Manually Assign IPv6 Router Address'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
+index d787fbbb..d209806d 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ # enable randomness in ipv6 address generation
+ for interface in /etc/sysconfig/network-scripts/ifcfg-*
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml
+index 5d554b2c..fad68a9b 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Use Privacy Extensions for Address'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml
+index aac0fae4..ca69e4d4 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Manually Assign Global IPv6 Address'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
+index 87306fed..88e2884b 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+index 25b5c181..cfed7838 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces'
+ 
+@@ -31,7 +31,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a)
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040261
++    stigid@almalinux8: RHEL-08-040261
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
+index 979201fc..07de17fc 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
+index d430df13..544c2b3f 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
+index 8c009414..6b7852da 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
+index 8792fc66..2c7c4b02 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+index a00665a2..86192222 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces'
+ 
+@@ -33,7 +33,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),CM-6(b),CM-6.1(iv)
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040280
++    stigid@almalinux8: RHEL-08-040280
+     stigid@sle12: SLES-12-030363
+     stigid@sle15: SLES-15-040341
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
+index e222b1c8..85b92ce9 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+index dd6762af..a712db98 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces'
+ 
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040830
+     stigid@rhel7: RHEL-07-040830
+-    stigid@rhel8: RHEL-08-040240
++    stigid@almalinux8: RHEL-08-040240
+     stigid@sle12: SLES-12-030361
+     stigid@sle15: SLES-15-040310
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
+index d0b011dd..4716dde4 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Auto Configuration on All IPv6 Interfaces
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+index 0ec0a894..8de42a0d 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Disable Kernel Parameter for IPv6 Forwarding'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
+index 038d4b2e..e832c9bc 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml
+index 697718ee..01b7652c 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure Denying Router Solicitations on All IPv6 Interfaces'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
+index 4ed2c480..f59b6d7c 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+index 987a5964..56027dac 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default'
+ 
+@@ -31,7 +31,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a)
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040262
++    stigid@almalinux8: RHEL-08-040262
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
+index 2da8c426..4d247fed 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
+index 2865601d..2b7a44e8 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
+index 6de9820b..e9f91a67 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
+index 845b013e..063776b8 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+index cbab4262..90921aca 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces'
+ 
+@@ -35,7 +35,7 @@ references:
+     nist@sle12: CM-6(b),CM-6.1(iv)
+     nist@sle15: CM-6(b),CM-6.1(iv)
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040210
++    stigid@almalinux8: RHEL-08-040210
+     stigid@sle12: SLES-12-030401
+     stigid@sle15: SLES-15-040350
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
+index e2951d84..0335df12 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+index 4cf3114d..73e9ff4a 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default'
+ 
+@@ -41,7 +41,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),CM-6(b),CM-6.1(iv)
+     nist-csf: DE.AE-1,ID.AM-3,PR.AC-5,PR.DS-5,PR.PT-4
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040250
++    stigid@almalinux8: RHEL-08-040250
+     stigid@sle12: SLES-12-030362
+     stigid@sle15: SLES-15-040321
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
+index 95a023ef..b0e039fc 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Auto Configuration on All IPv6 Interfaces By Default
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
+index d7795727..f7627692 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
+index d4eeebf7..16f3c9b5 100644
+--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure Denying Router Solicitations on All IPv6 Interfaces By Default'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
+index dae640f3..f3856b72 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15
+ 
+ title: 'Ensure IPv6 is disabled through kernel boot parameter'
+ 
+@@ -81,9 +81,9 @@ warnings:
+         
    sudo grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    
+         
  • On UEFI-based machines, issue the following command:
+ {{% if product in ["rhel7", "ol7", "rhel8", "ol8"] %}}
+-        
    sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++        
    sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-        
    sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    
++        
    sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% endif %}}
+         
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
+index 5d8daaa6..604dc02c 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Removes ipv6.disable argument from kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
+index 0e84a458..bf898a7c 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) ipv6.disable=1"
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
+index db339c35..38d2f0d6 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ # Break the ipv6.disable argument in kernel command line in /boot/grub2/grubenv
+ file="/boot/grub2/grubenv"
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml
+index 86299ffb..672d504a 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8
++prodtype: fedora,rhel7,rhel8,almalinux8
+ 
+ title: 'Disable Interface Usage of IPv6'
+ 
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
+index 48e71c26..5a54df85 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux
+ 
+ # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC
+ # services for NFSv4 from attempting to start IPv6 network listeners
+diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml
+index 2d0ac285..5d39af15 100644
+--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml
++++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhv4
++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Disable Support for RPC IPv6'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
+index 6bb6de13..1f0664a0 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+index 72604219..8de28223 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces'
+ 
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040641
+     stigid@rhel7: RHEL-07-040641
+-    stigid@rhel8: RHEL-08-040279
++    stigid@almalinux8: RHEL-08-040279
+     stigid@sle12: SLES-12-030390 
+     stigid@sle15: SLES-15-040330
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
+index b3d72bb4..b89b8a35 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+index f92772eb..b9d6c47f 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces'
+ 
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040610
+     stigid@rhel7: RHEL-07-040610
+-    stigid@rhel8: RHEL-08-040239
++    stigid@almalinux8: RHEL-08-040239
+     stigid@sle12: SLES-12-030360
+     stigid@sle15: SLES-15-040300
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
+index 70e767cc..fbe1a27a 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
+index 9e12c3be..04a02b4b 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
+index c64da37a..08535e5a 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+index 65475174..c76045ae 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces'
+ 
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040611
+     stigid@rhel7: RHEL-07-040611
+-    stigid@rhel8: RHEL-08-040285
++    stigid@almalinux8: RHEL-08-040285
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.rp_filter", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
+index 8b075d55..0dd17a34 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+index 848212c7..e3f75c97 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
+index 2bfbd9e4..8ea37100 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+index bee6c117..da0c1f33 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces'
+ 
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040640
+     stigid@rhel7: RHEL-07-040640
+-    stigid@rhel8: RHEL-08-040209
++    stigid@almalinux8: RHEL-08-040209
+     stigid@sle12: SLES-12-030400
+     stigid@sle15: SLES-15-040340
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
+index aa7d1562..08668d03 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+index b1e7f247..85712b15 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default'
+ 
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040620
+     stigid@rhel7: RHEL-07-040620
+-    stigid@rhel8: RHEL-08-040249
++    stigid@almalinux8: RHEL-08-040249
+     stigid@sle12: SLES-12-030370
+     stigid@sle15: SLES-15-040320
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
+index 3a60ab17..728ddb81 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
+index 178da20d..9aab00f9 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
+index b6e53de3..0b652c7c 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
+index 27d83ac0..b8f91445 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
+index aeb67c4e..f47a8ab6 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
+index 3adb5b6f..1a97fded 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
+index 52d74441..08c8c256 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+index 3a998d31..ee20d599 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces'
+ 
+@@ -41,7 +41,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040630
+     stigid@rhel7: RHEL-07-040630
+-    stigid@rhel8: RHEL-08-040230
++    stigid@almalinux8: RHEL-08-040230
+     stigid@sle12: SLES-12-030380  
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}}
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
+index 9e3a85af..d4f4d31c 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+index f7f5d3c4..0107424b 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
+index 84bb9162..293a5c85 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Set Kernel Parameter to Increase Local Port Range'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
+index 552b2138..f30fc8cb 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,wrlinux1019
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,wrlinux1019
+ 
+ title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
+index b70279f6..d07baa1e 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
+index 0c8dae78..a26df0c5 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+index 8f557dce..bd4cb580 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Enable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces'
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
+index ea1db12f..5d8b19f6 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+index 96be007c..03895e9b 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces'
+ 
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040660
+     stigid@rhel7: RHEL-07-040660
+-    stigid@rhel8: RHEL-08-040220
++    stigid@almalinux8: RHEL-08-040220
+     stigid@sle12: SLES-12-030420 
+     stigid@sle15: SLES-15-040370
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
+index b54e3d12..125464d7 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+index bc666de8..03751ecb 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default'
+ 
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040650
+     stigid@rhel7: RHEL-07-040650
+-    stigid@rhel8: RHEL-08-040270
++    stigid@almalinux8: RHEL-08-040270
+     stigid@sle12: SLES-12-030410 
+     stigid@sle15: SLES-15-040360
+ 
+diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+index 950c2ebe..a916d46b 100644
+--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
++++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces'
+ 
+@@ -41,7 +41,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040740
+     stigid@rhel7: RHEL-07-040740
+-    stigid@rhel8: RHEL-08-040260
++    stigid@almalinux8: RHEL-08-040260
+     stigid@sle12: SLES-12-030430 
+     stigid@sle15: SLES-15-040380
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
+index 7d08edf8..f83779e3 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+index 5c077bb3..3001d34a 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable ATM Support'
+ 
+@@ -26,7 +26,7 @@ references:
+     disa: CCI-000381
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040021
++    stigid@almalinux8: RHEL-08-040021
+ 
+ {{{ complete_ocil_entry_module_disable(module="atm") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
+index 6f5805e5..0ca4ab3b 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+index f4d9e23b..df5e95d5 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable CAN Support'
+ 
+@@ -26,7 +26,7 @@ references:
+     disa: CCI-000381
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040022
++    stigid@almalinux8: RHEL-08-040022
+ 
+ {{{ complete_ocil_entry_module_disable(module="can") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
+index 64f8d808..19109457 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable DCCP Support'
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
+index 61aed859..03f41b72 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+index fb29a467..0d9f26fa 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable IEEE 1394 (FireWire) Support'
+ 
+@@ -25,7 +25,7 @@ references:
+     disa: CCI-000381
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040026
++    stigid@almalinux8: RHEL-08-040026
+ 
+ {{{ complete_ocil_entry_module_disable(module="firewire-core") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
+index 28b8952d..6e3e064a 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+index ddcb6c2a..95093c78 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
+ 
+ title: 'Disable SCTP Support'
+ 
+@@ -38,7 +38,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a)
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040023
++    stigid@almalinux8: RHEL-08-040023
+ 
+ {{{ complete_ocil_entry_module_disable(module="sctp") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
+index 9761ea78..b98652b4 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+index 18e56df4..153d5de7 100644
+--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+@@ -41,7 +41,7 @@ references:
+     nist-csf: PR.IP-1,PR.PT-3
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040024
++    stigid@almalinux8: RHEL-08-040024
+ 
+ {{{ complete_ocil_entry_module_disable(module="tipc") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
+index 5aaafd12..9d05d0c5 100644
+--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+index d277db69..6e6f73db 100644
+--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable Bluetooth Kernel Module'
+ 
+@@ -36,7 +36,7 @@ references:
+     nist: AC-18(a),AC-18(3),CM-7(a),CM-7(b),CM-6(a),MP-7
+     nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000300-GPOS-00118
+-    stigid@rhel8: RHEL-08-040111
++    stigid@almalinux8: RHEL-08-040111
+ 
+ {{{ complete_ocil_entry_module_disable(module="bluetooth") }}}
+ 
+diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
+index c7f84c6b..d9482708 100644
+--- a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhv4,rhcos4
++prodtype: fedora,rhel7,rhel8,almalinux8,rhv4,rhcos4
+ 
+ title: 'Disable Bluetooth Service'
+ 
+diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
+index 6a541594..8c47fed5 100644
+--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
+ 
+ title: 'Disable WiFi or Bluetooth in BIOS'
+ 
+diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+index df5d92d8..559288dd 100644
+--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
++++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Deactivate Wireless Network Interfaces'
+ 
+@@ -60,7 +60,7 @@ references:
+     srg: SRG-OS-000299-GPOS-00117,SRG-OS-000300-GPOS-00118,SRG-OS-000424-GPOS-00188,SRG-OS-000481-GPOS-000481
+     stigid@ol7: OL07-00-041010
+     stigid@rhel7: RHEL-07-041010
+-    stigid@rhel8: RHEL-08-040110
++    stigid@almalinux8: RHEL-08-040110
+     stigid@sle12: SLES-12-030450
+     stigid@sle15: SLES-15-010380
+     stigid@ubuntu2004: UBTU-20-010455
+diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+index d3f2eda7..0e99012d 100644
+--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
++++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019
+ 
+ title: 'Configure Multiple DNS Servers in /etc/resolv.conf'
+ 
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040600
+     stigid@rhel7: RHEL-07-040600
+-    stigid@rhel8: RHEL-08-010680
++    stigid@almalinux8: RHEL-08-010680
+ 
+ ocil_clause: 'it does not exist or is not properly configured or less than 2 ''nameserver'' entries exist'
+ 
+diff --git a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
+index 06a84a9d..dba6f82c 100644
+--- a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
++++ b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8
++prodtype: rhel7,rhel8,almalinux8
+ 
+ title: 'Disable Client Dynamic DNS Updates'
+ 
+diff --git a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
+index 6f2e6fa2..ea9c566f 100644
+--- a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
++++ b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
+@@ -1,2 +1,2 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+ echo "NOZEROCONF=yes" >> /etc/sysconfig/network
+diff --git a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
+index 34f6e07e..202330a7 100644
+--- a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
++++ b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8
++prodtype: fedora,rhel7,rhel8,almalinux8
+ 
+ title: 'Disable Zeroconf Networking'
+ 
+diff --git a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
+index 3f497dc7..f85aac04 100644
+--- a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
++++ b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv,multi_platform_fedora
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh b/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh
+index c3b0b981..cd447e5f 100644
+--- a/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh
++++ b/linux_os/guide/system/network/network_nmcli_permissions/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv,multi_platform_fedora
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
+index 1f0fde55..328daa0d 100644
+--- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
++++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli'
+ 
+diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+index 70136627..6ba1a58b 100644
+--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
++++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
+ 
+ title: 'Ensure System is Not Acting as a Network Sniffer'
+ 
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040670
+     stigid@rhel7: RHEL-07-040670
+-    stigid@rhel8: RHEL-08-040330
++    stigid@almalinux8: RHEL-08-040330
+     stigid@sle12: SLES-12-030440
+     stigid@sle15: SLES-15-040390
+ 
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
+index b49e8cd0..bbbdb90b 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019
++# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+index 65e4607a..2e44fecf 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Ensure All World-Writable Directories Are Owned by root user'
+ 
+@@ -27,7 +27,7 @@ references:
+     anssi: BP28(R40)
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010700
++    stigid@almalinux8: RHEL-08-010700
+ 
+ ocil_clause: 'there is output'
+ 
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
+index 92ad8c23..526a66e2 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_rhel
++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
+index e49942d1..426dc99c 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ df --local -P | awk '{if (NR!=1) print $6}' \
+ | xargs -I '{}' find '{}' -xdev -type d \
+ \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+index 7a65dde8..1d97b2c8 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+@@ -55,7 +55,7 @@ references:
+     nist: CM-6(a),AC-6(1)
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000138-GPOS-00069
+-    stigid@rhel8: RHEL-08-010190
++    stigid@almalinux8: RHEL-08-010190
+     stigid@sle12: SLES-12-010460
+     stigid@sle15: SLES-15-010300
+     stigid@ubuntu2004: UBTU-20-010411
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
+index 62c58d80..66a531b3 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019
+ 
+ title: 'Ensure All World-Writable Directories Are Owned by a System Account'
+ 
+diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+index 21023ce9..b90dc018 100644
+--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
++++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019,sle12,sle15
+ 
+ title: 'Ensure All World-Writable Directories Are Group Owned by a System Account'
+ 
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+index 1cde3ded..83ff7bc6 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel8
++prodtype: fedora,rhel8,almalinux8
+ 
+ title: 'Verify Permissions on /etc/audit/auditd.conf'
+ 
+@@ -25,7 +25,7 @@ references:
+     disa: CCI-000171
+     nist: AU-12(b)
+     srg: SRG-OS-000063-GPOS-00032
+-    stigid@rhel8: RHEL-08-030610
++    stigid@almalinux8: RHEL-08-030610
+ 
+ template:
+     name: file_permissions
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+index 34e1f303..7aa433ce 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel8
++prodtype: fedora,rhel8,almalinux8
+ 
+ title: 'Verify Permissions on /etc/audit/rules.d/*.rules'
+ 
+@@ -25,7 +25,7 @@ references:
+     disa: CCI-000171
+     nist: AU-12(b)
+     srg: SRG-OS-000063-GPOS-00032
+-    stigid@rhel8: RHEL-08-030610
++    stigid@almalinux8: RHEL-08-030610
+ 
+ template:
+     name: file_permissions
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
+index 7b2eb120..281ebad9 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
+@@ -2,7 +2,7 @@ documentation_complete: true
+ 
+ title: 'Ensure All SGID Executables Are Authorized'
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15,wrlinux1019,wrlinux8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15,wrlinux1019,wrlinux8
+ 
+ description: |-
+     The SGID (set group id) bit should be set only on files that were
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
+index 28fce50f..fc4289b4 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
+@@ -2,7 +2,7 @@ documentation_complete: true
+ 
+ title: 'Ensure All SUID Executables Are Authorized'
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15,wrlinux1019,wrlinux8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15,wrlinux1019,wrlinux8
+ 
+ description: |-
+     The SUID (set user id) bit should be set only on files that were
+diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+index 5cabb944..734bc3e7 100644
+--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
++++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
+ 
+ title: 'Ensure All Files Are Owned by a Group'
+ 
+@@ -48,7 +48,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020330
+     stigid@rhel7: RHEL-07-020330
+-    stigid@rhel8: RHEL-08-010790
++    stigid@almalinux8: RHEL-08-010790
+     stigid@sle12: SLES-12-010700
+     stigid@sle15: SLES-15-040410
+ 
+diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+index c090e80f..8845a095 100644
+--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
++++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Ensure All Files Are Owned by a User'
+ 
+@@ -49,7 +49,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020320
+     stigid@rhel7: RHEL-07-020320
+-    stigid@rhel8: RHEL-08-010780
++    stigid@almalinux8: RHEL-08-010780
+     stigid@sle12: SLES-12-010690
+     stigid@sle15: SLES-15-040400
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+index 5ddaf9f7..9d227a68 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+@@ -18,7 +18,7 @@ identifiers:
+ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+-    stigid@rhel8: RHEL-08-010260
++    stigid@almalinux8: RHEL-08-010260
+     stigid@ubuntu2004: UBTU-20-010417
+ 
+ ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log", group="root") }}}'
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+index 7fa97853..aab0c6f9 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+@@ -17,7 +17,7 @@ identifiers:
+ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+-    stigid@rhel8: RHEL-08-010230
++    stigid@almalinux8: RHEL-08-010230
+ 
+ ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}'
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+index b689df56..1062dd69 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+@@ -18,7 +18,7 @@ identifiers:
+ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+-    stigid@rhel8: RHEL-08-010250
++    stigid@almalinux8: RHEL-08-010250
+     stigid@ubuntu2004: UBTU-20-010418
+ 
+ ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log", owner="root") }}}'
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+index 786cdaaf..c0ee431a 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+@@ -17,7 +17,7 @@ identifiers:
+ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+-    stigid@rhel8: RHEL-08-010220
++    stigid@almalinux8: RHEL-08-010220
+ 
+ ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}'
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+index e1933b47..ffafbca1 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+@@ -19,7 +19,7 @@ identifiers:
+ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+-    stigid@rhel8: RHEL-08-010240
++    stigid@almalinux8: RHEL-08-010240
+     stigid@ubuntu2004: UBTU-20-010419
+ 
+ ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log", perms="drwxr-xr-x") }}}'
+diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+index cdd89a98..47650e30 100644
+--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+@@ -18,7 +18,7 @@ identifiers:
+ references:
+     disa: CCI-001314
+     srg: SRG-OS-000206-GPOS-00084
+-    stigid@rhel8: RHEL-08-010210
++    stigid@almalinux8: RHEL-08-010210
+ 
+ ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}'
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/ansible/shared.yml
+index f6f2ab48..62306146 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/bash/shared.sh
+index 365b9833..80b141d1 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ find /lib \
+ /lib64 \
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+index 8c0acc0e..569f6be4 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: sle12,sle15,rhel8,fedora
++prodtype: sle12,sle15,rhel8,almalinux8,fedora
+ 
+ title: 'Verify that Shared Library Directories Have Root Group Ownership'
+ 
+@@ -37,7 +37,7 @@ references:
+     disa: CCI-001499
+     nist: CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+-    stigid@rhel8: RHEL-08-010350
++    stigid@almalinux8: RHEL-08-010350
+     stigid@sle12: SLES-12-010876
+     stigid@sle15: SLES-15-010356
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh
+index 50fdb17b..ceca9549 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ DIRS="/lib /lib64 /usr/lib /usr/lib64"
+ for dirPath in $DIRS; do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh
+index 043ad6b2..fed1cb70 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ DIRS="/lib /lib64 /usr/lib /usr/lib64"
+ for dirPath in $DIRS; do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
+index 71682881..f63a3dc2 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
+index 5598e471..05ac5394 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
+ do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+index cd605363..1717f42c 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel8,sle12,sle15,ubuntu2004
++prodtype: fedora,rhel8,almalinux8,sle12,sle15,ubuntu2004
+ 
+ title: 'Verify that system commands files are group owned by root '
+ 
+@@ -41,7 +41,7 @@ references:
+     disa: CCI-001499
+     nist: CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+-    stigid@rhel8: RHEL-08-010320
++    stigid@almalinux8: RHEL-08-010320
+     stigid@sle12: SLES-12-010882
+     stigid@sle15: SLES-15-010361
+     stigid@ubuntu2004: UBTU-20-010458
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
+index 04178f48..ce116710 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
+index 5471f360..1a2c2a9f 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ find /bin/ \
+ /usr/bin/ \
+ /usr/local/bin/ \
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+index 1a13a200..a3d8185c 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+@@ -42,7 +42,7 @@ references:
+     nist: CM-5(6),CM-5(6).1,CM-6(a),AC-6(1)
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+-    stigid@rhel8: RHEL-08-010310
++    stigid@almalinux8: RHEL-08-010310
+     stigid@sle12: SLES-15-010879
+     stigid@sle15: SLES-15-010359
+     stigid@ubuntu2004: UBTU-20-010457
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml
+index de81a370..9f2d834d 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh
+index c75167d2..dee705ea 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ for LIBDIR in /usr/lib /usr/lib64 /lib /lib64
+ do
+   if [ -d $LIBDIR ]
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+index dfedd255..8a349c9d 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+@@ -43,7 +43,7 @@ references:
+     nist: CM-5(6),CM-5(6).1,CM-6(a),AC-6(1)
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+-    stigid@rhel8: RHEL-08-010340
++    stigid@almalinux8: RHEL-08-010340
+     stigid@sle12: SLES-12-010873
+     stigid@sle15: SLES-15-010353
+     stigid@ubuntu2004: UBTU-20-010428
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
+index 33196965..b0572f9d 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
+index 5d95c987..6ff7b18a 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec"
+ for dirPath in $DIRS; do
+ 	find "$dirPath" -perm /022 -exec chmod go-w '{}' \;
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+index 80ab758b..aa5f3528 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+@@ -42,7 +42,7 @@ references:
+     nist: CM-5(6),CM-5(6).1,CM-6(a),AC-6(1)
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+-    stigid@rhel8: RHEL-08-010300
++    stigid@almalinux8: RHEL-08-010300
+     stigid@sle12: SLES-12-010878
+     stigid@sle15: SLES-15-010358
+     stigid@ubuntu2004: UBTU-20-010456
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml
+index cf9eebac..8571c19b 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = high
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+index 902d8b5f..b41692d5 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+@@ -43,7 +43,7 @@ references:
+     nist: CM-6(a),CM-5(6),CM-5(6).1,AC-6(1)
+     nist-csf: PR.AC-4,PR.DS-5
+     srg: SRG-OS-000259-GPOS-00100
+-    stigid@rhel8: RHEL-08-010330
++    stigid@almalinux8: RHEL-08-010330
+     stigid@sle12: SLES-12-010871
+     stigid@sle15: SLES-15-010351
+     stigid@ubuntu2004: UBTU-20-010426
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/ansible/shared.yml
+index ab3e85c4..83e1fe32 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = false
+ # strategy = restrict
+ # complexity = high
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/bash/shared.sh
+index d5fb8948..da0fb11b 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/bash/shared.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ find /lib \
+ /lib64 \
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+index 83371b8b..2d6f6b25 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: sle12,sle15,rhel8,fedora
++prodtype: sle12,sle15,rhel8,almalinux8,fedora
+ 
+ title: |-
+     Verify the system-wide library files in directories
+@@ -41,7 +41,7 @@ references:
+     disa: CCI-001499
+     nist: CM-5(6),CM-5(6).1
+     srg: SRG-OS-000259-GPOS-00100
+-    stigid@rhel8: RHEL-08-010350
++    stigid@almalinux8: RHEL-08-010350
+     stigid@sle12: SLES-12-010875
+     stigid@sle15: SLES-15-010355
+ 
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_group.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_group.pass.sh
+index a4ae2854..5fc20346 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_group.pass.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_group.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
+ do
+diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_group.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_group.fail.sh
+index c96f65b9..2461e35f 100644
+--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_group.fail.sh
++++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_group.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = multi_platform_sle,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
+ do
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
+index b0d59400..4a71eccd 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+index b8dcf3a2..4f5d09c8 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+@@ -24,7 +24,7 @@ references:
+     nerc-cip: CIP-003-3 R5.1.1,CIP-003-3 R5.3,CIP-004-3 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
+     nist: CM-6(a),AC-6(1)
+     srg: SRG-OS-000324-GPOS-00125
+-    stigid@rhel8: RHEL-08-010374
++    stigid@almalinux8: RHEL-08-010374
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
+index 5ce0decb..b7a4243e 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+index b283776e..72e7595c 100644
+--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
++++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+@@ -26,7 +26,7 @@ references:
+     nerc-cip: CIP-003-3 R5.1.1,CIP-003-3 R5.3,CIP-004-3 R2.3,CIP-007-3 R2.1,CIP-007-3 R2.2,CIP-007-3 R2.3,CIP-007-3 R5.1,CIP-007-3 R5.1.1,CIP-007-3 R5.1.2
+     nist: CM-6(a),AC-6(1)
+     srg: SRG-OS-000324-GPOS-00125
+-    stigid@rhel8: RHEL-08-010373
++    stigid@almalinux8: RHEL-08-010373
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
+index 184a746f..0807776c 100644
+--- a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8
++prodtype: fedora,rhel7,rhel8,almalinux8
+ 
+ title: 'Assign Password to Prevent Changes to Boot Firmware Configuration'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
+index 311ae83b..a11f1d66 100644
+--- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
+ 
+ title: 'Disable Booting from USB Devices in Boot Firmware'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
+index 848e7338..8f7db86a 100644
+--- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
+ 
+ title: 'Disable Kernel Support for USB via Bootloader Configuration'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
+index 44c5bffe..2eb544c7 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+index a21b044b..543160de 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Disable Mounting of cramfs'
+ 
+@@ -43,7 +43,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a)
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040025
++    stigid@almalinux8: RHEL-08-040025
+ 
+ {{{ complete_ocil_entry_module_disable(module="cramfs") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
+index f53ca7e3..7decd700 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
+index cf38af75..b27990b7 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Disable Mounting of freevxfs'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
+index ef0e24a3..829121c2 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
+index fd08e9fa..68318195 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Disable Mounting of hfs'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
+index a20bc997..8106f54c 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
+index 74f69a23..ef0bdbc4 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Disable Mounting of hfsplus'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
+index 77723846..fd3ece4c 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
+index b2203d3f..2c0bc01e 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Disable Mounting of jffs2'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
+index be4526c5..febc07d2 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+index f78dbb60..a29fa86f 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,sle15
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
+ 
+ title: 'Disable Mounting of squashfs'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
+index ba69e9bf..615e5db4 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
+index 7cdf27b4..b6c8f181 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804,ubuntu2004
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Disable Mounting of udf'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
+index 32e39f20..a00da355 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+index c8366334..737e8cf5 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable Modprobe Loading of USB Storage Driver'
+ 
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020100
+     stigid@rhel7: RHEL-07-020100
+-    stigid@rhel8: RHEL-08-040080
++    stigid@almalinux8: RHEL-08-040080
+     stigid@sle12: SLES-12-010580
+     stigid@sle15: SLES-15-010480
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
+index 2be4cc35..a50aa726 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
+index 5af0cf51..34618357 100644
+--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Disable Mounting of vFAT filesystems'
+ 
+diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
+index 41352695..8b69802a 100644
+--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+index 2214eb95..d38bc2ee 100644
+--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,wrlinux1019
+ 
+ title: 'Disable the Automounter'
+ 
+@@ -51,7 +51,7 @@ references:
+     srg: SRG-OS-000114-GPOS-00059,SRG-OS-000378-GPOS-00163,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020110
+     stigid@rhel7: RHEL-07-020110
+-    stigid@rhel8: RHEL-08-040070
++    stigid@almalinux8: RHEL-08-040070
+     stigid@sle12: SLES-12-010590
+     stigid@sle15: SLES-15-010240
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
+index da7833ee..47c3af4c 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Add noauto Option to /boot'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
+index f9eebd38..767fe30a 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nodev Option to /boot'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
+index e6f8d284..d35ad835 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Add noexec Option to /boot'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+index cfb5a158..5dcf3a0d 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nosuid Option to /boot'
+ 
+@@ -30,7 +30,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010571
++    stigid@almalinux8: RHEL-08-010571
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+index 77699486..d09652d4 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol7: OL07-00-021022
+     stigid@rhel7: RHEL-07-021022
+-    stigid@rhel8: RHEL-08-040120
++    stigid@almalinux8: RHEL-08-040120
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+index 0405c4a2..e30bb475 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Add noexec Option to /dev/shm'
+ 
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol7: OL07-00-021024
+     stigid@rhel7: RHEL-07-021024
+-    stigid@rhel8: RHEL-08-040122
++    stigid@almalinux8: RHEL-08-040122
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+index 54c05d6f..202fb4a1 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154
+     stigid@ol7: OL07-00-021023
+     stigid@rhel7: RHEL-07-021023
+-    stigid@rhel8: RHEL-08-040121
++    stigid@almalinux8: RHEL-08-040121
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
+index 07013b2e..b5fa4bfc 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804
+ 
+ title: 'Add nodev Option to /home'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+index e2372df0..611b66ab 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Add noexec Option to /home'
+ 
+@@ -28,7 +28,7 @@ references:
+     disa: CCI-000366
+     nist: CM-6(b)
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010590
++    stigid@almalinux8: RHEL-08-010590
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+index 7809a961..40fc536b 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
+ 
+ title: 'Add nosuid Option to /home'
+ 
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021000
+     stigid@rhel7: RHEL-07-021000
+-    stigid@rhel8: RHEL-08-010570
++    stigid@almalinux8: RHEL-08-010570
+     stigid@sle12: SLES-12-010790
+     stigid@sle15: SLES-15-040140
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+index c79dcb7d..e747cc4f 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nodev Option to Non-Root Local Partitions'
+ 
+@@ -44,6 +44,6 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010580
++    stigid@almalinux8: RHEL-08-010580
+ 
+ platform: machine
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+index 49ad5091..b5ba8048 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804
+ 
+ title: 'Add nodev Option to Removable Media Partitions'
+ 
+@@ -41,7 +41,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010600
++    stigid@almalinux8: RHEL-08-010600
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+index f92f32e8..8b1dc171 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804
+ 
+ title: 'Add noexec Option to Removable Media Partitions'
+ 
+@@ -38,7 +38,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010610
++    stigid@almalinux8: RHEL-08-010610
+ 
+ ocil_clause: 'removable media partitions are present'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+index 4efb84dc..98bf2aaa 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804,wrlinux1019
+ 
+ title: 'Add nosuid Option to Removable Media Partitions'
+ 
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021010
+     stigid@rhel7: RHEL-07-021010
+-    stigid@rhel8: RHEL-08-010620
++    stigid@almalinux8: RHEL-08-010620
+     stigid@sle12: SLES-12-010800
+     stigid@sle15: SLES-15-040150
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
+index b67d96ba..c97be491 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Add nosuid Option to /opt'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
+index 022dee6d..50d8fc14 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Add nosuid Option to /srv'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+index e50df715..99b0c132 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804
+ 
+ title: 'Add nodev Option to /tmp'
+ 
+@@ -39,7 +39,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040123
++    stigid@almalinux8: RHEL-08-040123
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+index 7585cc6e..6f9aa511 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
+ 
+ title: 'Add noexec Option to /tmp'
+ 
+@@ -38,7 +38,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040125
++    stigid@almalinux8: RHEL-08-040125
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+index b8c3b7d7..3ec7f8d5 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804
+ 
+ title: 'Add nosuid Option to /tmp'
+ 
+@@ -39,7 +39,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040124
++    stigid@almalinux8: RHEL-08-040124
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+index 983b0734..a8694cce 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nodev Option to /var/log/audit'
+ 
+@@ -31,7 +31,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040129
++    stigid@almalinux8: RHEL-08-040129
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+index e63c8a89..78d1fec7 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add noexec Option to /var/log/audit'
+ 
+@@ -29,7 +29,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040131
++    stigid@almalinux8: RHEL-08-040131
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+index 5de65902..fb6512c5 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nosuid Option to /var/log/audit'
+ 
+@@ -30,7 +30,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040130
++    stigid@almalinux8: RHEL-08-040130
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+index c0a186c7..9b9847eb 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nodev Option to /var/log'
+ 
+@@ -31,7 +31,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040126
++    stigid@almalinux8: RHEL-08-040126
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+index 53f51f64..d356c2e5 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add noexec Option to /var/log'
+ 
+@@ -30,7 +30,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040128
++    stigid@almalinux8: RHEL-08-040128
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+index a78026c9..2ad8ea6f 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nosuid Option to /var/log'
+ 
+@@ -31,7 +31,7 @@ references:
+     nist: CM-7(a),CM-7(b),CM-6(a),AC-6,AC-6(1),MP-7
+     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040127
++    stigid@almalinux8: RHEL-08-040127
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
+index ced6ad1d..fd4c21f5 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nodev Option to /var'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
+index 7119419e..eb43ae82 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Add noexec Option to /var'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
+index ca3e15f3..a16ad330 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Add nosuid Option to /var'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
+index 1466eff5..b49afe45 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ . /usr/share/scap-security-guide/remediation_functions
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
+index 133e7727..0ec19fa7 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Bind Mount /var/tmp To /tmp'
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+index bb044207..722d7a53 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804
+ 
+ title: 'Add nodev Option to /var/tmp'
+ 
+@@ -32,7 +32,7 @@ references:
+     cis@ubuntu1804: 1.1.7
+     disa: CCI-001764
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040132
++    stigid@almalinux8: RHEL-08-040132
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+index 657ccaa5..c604f7ec 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804
+ 
+ title: 'Add noexec Option to /var/tmp'
+ 
+@@ -32,7 +32,7 @@ references:
+     cis@ubuntu1804: 1.1.9
+     disa: CCI-001764
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040134
++    stigid@almalinux8: RHEL-08-040134
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+index d5686e4d..54531e18 100644
+--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
++++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804
+ 
+ title: 'Add nosuid Option to /var/tmp'
+ 
+@@ -32,7 +32,7 @@ references:
+     cis@ubuntu1804: 1.1.8
+     disa: CCI-001764
+     srg: SRG-OS-000368-GPOS-00154
+-    stigid@rhel8: RHEL-08-040133
++    stigid@almalinux8: RHEL-08-040133
+ 
+ platform: machine
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
+index d9480227..554e34e0 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+index 29bd63b8..b61ada5d 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+@@ -34,7 +34,7 @@ references:
+     disa: CCI-000366
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010675
++    stigid@almalinux8: RHEL-08-010675
+ 
+ ocil_clause: ProcessSizeMax is not set to zero
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
+index d9480227..554e34e0 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+index fc23ce0a..538f7f37 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+@@ -30,7 +30,7 @@ references:
+     disa: CCI-000366
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010674
++    stigid@almalinux8: RHEL-08-010674
+ 
+ ocil_clause: Storage is not set to none
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+index 5d6b55f0..97f8f558 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ SECURITY_LIMITS_FILE="/etc/security/limits.conf"
+ 
+ if grep -qE '\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
+index 41cbd119..481afa58 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+index 09ad7d43..b5418dc6 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004
+ 
+ title: 'Disable Core Dumps for All Users'
+ 
+@@ -34,7 +34,7 @@ references:
+     iso27001-2013: A.12.1.3,A.17.2.1
+     nist-csf: DE.CM-1,PR.DS-4
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010673
++    stigid@almalinux8: RHEL-08-010673
+ 
+ ocil_clause: 'it is not'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+index 9524302e..c384e918 100644
+--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable acquiring, saving, and processing core dumps'
+ 
+@@ -27,7 +27,7 @@ references:
+     disa: CCI-000366
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010672
++    stigid@almalinux8: RHEL-08-010672
+ 
+ ocil_clause: unit systemd-coredump.socket is not masked or running
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
+index f689f4b2..34430b60 100644
+--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
++++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_umask_for_daemons") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
+index 6b2922e1..6cccb08a 100644
+--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8
++prodtype: fedora,rhel7,rhel8,almalinux8
+ 
+ title: 'Set Daemon Umask'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
+index 579b8641..4dc86daf 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable ExecShield via sysctl'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
+index 415b0486..02b1e991 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+index bb3cf0ba..53b0c98a 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+@@ -27,7 +27,7 @@ references:
+     nerc-cip: CIP-002-3 R1.1,CIP-002-3 R1.2,CIP-003-3 R5.1.1,CIP-003-3 R5.3,CIP-004-3 4.1,CIP-004-3 4.2,CIP-004-3 R2.2.3,CIP-004-3 R2.2.4,CIP-004-3 R2.3,CIP-004-3 R4,CIP-005-3a R1,CIP-005-3a R1.1,CIP-005-3a R1.2,CIP-007-3 R3,CIP-007-3 R3.1,CIP-007-3 R5.1,CIP-007-3 R5.1.2,CIP-007-3 R5.1.3,CIP-007-3 R5.2.1,CIP-007-3 R5.2.3,CIP-007-3 R8.4,CIP-009-3 R.1.1,CIP-009-3 R4
+     nist: SC-30,SC-30(2),SC-30(5),CM-6(a)
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040283
++    stigid@almalinux8: RHEL-08-040283
+     stigid@sle12: SLES-12-030320
+     stigid@sle15: SLES-15-010540
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
+index 7a4c107b..22e20912 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+index 852c9023..11e13949 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+@@ -34,7 +34,7 @@ references:
+     srg: SRG-OS-000433-GPOS-00193,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-040201
+     stigid@rhel7: RHEL-07-040201
+-    stigid@rhel8: RHEL-08-010430
++    stigid@almalinux8: RHEL-08-010430
+     stigid@sle12: SLES-12-030330
+     stigid@sle15: SLES-15-010550
+     stigid@ubuntu2004: UBTU-20-010448
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+index 2176a0bb..12fde141 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Enable NX or XD Support in the BIOS'
+ 
+@@ -32,6 +32,6 @@ references:
+     nist: SC-39,CM-6(a)
+     nist-csf: PR.IP-1
+     srg: SRG-OS-000433-GPOS-00192
+-    stigid@rhel8: RHEL-08-010420
++    stigid@almalinux8: RHEL-08-010420
+ 
+ platform: machine
+diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
+index 48e4b420..2c608f53 100644
+--- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Install PAE Kernel on Supported 32-bit x86 Systems'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+index 66899c63..82e5f8bb 100644
+--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable page allocator poisoning'
+ 
+@@ -29,7 +29,7 @@ references:
+     disa: CCI-001084
+     nist: CM-6(a)
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
+-    stigid@rhel8: RHEL-08-010421
++    stigid@almalinux8: RHEL-08-010421
+ 
+ ocil_clause: 'page allocator poisoning is not enabled'
+ 
+@@ -56,9 +56,9 @@ warnings:
+         
    ~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    
+         
  • On UEFI-based machines, issue the following command as root:
+ {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% endif %}}
+         
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+index 9d90eaa5..61bdf449 100644
+--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable SLUB/SLAB allocator poisoning'
+ 
+@@ -29,7 +29,7 @@ references:
+     disa: CCI-001084
+     nist: CM-6(a)
+     srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068
+-    stigid@rhel8: RHEL-08-010423
++    stigid@almalinux8: RHEL-08-010423
+ 
+ ocil_clause: 'SLUB/SLAB poisoning is not enabled'
+ 
+@@ -56,9 +56,9 @@ warnings:
+         
    ~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    
+         
  • On UEFI-based machines, issue the following command as root:
+ {{% if product in ["rhel7", "rhel8", "ol7", "ol8"] %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% else %}}
+-        
    ~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
    
++        
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+ {{% endif %}}
+         
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
+index 88c68344..fa9b2020 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+index 4a8bf79e..ed7b7927 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable storing core dumps'
+ 
+@@ -22,7 +22,7 @@ references:
+     disa: CCI-000366
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010671
++    stigid@almalinux8: RHEL-08-010671
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.core_pattern", value="|/bin/false") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
+index 36e025cc..e97acde1 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+index 434a87a1..8b1daa2f 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Restrict Access to Kernel Message Buffer'
+ 
+@@ -25,7 +25,7 @@ references:
+     hipaa: 164.308(a)(1)(ii)(D),164.308(a)(3),164.308(a)(4),164.310(b),164.310(c),164.312(a),164.312(e)
+     nist: SI-11(a),SI-11(b)
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
+-    stigid@rhel8: RHEL-08-010375
++    stigid@almalinux8: RHEL-08-010375
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
+index 505b3c12..cdf18e6d 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+index d677fd62..42b854b0 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable Kernel Image Loading'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-001749
+     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000366-GPOS-00153
+-    stigid@rhel8: RHEL-08-010372
++    stigid@almalinux8: RHEL-08-010372
+ 
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
+index 1722b937..03e919ac 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable loading and unloading of kernel modules'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
+index 52456967..c4915c47 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Limit CPU consumption of the Perf system'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
+index f78db1b0..53059efc 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Limit sampling frequency of the Perf system'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
+index 0541e59a..50020c28 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+index 77eeb2e7..acfac8ca 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disallow kernel profiling by unprivileged users'
+ 
+@@ -22,7 +22,7 @@ references:
+     disa: CCI-001090
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
+-    stigid@rhel8: RHEL-08-010376
++    stigid@almalinux8: RHEL-08-010376
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
+index 4299f35b..56bb333d 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure maximum number of process identifiers'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
+index f17eeb7a..31e51854 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disallow magic SysRq key'
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
+index 2e24d921..7b706bb3 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+index 6e5576ed..8dc759a4 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes'
+ 
+@@ -22,7 +22,7 @@ references:
+     disa: CCI-000366
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040281
++    stigid@almalinux8: RHEL-08-040281
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
+index ceafd483..7006e206 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+index 7ef5b5ed..7e6a20b0 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Restrict usage of ptrace to descendant processes'
+ 
+@@ -24,7 +24,7 @@ references:
+     anssi: BP28(R25)
+     disa: CCI-000366
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040282
++    stigid@almalinux8: RHEL-08-040282
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
+index 7519b774..af6c30ab 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+index 31b7183b..755c1b4d 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Harden the operation of the BPF just-in-time compiler'
+ 
+@@ -23,7 +23,7 @@ references:
+     nist: CM-6b
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040286
++    stigid@almalinux8: RHEL-08-040286
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
+index fdd4fb83..3274d5b3 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ apiVersion: machineconfiguration.openshift.io/v1
+ kind: MachineConfig
+ spec:
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+index 2e11533e..856045df 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the use of user namespaces'
+ 
+@@ -31,7 +31,7 @@ references:
+     nist: SC-39,CM-6(a)
+     ospp: FMT_SMF_EXT.1
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040284
++    stigid@almalinux8: RHEL-08-040284
+ 
+ {{{ complete_ocil_entry_sysctl_option_value(sysctl="user.max_user_namespaces", value="0") }}}
+ 
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
+index 93a11ee5..61e87801 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Prevent applications from mapping low portion of virtual memory'
+ 
+diff --git a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
+index 297512e4..32f67ae3 100644
+--- a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
++++ b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Ensure SELinux Not Disabled in the kernel arguments'
+ 
+diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
+index e9ff094d..f0a8bcdb 100644
+--- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
+index 735354a2..0c13b196 100644
+--- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+ 
+ sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
+ sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
+diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
+index a313831b..e1532946 100644
+--- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
++++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Ensure SELinux Not Disabled in /etc/default/grub'
+ 
+diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
+index d38f1829..c6e06cb7 100644
+--- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
++++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Install libselinux Package'
+ 
+diff --git a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
+index 81f72105..f5fa640c 100644
+--- a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
++++ b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9,sle15
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle15
+ 
+ title: 'Uninstall mcstrans Package'
+ 
+diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
+index 74c92194..4bf954c8 100644
+--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
++++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhel8,rhel9
++prodtype: ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Install policycoreutils-python-utils package'
+ 
+diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+index 759f453f..b73935e5 100644
+--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
++++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install policycoreutils Package'
+ 
+@@ -31,7 +31,7 @@ identifiers:
+ references:
+     disa: CCI-001084
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010171
++    stigid@almalinux8: RHEL-08-010171
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
+index d20c1116..78446be3 100644
+--- a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
++++ b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall setroubleshoot-plugins Package'
+ 
+diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
+index c5fec06d..ff4e6b57 100644
+--- a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
++++ b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall setroubleshoot-server Package'
+ 
+diff --git a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
+index 8992283a..f6cabc95 100644
+--- a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
++++ b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
+ 
+ title: 'Uninstall setroubleshoot Package'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
+index 90434f6a..83e9bad0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the abrt_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
+index 6f00cc5d..56f78524 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the abrt_handle_event SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
+index 6aedbd4b..7fc72b46 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the abrt_upload_watch_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
+index 9059fdf0..2f1dd2ed 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the antivirus_can_scan_system SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
+index ebbce6ed..fec2f5d6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the antivirus_use_jit SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
+index f3be1c78..405ac2f7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the auditadm_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
+index 1de5f715..c45f45d5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the authlogin_nsswitch_use_ldap SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
+index 57cb33c8..00e5d2e7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the authlogin_radius SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
+index fc7a5770..b937eb9a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the authlogin_yubikey SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
+index e6c6bbe3..b3411ada 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the awstats_purge_apache_log_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
+index 8cba7a6c..e6fe999d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the boinc_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
+index 6d1ab1fb..b657ac12 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cdrecord_read_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
+index d38be936..09cc2e6e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cluster_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
+index a6558b75..acb9fd61 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cluster_manage_all_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
+index 4dba59fc..8d2948e6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cluster_use_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
+index 9c405241..11375b94 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cobbler_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
+index 96c0e256..08ea062a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cobbler_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
+index 93bdc97c..3b2b401d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cobbler_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
+index a7d6e9e7..02a7c4db 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cobbler_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
+index d2c8b686..f9c7e326 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the collectd_tcp_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
+index 1f560285..38809dd3 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the condor_tcp_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
+index c880bf74..cc1d9b92 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the conman_can_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
+index e9051bb9..e4bd1074 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the container_connect_any SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
+index 8030890f..ebdcc1a5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the cron_can_relabel SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
+index 1c0270c0..d605ca51 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the cron_system_cronjob_use_shares SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
+index db921dc0..ba593d16 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the cron_userdomain_transition SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
+index d1d7ded6..4fb4bf2c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cups_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
+index af5727d6..6cae839d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the cvs_read_shadow SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
+index 7ef9fda5..02fbacc4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the daemons_dump_core SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
+index 07ef4320..0a1a11d7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the daemons_enable_cluster_mode SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
+index 64be1daf..c5e1f925 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the daemons_use_tcp_wrapper SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
+index 9a92ccdd..dce9bc4b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the daemons_use_tty SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
+index c75cce8a..cb56c79e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the dbadm_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
+index 2b9a11ba..3e1236fb 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the dbadm_manage_user_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
+index 707d7113..82b8a228 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the dbadm_read_user_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
+index 2a35a2db..d9aefa8c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the deny_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
+index 1dd4eef6..1356b6fd 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the deny_ptrace SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
+index 9b4bfe10..d648713f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the dhcpc_exec_iptables SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
+index 75f044c4..c2cec43e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the dhcpd_use_ldap SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
+index a5acdd0f..b208f50b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the domain_fd_use SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
+index bbc2a154..84c0a25c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the domain_kernel_load_modules SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
+index 2c75b117..a87eabb4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the entropyd_use_audio SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
+index 12305e08..3d287f7c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the exim_can_connect_db SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
+index 2d54130d..3c3d3645 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the exim_manage_user_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
+index b240c116..93ecd94c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the exim_read_user_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
+index 9b3cf756..f8ea2f6c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the fcron_crond SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
+index 1f71bedb..3316263f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the fenced_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
+index cac41de7..96edf0ff 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the fenced_can_ssh SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
+index 5851293f..ec0a9345 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the fips_mode SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
+index dbf31b53..2b2f5bc3 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
+index 579ac3f5..7ebfb8bd 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_connect_all_unreserved SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
+index f2d973ba..b473ef96 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_connect_db SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
+index cf9e7826..017cfec4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_full_access SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
+index 14b1f752..73153bbf 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
+index 6cb9d9df..896fb999 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_use_fusefs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
+index 4035d4f8..e9e734e1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
+index c1236064..f2276697 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ftpd_use_passive_mode SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
+index 47e9b420..86d7f819 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_cgi_enable_homedirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
+index ca5a2bcd..cc91e16f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_cgi_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
+index f8b5c912..cee5cb7a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_cgi_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
+index 8dffa1dd..855a231f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_session_bind_all_unreserved_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
+index f4dca61a..7c8c3dd2 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_session_users SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
+index 170fcfdf..31ad34ce 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_system_enable_homedirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
+index c46e622e..8935f832 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_system_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
+index b149744b..4006fe66 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the git_system_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
+index 2fa3db75..dba2c36f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the gitosis_can_sendmail SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
+index f8324918..790d5167 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the glance_api_can_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
+index ee835d3e..24ee3fae 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the glance_use_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
+index 70546358..3146c801 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the glance_use_fusefs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
+index 12cb7bdc..ec058a02 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the global_ssp SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
+index 19903fc9..31bf578d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the gluster_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
+index c586752c..3eac3ab0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the gluster_export_all_ro SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
+index 953d6f51..445c6f2a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure the gluster_export_all_rw SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
+index fc5c20b9..5e4d075c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the gpg_web_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
+index 9cf94d26..fe53e4a3 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the gssd_read_tmp SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
+index fb0b8f6e..6b64581a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the guest_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
+index f5e5a38e..f96727ff 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the haproxy_connect_any SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
+index 7ac8bcac..8717ac94 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
+index 9d1fbe43..e2eef2ad 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure the httpd_builtin_scripting SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
+index f08b0711..4c2f3603 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_check_spam SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
+index 6511bfe2..6f07db4d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_connect_ftp SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
+index 9d088182..5f01b615 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_connect_ldap SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
+index fe8400ee..c292070a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_connect_mythtv SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
+index d8282606..3d80037c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_connect_zabbix SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
+index 51f2d075..ea465e8c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
+index 04ffe7de..d45f0d7d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_network_connect_cobbler SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
+index 38b2cbfe..2b40a15c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_network_connect_db SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
+index d844dcdb..d45a0031 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_network_memcache SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
+index bff3c8ce..8dad299f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_network_relay SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
+index 8d73dd26..3582c1a4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_can_sendmail SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
+index 3cfbca8a..de20f874 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_dbus_avahi SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
+index da62291c..398bc8c7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_dbus_sssd SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
+index dc9651f9..2fec140e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_dontaudit_search_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
+index 63eb6e1e..21df0707 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Configure the httpd_enable_cgi SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
+index 677ed3ce..4f1a4791 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_enable_ftp_server SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
+index a2b05231..c0d75670 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_enable_homedirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
+index ee05eba7..bf3793e5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
+index b5a42076..fd15c031 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the httpd_graceful_shutdown SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
+index d8453a7d..5fcb23b5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_manage_ipa SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
+index 0b2ad316..3347f027 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
+index eaf8ea4d..2adfa1ac 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_mod_auth_pam SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
+index e258ff54..cf04e5bb 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_read_user_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
+index d8b3f4e6..c17c8a97 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_run_ipa SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
+index 413472cb..f96365f8 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_run_preupgrade SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
+index 4cc54284..3c320028 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_run_stickshift SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
+index 27a979c8..6200f0a0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_serve_cobbler_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
+index e09231f7..08f76037 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_setrlimit SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
+index 81ee3798..c00302d0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_ssi_exec SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
+index 61140b8d..16585685 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_sys_script_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
+index ad6c2ea7..c8a12f68 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_tmp_exec SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
+index 12b4dcc1..04841fb3 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_tty_comm SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
+index ffcda8a2..364640ad 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_unified SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
+index 4a5c7bdc..88d0bf75 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
+index 79c4149f..3df100b7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_use_fusefs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
+index d022811e..1e157cfa 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_use_gpg SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
+index 4080ca05..b872c1a8 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
+index dbbb07cf..d0477e44 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_use_openstack SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
+index fe0840e2..f88ad485 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_use_sasl SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
+index 61def0aa..6bfb1a2c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the httpd_verify_dns SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
+index 724cbbce..97bd40b0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the icecast_use_any_tcp_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
+index a7da73c3..66621010 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the irc_use_any_tcp_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
+index d82f9ff2..d14ca236 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the irssi_use_full_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
+index fdb0a982..4573675c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the kdumpgui_run_bootloader SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
+index f154f106..e53861bb 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the kerberos_enabled SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
+index eb32deaf..48b83090 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ksmtuned_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
+index 86376cba..74e8dfb6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the ksmtuned_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
+index ec2cec98..dfe4a75d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the logadm_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
+index dad98e38..b45bdc4b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the logging_syslogd_can_sendmail SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
+index 3c520540..6acdf661 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the logging_syslogd_run_nagios_plugins SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
+index b55c01f0..1b05386f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the logging_syslogd_use_tty SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
+index 1e423f46..064a77ef 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the login_console_enabled SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
+index 8e327772..e5b4122d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the logrotate_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
+index d5e181b9..5da3e9c0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the logwatch_can_network_connect_mail SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
+index 4d3c7838..32b05be7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the lsmd_plugin_connect_any SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
+index 6dfb2e01..5eb9727d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mailman_use_fusefs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
+index d235fe6f..95b28e43 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mcelog_client SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
+index 46c9d61a..706520e3 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the mcelog_exec_scripts SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
+index 80757940..86ada5a3 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mcelog_foreground SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
+index 48cc45cb..8a59bf4c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mcelog_server SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
+index 040edc1f..068785b4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the minidlna_read_generic_user_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
+index 134cb824..52a2a0cb 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the mmap_low_allowed SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
+index 7302201a..9a1666c2 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the mock_enable_homedirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
+index 8354e36e..c85174c8 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the mount_anyfile SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
+index a461e301..5a57d162 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
+index b544dd12..17206906 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mozilla_plugin_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
+index 878c10bd..69c810a9 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mozilla_plugin_use_bluejeans SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
+index eba60ff3..66ab4c43 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mozilla_plugin_use_gps SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
+index a5655a34..ba398fec 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mozilla_plugin_use_spice SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
+index 8d8407db..b56b3b40 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mozilla_read_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
+index db538e06..7c6f98ea 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mpd_enable_homedirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
+index 5bff3c99..d359d281 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mpd_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
+index 97140465..a4af6e2d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mpd_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
+index bb5e5948..a412fc8b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mplayer_execstack SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
+index 98a1ebcf..cce1c87e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the mysql_connect_any SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
+index 70347807..2d91a12f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the nagios_run_pnp4nagios SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
+index 489a099a..7d208a85 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the nagios_run_sudo SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
+index a51fbbea..1f31780a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the named_tcp_bind_http_port SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
+index c9d54a98..b4bb8d07 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the named_write_master_zones SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
+index b543c733..3df85ab6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the neutron_can_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
+index c0718a62..4ade28e7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the nfs_export_all_ro SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
+index 0355bad7..7d4a3dfc 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the nfs_export_all_rw SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
+index 8d21a80b..0b0a2ee5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the nfsd_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
+index 9ae527ee..b9324567 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the nis_enabled SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
+index 2223ef84..abb41046 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the nscd_use_shm SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
+index 1c4fa8c1..9c06f296 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the openshift_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
+index affa929a..b0ba05f1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the openvpn_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
+index 425be626..20e4922a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the openvpn_enable_homedirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
+index 8ebfe542..04fcdf6d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the openvpn_run_unconfined SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
+index c1a13523..fe23e776 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the pcp_bind_all_unreserved_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
+index 9f902520..a76d4523 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the pcp_read_generic_logs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
+index bf1ea51c..3c76e1fc 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the piranha_lvs_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
+index 7e628966..82442a13 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the polipo_connect_all_unreserved SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
+index fa974402..39da107d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
+index f2f93ba3..2993b2f9 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the polipo_session_users SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
+index 0f0fe5d6..bd263df1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the polipo_use_cifs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
+index 1c1d302e..7353b3ab 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the polipo_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
+index 53f154e7..969390fd 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the polyinstantiation_enabled SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
+index 1c061280..f607bdc2 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the postfix_local_write_mail_spool SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
+index 2d4f2e59..dcfcc5b4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the postgresql_can_rsync SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
+index f7fdf042..e2bde893 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the postgresql_selinux_transmit_client_label SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
+index e4e888a8..0935fa0f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
+index 215daf93..c8f70c02 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the postgresql_selinux_users_ddl SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
+index 9ff99173..6e8c37d1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the pppd_can_insmod SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
+index ef5d648f..a3f5a525 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the pppd_for_user SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
+index b9f04990..320d69e0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the privoxy_connect_any SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
+index ec8fa105..3f3d870e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the prosody_bind_http_port SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
+index ce7bc2f5..f1b87a1d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the puppetagent_manage_all_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
+index 894fed16..7f85d5e0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the puppetmaster_use_db SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
+index 2cae0d28..4120691c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the racoon_read_shadow SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
+index 8720c030..614c4e60 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the rsync_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
+index 58878837..5ea8dc21 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the rsync_client SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
+index 154646cf..4aec9d3e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the rsync_export_all_ro SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
+index 832dfa25..2de80cb7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the rsync_full_access SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
+index 85b65a88..207d77e8 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_create_home_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
+index c67f1f86..8cd0f5e0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_domain_controller SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
+index 1698ed1d..90798fe7 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_enable_home_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
+index 9a21f5f6..b3efb3e9 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_export_all_ro SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
+index fd52c836..49a8ec85 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_export_all_rw SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
+index 826beddf..5a08118e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_load_libgfapi SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
+index d901e686..9073796e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_portmapper SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
+index c409c6bb..9729d7fa 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_run_unconfined SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
+index cc2efcfb..707659d6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_share_fusefs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
+index 085f7118..0230e13e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the samba_share_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
+index 07428064..aa479f16 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the sanlock_use_fusefs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
+index c1a64ba8..550a22a0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the sanlock_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
+index c413f111..6b4110bf 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the sanlock_use_samba SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
+index f0d4bbc9..def16a42 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the saslauthd_read_shadow SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
+index fe166c84..613e2054 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the secadm_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
+index 8812aab5..58433655 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the secure_mode SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
+index 428bb90b..5416bfa6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the secure_mode_insmod SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
+index cf06eb5e..a156f971 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the secure_mode_policyload SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
+index d9918450..702adbee 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure the selinuxuser_direct_dri_enabled SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
+index 79a5c0ec..d21be051 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_execheap SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
+index f90ef118..bb0a2d7a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the selinuxuser_execmod SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
+index 7ae9bd9d..c8718a3b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'disable the selinuxuser_execstack SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
+index 273c5ac0..4a4a181c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_mysql_connect_enabled SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
+index 0645deb5..36f1e961 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the selinuxuser_ping SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
+index b71a1ff7..17bb3478 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
+index cc3ae761..45665fea 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_rw_noexattrfile SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
+index 46b98953..118af784 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_share_music SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
+index 692df86c..cb301be6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_tcp_server SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
+index 016131f1..f8ed8c83 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_udp_server SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
+index 5fcf435e..49176ecf 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the selinuxuser_use_ssh_chroot SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
+index 17054b75..da8b92c6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the sge_domain_can_network_connect SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
+index df44870b..1ad1905a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the sge_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
+index 03a20026..8496b412 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the smartmon_3ware SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
+index a597045a..b9f168ca 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the smbd_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
+index 04514bde..570b320f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the spamassassin_can_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
+index 3f743cbf..32ec94a0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the spamd_enable_home_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
+index ec5c45e7..6345f86a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the squid_connect_any SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
+index dd156deb..e39be3fd 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the squid_use_tproxy SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
+index ef2338c1..57cd8389 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the ssh_chroot_rw_homedirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
+index 5ab6b17e..ac0457bf 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the ssh_keysign SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
+index f4b47393..96a9c991 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the ssh_sysadm_login SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
+index 6afbfdf2..761f9f99 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the staff_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
+index 4cb6582d..83c50aef 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the staff_use_svirt SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
+index 60ac4523..5bea5bed 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the swift_can_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
+index d3dfd51e..3ba9d15d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the sysadm_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
+index d4d469d2..4ecc3659 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the telepathy_connect_all_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
+index 1321809a..24257e70 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
+index 7d8a2cc2..a9448683 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the tftp_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
+index 9b553ff7..e3b67bd5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the tftp_home_dir SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
+index 1d6ea593..fe961347 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the tmpreaper_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
+index 0981d8bb..768670d4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the tmpreaper_use_samba SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
+index df86f451..8f307e56 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the tor_bind_all_unreserved_ports SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
+index 86e08e38..7e863ca9 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the tor_can_network_relay SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
+index f0556d17..b6c44d72 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the unconfined_chrome_sandbox_transition SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
+index 403ec891..b2db23d6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the unconfined_login SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
+index d8f69ced..45d778d2 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the unconfined_mozilla_plugin_transition SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
+index b9ea2bbe..cda7f281 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the unprivuser_use_svirt SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
+index 7620ff49..224241b1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the use_ecryptfs_home_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
+index 0b74be73..fde9d57e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the use_fusefs_home_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
+index ec79d2ec..dd36abc1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the use_lpd_server SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
+index fdfad24e..8708942e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the use_nfs_home_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
+index 4da19ea4..32b01588 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the use_samba_home_dirs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
+index ecb2e959..ea2e5df8 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Enable the user_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
+index 0b2097dc..0619143c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the varnishd_connect_any SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
+index 7899bd3b..f7a88517 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_read_qemu_ga_data SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
+index 822b9894..8f57e4e5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_rw_qemu_ga_data SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
+index df5c0c82..559cd12b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_sandbox_use_all_caps SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
+index f0009fe4..df761480 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the virt_sandbox_use_audit SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
+index 03b024c0..7689f05a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_sandbox_use_mknod SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
+index 1891511d..3b80c5e8 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_sandbox_use_netlink SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
+index b7fcd58a..a1577449 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_sandbox_use_sys_admin SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
+index 3a54abbb..25d71216 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_transition_userdomain SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
+index bef0f9a8..901dc85e 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_comm SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
+index b4c890c4..baa86e1b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
+index f92f814f..1ef74b8a 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_fusefs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
+index 7db9e5b3..1e0cd0f5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
+index ea059d54..23c6e632 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_rawip SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
+index bd6cccac..b664f299 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_samba SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
+index 7db733fe..9707ac1c 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_sanlock SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
+index bc2e3350..cb103a38 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_usb SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
+index 8420fe49..ed9094f4 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the virt_use_xserver SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
+index 3d69f6b2..bf19fbb8 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the webadm_manage_user_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
+index c8859dd0..e0d5a9d1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the webadm_read_user_files SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
+index 46ea5e90..f9940356 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the wine_mmap_zero_ignore SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
+index d777db4e..18d4819d 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xdm_bind_vnc_tcp_port SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
+index 6200ed21..db68ab72 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xdm_exec_bootloader SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
+index 2142a35e..6fb378c1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xdm_sysadm_login SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
+index 19c1b27d..79b1a8af 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xdm_write_home SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
+index 38ff90e0..c6fd91eb 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the xen_use_nfs SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
+index 9bd43515..8971006b 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the xend_run_blktap SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
+index 1faef3c8..42a5a4f6 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the xend_run_qemu SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
+index c289bd43..f1b137f3 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xguest_connect_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
+index 0ddc2fe7..ed411cee 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xguest_exec_content SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
+index d58ed222..c0bee0ab 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xguest_mount_media SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
+index 3ecd6e32..51366088 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xguest_use_bluetooth SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
+index b1faac83..ca7e9e1f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xserver_clients_write_xshm SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
+index dc0ff0f6..220222b0 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xserver_execmem SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
+index 1e83bdc4..3aa38819 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Disable the xserver_object_manager SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
+index f48eccf1..ce7b6cac 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the zabbix_can_network SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
+index 4775f929..28113c1f 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the zarafa_setrlimit SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
+index ede5e2a4..0159cace 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the zebra_write_config SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
+index f97013e6..ad916ea1 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the zoneminder_anon_write SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
+index dc7b1290..9596c2d5 100644
+--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
++++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9
++prodtype: rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the zoneminder_run_sudo SELinux Boolean'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
+index 50bd7f11..32b95cf4 100644
+--- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Ensure No Device Files are Unlabeled by SELinux'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
+index 6fb4c686..317b0949 100644
+--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+ 
+ title: 'Ensure No Daemons are Unconfined by SELinux'
+ 
+diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
+index 73e6ec7c..def4c28a 100644
+--- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
++++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
+index d84c8acc..c4fec2c4 100644
+--- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
++++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+index cb717027..a5327538 100644
+--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019
+ 
+ title: 'Configure SELinux Policy'
+ 
+@@ -51,7 +51,7 @@ references:
+     srg: SRG-OS-000445-GPOS-00199
+     stigid@ol7: OL07-00-020220
+     stigid@rhel7: RHEL-07-020220
+-    stigid@rhel8: RHEL-08-010450
++    stigid@almalinux8: RHEL-08-010450
+     vmmsrg: SRG-OS-000445-VMM-001780
+ 
+ ocil_clause: 'it does not'
+diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
+index 1c1560a8..fc86b614 100644
+--- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
++++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
+index 5286da83..9edb7521 100644
+--- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
++++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
+index 94c21d9f..9ac4232a 100644
+--- a/linux_os/guide/system/selinux/selinux_state/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
+@@ -43,7 +43,7 @@ references:
+     srg: SRG-OS-000445-GPOS-00199
+     stigid@ol7: OL07-00-020210
+     stigid@rhel7: RHEL-07-020210
+-    stigid@rhel8: RHEL-08-010170
++    stigid@almalinux8: RHEL-08-010170
+     vsrg: SRG-OS-000445-VMM-001780
+ 
+ ocil_clause: 'SELINUX is not set to enforcing'
+diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+index 8cf3c25c..0e9cad5e 100644
+--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
++++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Map System Users To The Appropriate SELinux Role'
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+index cd07fb4c..c1a61ece 100644
+--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Encrypt Partitions'
+ 
+@@ -71,7 +71,7 @@ references:
+     nist@sle12: SC-28,SC-28.1
+     nist@sle15: SC-28,SC-28.1
+     srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183
+-    stigid@rhel8: RHEL-08-010030
++    stigid@almalinux8: RHEL-08-010030
+     stigid@sle12: SLES-12-010450
+     stigid@sle15: SLES-15-010330
+     stigid@ubuntu2004: UBTU-20-010414
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
+index ab0fcaab..d4b587a3 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure /boot Located On Separate Partition'
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+index 6c85e419..65562069 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+@@ -41,7 +41,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021310
+     stigid@rhel7: RHEL-07-021310
+-    stigid@rhel8: RHEL-08-010800
++    stigid@almalinux8: RHEL-08-010800
+     stigid@sle12: SLES-12-010850
+     stigid@sle15: SLES-15-040200
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
+index 2c0e346b..f6f7f74c 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure /opt Located On Separate Partition'
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+index 9689439f..27779714 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+@@ -36,7 +36,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021340
+     stigid@rhel7: RHEL-07-021340
+-    stigid@rhel8: RHEL-08-010543
++    stigid@almalinux8: RHEL-08-010543
+ 
+ {{{ complete_ocil_entry_separate_partition(part="/tmp") }}}
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
+index 0956cb88..26784d02 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure /usr Located On Separate Partition'
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+index 882d5138..1ec35261 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021320
+     stigid@rhel7: RHEL-07-021320
+-    stigid@rhel8: RHEL-08-010540
++    stigid@almalinux8: RHEL-08-010540
+     stigid@sle12: SLES-12-010860
+     stigid@sle15: SLES-15-040210
+     vmmsrg: SRG-OS-000341-VMM-001220
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+index d2d9ce90..a47b87b8 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+@@ -37,7 +37,7 @@ references:
+     nist: CM-6(a),AU-4,SC-5(2)
+     nist-csf: PR.PT-1,PR.PT-4
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010541
++    stigid@almalinux8: RHEL-08-010541
+ 
+ {{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
+ 
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+index cd6d83c8..d46302a3 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+@@ -45,7 +45,7 @@ references:
+     srg: SRG-OS-000341-GPOS-00132,SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-021330
+     stigid@rhel7: RHEL-07-021330
+-    stigid@rhel8: RHEL-08-010542
++    stigid@almalinux8: RHEL-08-010542
+     stigid@sle12: SLES-12-010870
+     stigid@sle15: SLES-15-030810
+     vmmsrg: SRG-OS-000341-VMM-001220
+diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+index d57c0f0c..1fe7a6d5 100644
+--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
++++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804,ubuntu2004
++prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu1804,ubuntu2004
+ 
+ title: 'Ensure /var/tmp Located On Separate Partition'
+ 
+@@ -30,7 +30,7 @@ references:
+     cis@ubuntu1804: 1.1.6
+     cis@ubuntu2004: 1.1.11
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010544
++    stigid@almalinux8: RHEL-08-010544
+ 
+ {{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
+ 
+diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
+index d24ad613..78e4f65c 100644
+--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ dconf update
+diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
+index 2f0ab6a9..8b64b916 100644
+--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
++++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles'
+ 
+diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
+index ffde0523..c56b91c0 100644
+--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
++++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
+ 
+ title: 'Configure GNOME3 DConf User Profile'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
+index c3baa1b8..be83f158 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
+index 3165c09f..f2135e0b 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable the GNOME3 Login Restart and Shutdown Buttons'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
+index ca6beab0..8e18147d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+index f1f73151..012662c3 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
+ 
+ title: 'Disable the GNOME3 Login User List'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
+index f5d68f1c..91f02c0d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
+index ce44e98c..1f66017c 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the GNOME3 Login Smartcard Authentication'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+index 4b5b1f9e..3a89e3fa 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable the GNOME3 Screen Locking On Smartcard Removal'
+ 
+@@ -32,7 +32,7 @@ identifiers:
+ references:
+     disa: CCI-000056
+     srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
+-    stigid@rhel8: RHEL-08-020050
++    stigid@almalinux8: RHEL-08-020050
+ 
+ ocil_clause: 'removal-action has not been configured'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
+index 45e6c24a..e06d9600 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
+index baf8f8a1..6bede2b8 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Set the GNOME3 Login Number of Failures'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
+index 189dace9..312c3526 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh
+index 63faca98..b6bf6e6e 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ if rpm --quiet -q gdm
+ then
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+index 98d000a2..f9b9a04d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12
+ 
+ title: 'Disable GDM Automatic Login'
+ 
+@@ -39,7 +39,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00229
+     stigid@ol7: OL07-00-010440
+     stigid@rhel7: RHEL-07-010440
+-    stigid@rhel8: RHEL-08-010820
++    stigid@almalinux8: RHEL-08-010820
+     stigid@sle12: SLES-12-010380
+ 
+ ocil_clause: 'GDM allows users to automatically login'
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
+index ef2933c5..0d72f6f6 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
+index 569fccfa..b89d4cc5 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ if rpm --quiet -q gdm
+ then
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
+index 2d7584c3..b260701c 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Disable GDM Guest Login'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
+index 0ca67c74..332a5018 100644
+--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
+index 60417ff4..0af05e79 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh
+index 140c1cfc..9ba03ca1 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/media-handling", "automount", "false", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
+index a5271bc5..9e0dc115 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable GNOME3 Automounting'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
+index ac168ef9..69ecfa6a 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh
+index 7e2c64e5..fc18909f 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/media-handling", "automount-open", "false", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
+index 8283802e..0612d84c 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable GNOME3 Automount Opening'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
+index 51e4063c..3591b726 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh
+index 97a63e90..ae5872e4 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/media-handling", "autorun-never", "true", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
+index efefee40..198fd42b 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable GNOME3 Automount running'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
+index d9084479..bd866343 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh
+index 66768c6d..39bfef95 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/thumbnailers", "disable-all", "true", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
+index cfaad53a..94454d77 100644
+--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable All GNOME3 Thumbnailers'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
+index d82d2741..d7eca57d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh
+index 9cc91fdc..6a1abf0d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/nm-applet", "disable-wifi-create", "true", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
+index 739ce837..82376091 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable WIFI Network Connection Creation in GNOME3'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
+index 416732d6..dfd0a49e 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh
+index 49e3f7e6..60d65868 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/nm-applet", "suppress-wireless-networks-available", "true", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
+index 0d8eb600..96d42b6b 100644
+--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable WIFI Network Notification in GNOME3'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
+index 809ef3f0..75d3cb88 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh
+index cfc0001b..78509b32 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/Vino", "authentication-methods", "['vnc']", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
+index 084253ec..fbe7c8e1 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Require Credential Prompting for Remote Access in GNOME3'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
+index 74bd3c9d..1b9c33c8 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh
+index b10508ed..ea64385e 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/Vino", "require-encryption", "true", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
+index 3ad1ce2f..6dd55745 100644
+--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Require Encryption for Remote Access in GNOME3'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
+index c9dcad48..4f475886 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh
+index 9c89da66..1386946e 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "idle-activation-enabled", "true", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
+index 459747a2..93842287 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Enable GNOME3 Screensaver Idle Activation'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
+index d3f144c8..ae170b80 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh
+index 59a3bafa..d3c18c8d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_fedora
+ 
+ 
+ {{{ bash_dconf_lock("org/gnome/desktop/screensaver", "idle-activation-enabled", "local.d", "00-security-settings-lock") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
+index b94df803..aaa45d94 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure Users Cannot Change GNOME3 Screensaver Idle Activation'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
+index 962fff57..bf9af4c0 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh
+index ab0462e5..e9b3f8c1 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("inactivity_timeout_value") }}}
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+index 56f4436b..cace974d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ title: 'Set GNOME3 Screensaver Inactivity Timeout'
+ 
+@@ -53,7 +53,7 @@ references:
+     srg: SRG-OS-000029-GPOS-00010
+     stigid@ol7: OL07-00-010070
+     stigid@rhel7: RHEL-07-010070
+-    stigid@rhel8: RHEL-08-020060
++    stigid@almalinux8: RHEL-08-020060
+     stigid@sle12: SLES-12-010080
+     stigid@sle15: SLES-15-010120
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
+index ab219dc4..e303520d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh
+index 5c37b1d9..8d6c0e21 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("var_screensaver_lock_delay") }}}
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+index 46d19003..1b2e9db5 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Set GNOME3 Screensaver Lock Delay After Activation Period'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
+index 292bcf8f..bdba6192 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh
+index 5a516b50..3b749d90 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "lock-enabled", "true", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+index 49f1d387..e966e091 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
+ 
+ title: 'Enable GNOME3 Screensaver Lock After Idle Period'
+ 
+@@ -55,7 +55,7 @@ references:
+     srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
+     stigid@ol7: OL07-00-010060
+     stigid@rhel7: RHEL-07-010060
+-    stigid@rhel8: RHEL-08-020030
++    stigid@almalinux8: RHEL-08-020030
+     stigid@sle12: SLES-12-010060
+     stigid@sle15: SLES-15-010100
+     stigid@ubuntu2004: UBTU-20-010004
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
+index 34ff91ab..875abf68 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh
+index ea46be4f..4385f506 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_fedora
+ 
+ 
+ {{{ bash_dconf_lock("org/gnome/desktop/screensaver", "lock-enabled", "local.d", "00-security-settings-lock") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
+index 4b9770e1..04dea645 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
+index 4dbe2b3c..7313b6bc 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh
+index 19666f52..d1c6eaeb 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "picture-uri", "string ''", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
+index 4ac56470..d16064f2 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ title: 'Implement Blank Screensaver'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
+index 606e00c5..792db4ca 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh
+index 9e563568..b81d73fd 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/desktop/screensaver", "show-full-name-in-top-bar", "false", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
+index 9f86c7ed..556d1227 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable Full User Name on Splash Shield'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
+index ed7d9884..a41cb715 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh
+index 7e540988..6baf65b4 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_lock("org/gnome/desktop/screensaver", "lock-delay", "local.d", "00-security-settings-lock") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+index d0173ce6..66020289 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
+index aae97c96..18c7ec75 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh
+index 8f4922b5..3478e9c9 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_lock("org/gnome/desktop/session", "idle-delay", "local.d", "00-security-settings-lock") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+index cbe3e082..5d4750c7 100644
+--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
+index 76181547..eb340cb5 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh
+index 6bdb2e67..8218dfbe 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/settings-daemon/plugins/media-keys", "logout", "''", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+index 36e7ed1e..9b192608 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
+ 
+ title: 'Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3'
+ 
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020231
+     stigid@rhel7: RHEL-07-020231
+-    stigid@rhel8: RHEL-08-040171
++    stigid@almalinux8: RHEL-08-040171
+     stigid@ubuntu2004: UBTU-20-010459
+ 
+ ocil_clause: 'GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed'
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
+index 71f1ed93..19e07ca5 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh
+index ffa7d125..4bca3f4d 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ 
+ {{{ bash_dconf_settings("org/gnome/system/location", "enabled", "false", "local.d", "00-security-settings") }}}
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
+index 051d4f13..b9def751 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable Geolocation in GNOME3'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
+index 7a2e35b8..8d2debf7 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable Power Settings in GNOME3'
+ 
+diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
+index 592f8558..664c876c 100644
+--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
++++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Disable User Administration in GNOME3'
+ 
+diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
+index 27b2e8e2..b93c5bcf 100644
+--- a/linux_os/guide/system/software/gnome/group.yml
++++ b/linux_os/guide/system/software/gnome/group.yml
+@@ -12,7 +12,7 @@ description: |-
+     {{% if product in ['ol7', 'ol8'] %}}
+     Oracle Linux Graphical environment.
+     {{% else %}}
+-    Red Hat Graphical environment.
++    AlmaLinux Graphical environment.
+     {{% endif %}}
+     

    
+     For more information on GNOME and the GNOME Project, see {{{ weblink(link="https://www.gnome.org") }}}.
+diff --git a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
+index 65a915de..e6a694e9 100644
+--- a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
++++ b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel7,rhel8,rhel9,rhv4,ubuntu2004
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
+ 
+ title: 'Remove the GDM Package Group'
+ 
+diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
+index 56edcdee..6251f5f9 100644
+--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux8,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019
++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux8,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019
+ 
+ title: 'The Installed Operating System Is FIPS 140-2 Certified'
+ 
+diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+index 931be7e8..17fe400d 100644
+--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+@@ -4,6 +4,7 @@
+         The operating system installed on the system is supported by a vendor that provides security patches.
+       ") }}}
+     
++      
+       
+       
+       
+diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+index dc40925c..3ffb4713 100644
+--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
++++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
+ 
+ title: 'The Installed Operating System Is Vendor Supported'
+ 
+@@ -12,6 +12,9 @@ description: |-
+ {{% elif product in ["sle12", "sle15"] %}}
+     SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise
+     vendor, SUSE is responsible for providing security patches.
++{{% elif product == "almalinux8" %}}
++    AlmaLinux is supported by AlmaLinux. As the AlmaLinux
++    vendor, AlmaLinux is responsible for providing security patches.
+ {{% else %}}
+     Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise
+     Linux vendor, Red Hat, Inc. is responsible for providing security patches.
+@@ -48,7 +51,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020250
+     stigid@rhel7: RHEL-07-020250
+-    stigid@rhel8: RHEL-08-010000
++    stigid@almalinux8: RHEL-08-010000
+     stigid@sle12: SLES-12-010000
+     stigid@sle15: SLES-15-010000
+ 
+@@ -61,6 +64,8 @@ ocil: |-
+     
    $ grep -i "red hat" /etc/redhat-release
    
+ {{% elif product in ["ol7", "ol8"] %}}
+     
    $ grep -i "oracle" /etc/oracle-release
    
++{{% elif product in ["almalinux8"] %}}
++    
    $ grep -i "almalinux" /etc/almalinux-release
    
+ {{% elif product in ["sle12", "sle15"] %}}
+     
    $ grep -i "suse" /etc/os-release
    
+ {{% endif %}}
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+index 5484e11a..69ca3426 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure BIND to use System Crypto Policy'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
+index 2c9316c3..ff0480eb 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = bind
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ BIND_CONF='/etc/named.conf'
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
+index eeee56ba..ef03fc9a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ yum remove -y bind || true
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
+index 98b91d69..b647f75c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
+@@ -1,7 +1,7 @@
+ #!/bin/bash
+ # packages = bind
+ # 
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # We don't remediate anything if the config file is missing completely.
+ # remediation = none
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
+index 6218d35e..ea8f9062 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = bind
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ BIND_CONF='/etc/named.conf'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
+index 1efeb70a..1be51e61 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = bind
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ BIND_CONF='/etc/named.conf'
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+index d4ea4db6..7b804682 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure System Cryptography Policy'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+index 4169dff3..c0dfdaf2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ # IMPORTANT: This is a false negative scenario.
+ # File /etc/crypto-policies/config can be newer than /etc/crypto-policies/state/current,
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+index 833cc166..c5556090 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ update-crypto-policies --set "DEFAULT"
+ sleep 1s
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
+index 5bc60832..d9f4b97b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ 
+ update-crypto-policies --set "FIPS:OSPP"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
+index 0db03331..e0688ec0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ 
+ sed -i "1d" /etc/crypto-policies/config
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
+index fe431fb7..8842dc5f 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ 
+ rm /etc/crypto-policies/state/current
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+index 709714c8..71f718c4 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ 
+ update-crypto-policies --set "FIPS:OSPP"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+index fc6bb8b5..c60a96a6 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ 
+ update-crypto-policies --set "FIPS:OSPP"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+index d083ceb1..88e9d939 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_e8
+ 
+ update-crypto-policies --set "DEFAULT:NO-SHA1"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
+index 49e1f08d..f30ee6b4 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_standard
+ 
+ update-crypto-policies --set "DEFAULT"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+index 54b8211c..7b94bb56 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp
+ 
+ update-crypto-policies --set "FIPS:OSPP"
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
+index 926d3c12..ca368933 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
+ 
+ sed -i "1s/.*/LEGACY/" /etc/crypto-policies/config
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
+index 354f216b..7aed7424 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,fedora
++prodtype: rhel8,almalinux8,fedora
+ 
+ title: 'Configure GnuTLS library to use DoD-approved TLS Encryption'
+ 
+@@ -28,7 +28,7 @@ references:
+     disa: CCI-001453
+     nist: AC-17(2)
+     srg: SRG-OS-000250-GPOS-00093,SRG-OS-000423-GPOS-00187
+-    stigid@rhel8: RHEL-08-010295
++    stigid@almalinux8: RHEL-08-010295
+ 
+ ocil_clause: 'cryptographic policy for gnutls is not configured or is configured incorrectly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
+index 3c964c53..52245efc 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
+index 5c006cec..dfde03fb 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
+index 7a82fe62..b51aacb7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
+index ad39b47d..e4ca9f99 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/gnutls.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+index b219c9d2..003375a1 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure Kerberos to use System Crypto Policy'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
+index 677aa91c..3bcda12d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ rm -f /etc/krb5.conf.d/crypto-policies
+ ln -s /etc/crypto-policies/back-ends/krb5.config /etc/krb5.conf.d/crypto-policies
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
+index 2c0cb3be..f73e155e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ rm -f /etc/krb5.conf.d/crypto-policies
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
+index 842fb7b4..99563741 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ rm -f /etc/krb5.conf.d/crypto-policies
+ ln -s /etc/crypto-policies/back-ends/openssh.config /etc/krb5.conf.d/crypto-policies
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+index d54ccaae..0bb7929d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure Libreswan to use System Crypto Policy'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
+index 32a820e0..c7a7793a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ yum remove -y libreswan || true
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
+index dda7430c..c45d1fa4 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
+index c74f70dc..a58740ee 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
+index a8f9df03..89803c89 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
+index 1ef57ed1..804d7dd7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = libreswan
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ 
+ cp ipsec.conf /etc
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+index 9cf7e69b..db290ad6 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure OpenSSL library to use System Crypto Policy'
+ 
+@@ -29,7 +29,7 @@ references:
+     nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1,CIP-007-3 R7.1
+     nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
+     srg: SRG-OS-000250-GPOS-00093
+-    stigid@rhel8: RHEL-08-010293
++    stigid@almalinux8: RHEL-08-010293
+ 
+ ocil_clause: |-
+     the OpenSSL config file doesn't contain the whole section,
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
+index e424e796..abff84c2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+index 2c1ad0db..00112ea7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
+index d758cdb2..32d98127 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+index 7f0c394f..653de38d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ . common.sh
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+index 4a777989..f5aa09b0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,rhel9
++prodtype: rhel8,almalinux8,rhel9
+ 
+ title: 'Configure OpenSSL library to use TLS Encryption'
+ 
+@@ -28,7 +28,7 @@ references:
+     disa: CCI-001453
+     nist: AC-17(2)
+     srg: SRG-OS-000250-GPOS-00093
+-    stigid@rhel8: RHEL-08-010294
++    stigid@almalinux8: RHEL-08-010294
+ 
+ ocil_clause: 'cryptographic policy for openssl is not configured or is configured incorrectly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
+index 13513cb4..60ddb8a9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
+index 96d8ce78..78e4ae08 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+index 8be710e2..1b609a09 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
+index 04409d51..76c29e61 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+index ae4f3c0c..a44d71a7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
+index fe410552..e1184893 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
+index 7a3b7c32..0eddf01d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+index ffe4a707..603ab6e9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure SSH to use System Crypto Policy'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
+index 0076833e..98facaf0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
+index da414e21..a95c2912 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
+index 1e8762ff..a05ff03d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
+index d3e1eb9e..e6900a3b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ #
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ SSH_CONF="/etc/sysconfig/sshd"
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
+index d5c2c2b9..355c89d5 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
+index cd7c4fb6..1deb135a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
+ 
+ cp="Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
+ file="/etc/crypto-policies/local.d/opensslcnf-ospp.config"
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml
+index f7dd2528..b1764526 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,rhcos4
++prodtype: rhel8,almalinux8,rhcos4
+ 
+ title: 'Harden OpenSSL Crypto Policy'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
+index 0debb6c7..f7e5d921 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
+index b1f745b6..2925fc55 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+index a01e5d13..ecd34e6f 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
+index d6fa6598..f33cb317 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+index 573375dc..52fe8501 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
+index eecad423..cd8e604c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
+index 7a3b7c32..0eddf01d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensslcnf.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
+index 17bf0e67..c633df0b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
+index 9b8e954f..8edf32e2 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
+index 63538daa..3e042aa8 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
+index 4460f191..bcab9c7f 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
+index 7c54b424..9e490182 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "#Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
+index 9da3614e..3f045e64 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
+index 3c198dd3..d264cb91 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
+index 05bccf0f..2913e604 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Ciphers aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
+index 7a7b44aa..6c8973d3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
+index 352c0920..fe139103 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ rm -f "$file"
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
+index 7e433ef0..bc80daa1 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
+index 5b9c44d1..e8e69c07 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
+index 40957c0f..5127c281 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
+index ec44ce92..0975f5fe 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
+index 1310f724..15133197 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "RekeyLimit 512M 1h\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
+index d4ec1fe7..92a5a459 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
+index 91976a67..ca683377 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
+index 259cf23a..a20d9284 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
+index c933ac99..c54c8242 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
+index 7ff44b61..156ce61c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
+index 24e709ea..9689bc39 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
+index a25f9a30..ce8219f3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
+index 269d73db..c1c74c14 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
+index 2f7ca269..2710f6ec 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
+index 77ea3eaa..c0c59c20 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
+index 3e1a9f78..e9a3d380 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
+index b6ff5881..5198a648 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ file="/etc/ssh/ssh_config.d/02-ospp.conf"
+ echo -e "Match final all\n\
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
+index 956a19f3..8c4ad2c9 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
+index cdc66a8a..997ed727 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+index 682ca436..8cb3e3fb 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel8
++prodtype: fedora,rhel8,almalinux8
+ 
+ title: 'Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+index 0a27a7e0..9d1613f3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+index 5cadd95b..ef215bad 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+index 26220063..ccb19599 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+index 55ef3f58..b379631a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+index 7105441a..ab012d8a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+index 6ad1f4fd..6f73c2b6 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+index 92bd4ed9..df4b63d7 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ incorrect_sshd_approved_ciphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+index 2138caad..50b1b349 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
+index 3e637f37..e86f8c4c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
+index eaa4463c..986fa499 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+index e904bc84..fb641b5e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8
++prodtype: rhel8,almalinux8
+ 
+ title: 'Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config'
+ 
+@@ -30,7 +30,7 @@ references:
+     disa: CCI-001453
+     nist: AC-17(2)
+     srg: SRG-OS-000250-GPOS-00093
+-    stigid@rhel8: RHEL-08-010291
++    stigid@almalinux8: RHEL-08-010291
+ 
+ ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+index 1a8911d5..fff3b756 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+index 3dde1479..3c0b9110 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+index f97f54db..a8d0ef50 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+index 11e596ce..b2301c45 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
+index 7a9a2a5e..25cf3fd3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
+ 
+ cp="CRYPTO_POLICY='-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'"
+ file=/etc/crypto-policies/local.d/opensshserver-ospp.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
+index 80ab3ffe..8b3d3f57 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle12,sle15,rhv4
++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,rhv4
+ 
+ title: 'Harden SSHD Crypto Policy'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
+index d0541b7a..e3f47684 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
+index 44434606..503b9d3c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+index a9222766..60b7a02f 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
+index b1e285f9..c2bd5f7b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
+index 754195e4..37165976 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+index 8bf264dc..4a1bb0ce 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
+index a7634669..a3d5a1af 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
+index 1928d2cf..6914ed91 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
+index 1c9dde77..152d2d39 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
+index b26992ce..0846b6ce 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("sshd_approved_macs") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+index d21f68ac..4ad71ae6 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel8
++prodtype: fedora,rhel8,almalinux8
+ 
+ title: 'Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+index 5a4b6887..2211658c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+index e713d254..2ee92db0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+index b8a63bec..1bed4c1e 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+index 55ef3f58..b379631a 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+index 9980a456..c46aa761 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+index d1303d60..7a90058d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+index 8b21af46..93a148d1 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+index 2138caad..50b1b349 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/openssh.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
+index 5ed61858..7a69caf3 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
+index 790a2951..81d971a6 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ . /usr/share/scap-security-guide/remediation_functions
+ {{{ bash_instantiate_variables("sshd_approved_macs") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
+index 0fd107a1..3144ec44 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8
++prodtype: rhel8,almalinux8
+ 
+ title: 'Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config'
+ 
+@@ -28,7 +28,7 @@ references:
+     disa: CCI-001453
+     nist: AC-17(2)
+     srg: SRG-OS-000250-GPOS-00093
+-    stigid@rhel8: RHEL-08-010290
++    stigid@almalinux8: RHEL-08-010290
+ 
+ ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+index 14da9221..59606fb0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+index 3dde1479..3c0b9110 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+index a50a0fc0..027fcba0 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+index 11e596ce..b2301c45 100644
+--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ 
+ configfile=/etc/crypto-policies/back-ends/opensshserver.config
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
+index beec02c9..878ed4ce 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ 
+ cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
+ {{{ openssl_strong_entropy_config_file() }}}
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml
+index ccd4752c..1e51025c 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml
+@@ -1,7 +1,7 @@
+ documentation_complete: true
+ 
+ # TODO: The plan is not to need this for RHEL>=8.4
+-prodtype: ol8,rhel8
++prodtype: ol8,rhel8,almalinux8
+ 
+ title: 'OpenSSL uses strong entropy source'
+ 
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
+index 6becf987..3f1fd277 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
+ # provide a default -rand /dev/random option to openssl commands that
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
+index 72b7daab..f4236e6b 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ rm -f /etc/profile.d/openssl-rand.sh
+diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
+index 7034224c..19393e1d 100644
+--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
++++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
+ 
+ echo "wrong data" > /etc/profile.d/openssl-rand.sh
+diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
+index 68ce3979..5460c879 100644
+--- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
++++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhel8,rhel9
++prodtype: ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Install crypto-policies package'
+ 
+diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
+index 1ac4527f..563cc96b 100644
+--- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml
+index 264d2f94..14cc99d5 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Install Virus Scanning Software'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
+index eb01fb01..11c89647 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install Intrusion Detection Software'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
+index 78b9bdee..9a60ee12 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Install McAfee Virus Scanning Software'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml
+index 6e9f3bcb..a89f3228 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Install the McAfee Runtime Libraries and Linux Agent'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml
+index dc856f8b..a5561435 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8
++prodtype: rhel7,rhel8,almalinux8
+ 
+ title: 'Virus Scanning Software Definitions Are Updated'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
+index 32c93446..28b73eaa 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8
++prodtype: rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure McAfee Endpoint Security for Linux (ENSL) is running'
+ 
+@@ -24,7 +24,7 @@ references:
+     nist: SI-2(2)
+     srg: SRG-OS-000191-GPOS-00080
+     stigid@rhel7: RHEL-07-020019
+-    stigid@rhel8: RHEL-08-010001
++    stigid@almalinux8: RHEL-08-010001
+ 
+ ocil_clause: 'virus scanning software is not running'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+index 4c7dc8d7..914c90f6 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8
++prodtype: rhel7,rhel8,almalinux8
+ 
+ title: 'Install McAfee Endpoint Security for Linux (ENSL)'
+ 
+@@ -26,7 +26,7 @@ references:
+     nist: SI-2(2)
+     srg: SRG-OS-000191-GPOS-00080
+     stigid@rhel7: RHEL-07-020019
+-    stigid@rhel8: RHEL-08-010001
++    stigid@almalinux8: RHEL-08-010001
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml
+index 3208a697..bd68f3a2 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Install the Asset Configuration Compliance Module (ACCM)'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml
+index 7bdc4fa8..8fb1bd7e 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Install the Policy Auditor (PA) Module'
+ 
+diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml
+index 83ef73b9..3ff9ea78 100644
+--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml
++++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8
++prodtype: rhel7,rhel8,almalinux8
+ 
+ title: 'Enable nails Service'
+ 
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+index 9486031b..4b9cb42d 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: "Enable Dracut FIPS Module"
+ 
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
+index b6c38443..ad7f71ce 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
+ # reboot = true
+ # strategy = restrict
+ # complexity = medium
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
+index 87476a7b..37673cc8 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
+@@ -1,3 +1,3 @@
+-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,Red Hat Virtualization 4
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,Red Hat Virtualization 4
+ 
+ fips-mode-setup --enable
+diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+index 64b18ac6..5e43f05d 100644
+--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: Enable FIPS Mode
+ 
+@@ -40,7 +40,7 @@ references:
+     nist: SC-12(2),SC-12(3),IA-7,SC-13,CM-6(a),SC-12
+     ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
+     srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
+ 
+ ocil_clause: 'FIPS mode is not enabled'
+diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
+index 2ef6c50d..f1085e5b 100644
+--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: Ensure '/etc/system-fips' exists
+ 
+diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
+index 949132df..7f78ed4c 100644
+--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
+@@ -18,7 +18,7 @@ description: |-
+     
  • On BIOS-based machines, issue the following command as root:
+     
    ~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    • 
+     
  • On UEFI-based machines, issue the following command as root:
+-    
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
++    
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
+     
+ 
+ rationale: |-
+diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+index 0fbca696..77a65f8e 100644
+--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
++++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
++prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: "Set kernel parameter 'crypto.fips_enabled' to 1"
+ 
+@@ -31,7 +31,7 @@ references:
+     nerc-cip: CIP-003-3 R4.2,CIP-007-3 R5.1
+     nist: SC-12(2),SC-12(3),IA-7,SC-13,CM-6(a),SC-12
+     srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000396-GPOS-00176,SRG-OS-000423-GPOS-00187,SRG-OS-000478-GPOS-00223
+-    stigid@rhel8: RHEL-08-010020
++    stigid@almalinux8: RHEL-08-010020
+     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
+ 
+ ocil_clause: 'crypto.fips_enabled is not 1'
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
+index 7c25aebf..19796558 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_package_install("aide") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+index e4a1668c..5a85573e 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
++prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Build and Test AIDE Database'
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
+index edef2721..7975ba73 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_sle,multi_platform_rhel
++# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
+index 0875eeec..a480f991 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+index 17a95bf4..2ee64ecc 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: sle12,sle15,ubuntu2004,rhel8,fedora
++prodtype: sle12,sle15,ubuntu2004,rhel8,almalinux8,fedora
+ 
+ title: 'Configure AIDE to Verify the Audit Tools'
+ 
+@@ -39,7 +39,7 @@ references:
+     disa: CCI-001496
+     nist: AU-9(3),AU-9(3).1
+     srg: SRG-OS-000278-GPOS-00108
+-    stigid@rhel8: RHEL-08-030650
++    stigid@almalinux8: RHEL-08-030650
+     stigid@sle12: SLES-12-010540
+     stigid@sle15: SLES-15-030630
+     stigid@ubuntu2004: UBTU-20-010205
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
+index 756b88d8..000925aa 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ 
+ yum -y install aide
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
+index f3a2a126..6d175e17 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ yum -y install aide
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
+index 4315cef2..00ce6b2e 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ 
+ yum -y install aide
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
+index aa605c85..0d3ad729 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux
+ 
+ {{{ bash_package_install("aide") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
+index e7991c7a..4e888b76 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019
+ 
+ title: 'Configure Periodic Execution of AIDE'
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
+index 5c11fc17..e4efb9ca 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+index 3d22d123..90372d96 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,wrlinux1019
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,wrlinux1019
+ 
+ title: 'Configure Notification of Post-AIDE Scan Details'
+ 
+@@ -47,7 +47,7 @@ references:
+     srg: SRG-OS-000363-GPOS-00150,SRG-OS-000447-GPOS-00201
+     stigid@ol7: OL07-00-020040
+     stigid@rhel7: RHEL-07-020040
+-    stigid@rhel8: RHEL-08-010360
++    stigid@almalinux8: RHEL-08-010360
+     stigid@sle12: SLES-12-010510
+ 
+ ocil_clause: 'AIDE has not been configured or has not been configured to notify personnel of scan details'
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
+index 34a11452..b22a658d 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
+ 
+ {{{ bash_package_install("aide") }}}
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
+index 51d6752a..d53ad860 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Configure AIDE to Use FIPS 140-2 for Validating Hashes'
+ 
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
+index 9f9f96e4..e654ec2e 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = aide
+-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
++# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
+ 
+ 
+ cat >/etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf <env_reset     tag, when specified, will run the command in a minimal environment,
+     containing the TERM, PATH, HOME, MAIL, SHELL, LOGNAME, USER and SUDO_* variables.
+-{{%- if product in ["rhel7", "rhel8"] %}}
++{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}}
+     On {{{ full_name }}}, env_reset is enabled by default
+ {{%- endif %}}
+     This should be enabled by making sure that the env_reset tag exists in
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml
+index f26a63e7..622055f3 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_add_ignore_dot/rule.yml
+@@ -1,13 +1,13 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure sudo Ignores Commands In Current Dir - sudo ignore_dot'
+ 
+ description: |-
+     The sudo ignore_dot tag, when specified, will ignore the current directory
+     in the PATH environment variable.
+-{{%- if product in ["rhel7", "rhel8"] %}}
++{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}}
+     On {{{ full_name }}}, env_reset is enabled by default
+ {{%- endif %}}
+     This should be enabled by making sure that the ignore_dot tag exists in
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
+index ae339952..40ef5a07 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure sudo passwd_timeout is appropriate - sudo passwd_timeout'
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml
+index 189c1b9d..3f3730f4 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/rule.yml
+@@ -1,13 +1,13 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure sudo umask is appropriate - sudo umask'
+ 
+ description: |-
+     The sudo umask tag, when specified, will be added the to the user's umask in the
+     command environment.
+-{{%- if product in ["rhel7", "rhel8"] %}}
++{{%- if product in ["rhel7", "rhel8", "almalinux8"] %}}
+     On {{{ full_name }}}, the default umask value is 0022.
+ {{% endif %}}
+     The umask should be configured by making sure that the umask=sub_var_value("var_sudo_umask") tag exists in
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh
+index 5d9a8b49..3710e371 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0022_state.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # variables = var_sudo_umask=0027
+ 
+ # Default umask is not explicitly set and has value 0022
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh
+index c7f7aee3..e7e8a022 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_0027_state.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # variables = var_sudo_umask=0027
+ 
+ # Default umask is not explicitly set and has value 0022
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh
+index 2f41b65d..96a098ef 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_and_default_state.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # variables = var_sudo_umask=0027
+ 
+ # Default umask is not explicitly set and has value 0022
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh
+index c86da249..c1ad2442 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # variables = var_sudo_umask=0027
+ 
+ echo "Defaults use_pty,umask=0022,noexec" >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
+index a812074a..e66bdc71 100644
+--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # variables = var_sudo_umask=0027
+ 
+ echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
+index b3f766f8..80c783ff 100644
+--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure a dedicated group owns sudo'
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
+index 1c87c96c..265432ee 100644
+--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ # Make sure sudo is owned by root group
+diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
+index bb1d3bd4..0d06c1c7 100644
+--- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
+@@ -37,7 +37,7 @@ references:
+     srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
+     stigid@ol7: OL07-00-010350
+     stigid@rhel7: RHEL-07-010350
+-    stigid@rhel8: RHEL-08-010381
++    stigid@almalinux8: RHEL-08-010381
+     stigid@sle12: SLES-12-010110
+     stigid@sle15: SLES-15-010450
+     vsrg: SRG-OS-000373-VMM-001470,SRG-OS-000373-VMM-001480,SRG-OS-000373-VMM-001490
+diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
+index 84c21869..b9032533 100644
+--- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
+@@ -38,7 +38,7 @@ references:
+     srg: SRG-OS-000373-GPOS-00156,SRG-OS-000373-GPOS-00157,SRG-OS-000373-GPOS-00158
+     stigid@ol7: OL07-00-010340
+     stigid@rhel7: RHEL-07-010340
+-    stigid@rhel8: RHEL-08-010380
++    stigid@almalinux8: RHEL-08-010380
+     stigid@sle12: SLES-12-010110
+     stigid@sle15: SLES-15-010450
+     vsrg: SRG-OS-000373-VMM-001470,SRG-OS-000373-VMM-001480,SRG-OS-000373-VMM-001490
+diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+index 8622d6af..db291979 100644
+--- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,sle12,sle15
++prodtype: rhel8,almalinux8,sle12,sle15
+ 
+ title: 'The operating system must require Re-Authentication when using the sudo command.
+  Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout'
+@@ -33,7 +33,7 @@ references:
+     disa: CCI-002038
+     nist: IA-11
+     srg: SRG-OS-000373-GPOS-00156
+-    stigid@rhel8: RHEL-08-010384
++    stigid@almalinux8: RHEL-08-010384
+     stigid@sle12: SLES-12-010113
+     stigid@sle15: SLES-15-020102
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml
+index 174da919..ee73e10e 100644
+--- a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8
++prodtype: rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure only owner and members of group owner of /usr/bin/sudo can execute it'
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+index a9a23baf..9304e425 100644
+--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+@@ -2,7 +2,7 @@ documentation_complete: true
+ 
+ title: 'The operating system must restrict privilege elevation to authorized personnel'
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ description: |-
+     The sudo command allows a user to execute programs with elevated
+@@ -33,7 +33,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010341
+     stigid@rhel7: RHEL-07-010341
+-    stigid@rhel8: RHEL-08-010382
++    stigid@almalinux8: RHEL-08-010382
+     stigid@sle12: SLES-12-010111
+     stigid@sle15: SLES-15-020101
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+index 2ce70f49..311a10d1 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+@@ -2,7 +2,7 @@ documentation_complete: true
+ 
+ title: 'Ensure invoking users password for privilege escalation when using sudo'
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ description: |-
+     The sudoers security policy requires that users authenticate themselves before they can use sudo.
+@@ -32,7 +32,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-010342
+     stigid@rhel7: RHEL-07-010342
+-    stigid@rhel8: RHEL-08-010383
++    stigid@almalinux8: RHEL-08-010383
+     stigid@sle12: SLES-12-010112
+     stigid@sle15: SLES-15-020103
+ 
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
+index 9706b8bd..c543b1b3 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+ # packages = sudo
+ 
+ if [ $(sudo egrep -i '(!rootpw|!targetpw|!runaspw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
+index 093f9dd8..0cd6dbf4 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+ # packages = sudo
+ 
+ echo 'Defaults !targetpw' >> /etc/sudoers
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
+index b12d1f88..eebf2cd7 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+ # packages = sudo
+ 
+ if [ $(sudo egrep -i '(!rootpw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
+index 93b3dfeb..5b180d91 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+ # packages = sudo
+ 
+ if [ $(sudo egrep -i '(!runaspw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
+diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
+index 103cb466..e23bcce4 100644
+--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
++++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+ # packages = sudo
+ 
+ if [ $(sudo egrep -i '(!targetpw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
+index f77d3bff..b0859cdf 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall abrt-addon-ccpp Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-addon-ccpp") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
+index 6e7b5d51..dd6157c4 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall abrt-addon-kerneloops Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-addon-kerneloops") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
+index ceacda79..24990e5d 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall abrt-addon-python Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-addon-python") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
+index 51b2541d..3a20fb80 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall abrt-cli Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-cli") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml
+index d5ee870a..723b0714 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall abrt-plugin-logger Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-plugin-logger") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml
+index ba9d22d6..b635c8ce 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall abrt-plugin-rhtsupport Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-plugin-rhtsupport") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
+index 484fb9a7..3f140aeb 100644
+--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall abrt-plugin-sosreport Package'
+ 
+@@ -20,7 +20,7 @@ identifiers:
+ references:
+     disa: CCI-000381
+     srg: SRG-OS-000095-GPOS-00049
+-    stigid@rhel8: RHEL-08-040001
++    stigid@almalinux8: RHEL-08-040001
+ 
+ {{{ complete_ocil_entry_package(package="abrt-plugin-sosreport") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml
+index ec4f690a..c432c0cb 100644
+--- a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Install binutils Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml
+index 8b657722..42471018 100644
+--- a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8
++prodtype: rhel8,almalinux8
+ 
+ title: 'Install dnf-plugin-subscription-manager Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml
+index e9863fa8..dbe2a912 100644
+--- a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall geolite2-city Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml
+index 1210a1e8..58d95cc6 100644
+--- a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall geolite2-country Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
+index 43a60100..62ed0519 100644
+--- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall gssproxy Package'
+ 
+@@ -20,7 +20,7 @@ identifiers:
+ references:
+     disa: CCI-000381,CCI-000366
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040370
++    stigid@almalinux8: RHEL-08-040370
+ 
+ {{{ complete_ocil_entry_package(package="gssproxy") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
+index fe76c57b..6f6971a4 100644
+--- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall iprutils Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000366
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040380
++    stigid@almalinux8: RHEL-08-040380
+ 
+ {{{ complete_ocil_entry_package(package="iprutils") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
+index 0e030e15..79bdf11b 100644
+--- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall krb5-workstation Package'
+ 
+@@ -24,7 +24,7 @@ identifiers:
+ references:
+     disa: CCI-000803
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000120-GPOS-00061
+-    stigid@rhel8: RHEL-08-010162
++    stigid@almalinux8: RHEL-08-010162
+ 
+ {{{ complete_ocil_entry_package(package="krb5-workstation") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml
+index 6696d589..a0122c7c 100644
+--- a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Install libcap-ng-utils Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml
+index c2c8a19a..28ab5955 100644
+--- a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install openscap-scanner Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml
+index 80a273bf..74169dbe 100644
+--- a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,rhel8
++prodtype: ol8,rhel8,almalinux8
+ 
+ title: 'Uninstall pigz Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
+index 2396f5bb..56da7af6 100644
+--- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Install rear Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+index 663a2706..319ef34c 100644
+--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install rng-tools Package'
+ 
+@@ -21,7 +21,7 @@ identifiers:
+ references:
+     disa: CCI-000366
+     srg: SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-010472
++    stigid@almalinux8: RHEL-08-010472
+ 
+ ocil_clause: 'the package is not installed'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml
+index a7f9dfd8..d5d24a55 100644
+--- a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install scap-security-guide Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
+index b90a7588..5e93b020 100644
+--- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,rhv4
++prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Install subscription-manager Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml
+index e5b9a440..e3c2435f 100644
+--- a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Install tar Package'
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
+index 9f5f17ec..9c5c9725 100644
+--- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Uninstall tuned Package'
+ 
+@@ -23,7 +23,7 @@ identifiers:
+ references:
+     disa: CCI-000366
+     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
+-    stigid@rhel8: RHEL-08-040390
++    stigid@almalinux8: RHEL-08-040390
+ 
+ {{{ complete_ocil_entry_package(package="tuned") }}}
+ 
+diff --git a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml
+index 0eb7a8dd..34344f55 100644
+--- a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml
++++ b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
+ 
+ title: 'Install vim Package'
+ 
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
+index caaeb5cd..b1f397c0 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
+index 929ef50c..d2207f47 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv
+ 
+ if grep --silent ^clean_requirements_on_remove /etc/yum.conf ; then
+         sed -i "s/^clean_requirements_on_remove.*/clean_requirements_on_remove=1/g" /etc/yum.conf
+diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+index b443bf0c..c15520fa 100644
+--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
++++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+ 
+ title: 'Ensure {{{ pkg_manager }}} Removes Previous Package Versions'
+ 
+@@ -46,7 +46,7 @@ references:
+     srg: SRG-OS-000437-GPOS-00194
+     stigid@ol7: OL07-00-020200
+     stigid@rhel7: RHEL-07-020200
+-    stigid@rhel8: RHEL-08-010440
++    stigid@almalinux8: RHEL-08-010440
+     stigid@sle12: SLES-12-010570
+     stigid@sle15: SLES-15-010560
+     stigid@ubuntu2004: UBTU-20-010449
+diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
+index 779189d9..209aee84 100644
+--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
+index 5467302f..b55188aa 100644
+--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
++++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: Configure dnf-automatic to Install Available Updates Automatically
+ 
+diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
+index ecf8379a..dab9e3f4 100644
+--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
++# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml
+index 351c9d43..6797fd60 100644
+--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml
++++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: Configure dnf-automatic to Install Only Security Updates
+ 
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
+new file mode 100644
+index 00000000..7912da04
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
+@@ -0,0 +1,39 @@
++# platform=multi_platform_almalinux
++# reboot = false
++# strategy = restrict
++# complexity = medium
++# disruption = medium
++- name: "Read permission of GPG key directory"
++  stat:
++    path: /etc/pki/rpm-gpg/
++  register: gpg_key_directory_permission
++  check_mode: no
++
++# It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well.
++
++- name: Read signatures in GPG key
++  # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10
++  command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
++  args:
++    warn: False
++  changed_when: False
++  register: gpg_fingerprints
++  check_mode: no
++
++- name: Set Fact - Installed GPG Fingerprints
++  set_fact:
++    gpg_installed_fingerprints: "{{ gpg_fingerprints.stdout | regex_findall('^pub.*\n(?:^fpr[:]*)([0-9A-Fa-f]*)', '\\1') | list }}"
++
++- name: Set Fact - Valid fingerprints
++  set_fact:
++    gpg_valid_fingerprints: ("{{{ release_key_fingerprint }}}" "{{{ auxiliary_key_fingerprint }}}")
++
++- name: Import AlmaLinux GPG key
++  rpm_key:
++    state: present
++    key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
++  when:
++   - gpg_key_directory_permission.stat.mode <= '0755'
++   - (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0
++   - gpg_installed_fingerprints | length > 0
++   - ansible_distribution == "AlmaLinux"
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
+new file mode 100644
+index 00000000..dee95716
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
+@@ -0,0 +1,26 @@
++# platform = multi_platform_almalinux
++readonly ALMALINUX_FINGERPRINT="5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8"
++
++# Location of the key we would like to import (once it's integrity verified)
++readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
++
++RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")")
++
++# Verify /etc/pki/rpm-gpg directory permissions are safe
++if [ "${RPM_GPG_DIR_PERMS}" -le "755" ]
++then
++  # If they are safe, try to obtain fingerprints from the key file
++  # (to ensure there won't be e.g. CRC error)
++  readarray -t GPG_OUT < <(gpg --with-fingerprint --with-colons "$ALMALINUX_RELEASE_KEY" | grep "^fpr" | cut -d ":" -f 10)
++  GPG_RESULT=$?
++  # No CRC error, safe to proceed
++  if [ "${GPG_RESULT}" -eq "0" ]
++  then
++    # Filter just hexadecimal fingerprints from gpg's output from
++    # processing of a key file
++    echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}" || {
++      # If $ ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
++      rpm --import "${ALMALINUX_RELEASE_KEY}"
++    }
++  fi
++fi
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
+new file mode 100644
+index 00000000..fb92fdb8
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
+@@ -0,0 +1,42 @@
++
++  
++    
++      AlmaLinux gpg-pubkey Package Installed
++      
++        multi_platform_almalinux
++      
++      The AlmaLinux key packages are required to be installed.
++    
++    
++      
++        
++          
++        
++        
++            
++
++        
++      
++    
++  
++
++  
++  
++    gpg-pubkey
++  
++
++  
++  
++    
++    
++  
++
++  
++    {{{ pkg_release }}}
++    {{{ pkg_version }}}
++  
++
++
+diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
+new file mode 100644
+index 00000000..3e4fe227
+--- /dev/null
++++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
+@@ -0,0 +1,46 @@
++documentation_complete: true
++
++prodtype: almalinux8
++
++title: 'Ensure AlmaLinux GPG Key Installed'
++
++description: |-
++    To ensure the system can cryptographically verify base software
++    packages come from AlmaLinux, the AlmaLinux GPG key must properly be installed.
++    To install the AlmaLinux GPG key, run:
++    
    $ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
    
++    If the system is not connected to the Internet,
++    then install the AlmaLinux GPG key from trusted media such as
++    the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted
++    in /media/cdrom, use the following command as the root user to import
++    it into the keyring:
++    
    $ sudo rpm --import /media/cdrom/RPM-GPG-KEY
    
++
++rationale: |-
++    Changes to software components can have significant effects on the
++    overall security of the operating system. This requirement ensures
++    the software has not been tampered with and that it has been provided
++    by a trusted vendor. The AlmaLinux GPG key is necessary to
++    cryptographically verify packages are from AlmaLinux.
++
++severity: high
++
++references:
++    cis: 1.2.2
++    disa: CCI-001749
++    nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b)
++    nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
++    pcidss: Req-6.2
++    isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6'
++    isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4
++    cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02
++    iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4
++    cis-csc: 11,2,3,9
++
++ocil_clause: 'the AlmaLinux GPG Key is not installed'
++
++ocil: |-
++    To ensure that the GPG key is installed, run:
++    
    $ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
    
++    The command should return the string below:
++    
    gpg(AlmaLinux <packager@almalinux.org>
    
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml
+index 24be33be..bd3c35ea 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+@@ -20,7 +20,7 @@
+     value: 1
+     no_extra_spaces: yes
+     create: False
+-  when: (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" or ansible_distribution == "Scientific" or yum_config_file.stat.exists)
++  when: (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" or ansible_distribution == "Scientific" or ansible_distribution == "AlmaLinux" or yum_config_file.stat.exists)
+ 
+ - name: Ensure GPG check is globally activated (dnf)
+   ini_file:
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
+index 4469a468..80996789 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+ . /usr/share/scap-security-guide/remediation_functions
+ 
+ replace_or_append "{{{ pkg_manager_config_file }}}" '^gpgcheck' '1' '@CCENUM@'
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+index 8bf083bb..b2359634 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+ 
+ title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration'
+ 
+@@ -57,7 +57,7 @@ references:
+     srg: SRG-OS-000366-GPOS-00153
+     stigid@ol7: OL07-00-020050
+     stigid@rhel7: RHEL-07-020050
+-    stigid@rhel8: RHEL-08-010370
++    stigid@almalinux8: RHEL-08-010370
+     stigid@sle12: SLES-12-010550
+     stigid@sle15: SLES-15-010430
+     vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml
+index 68553a12..c9cdb166 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = unknown
+ # complexity = low
+@@ -19,7 +19,7 @@
+     option: localpkg_gpgcheck
+     value: 1
+     create: True
+-  when: (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" or ansible_distribution == "Scientific" or yum_config_file.stat.exists)
++  when: (ansible_distribution == "RedHat" or ansible_distribution == "CentOS" or ansible_distribution == "Scientific" or ansible_distribution == "AlmaLinux" or yum_config_file.stat.exists)
+ 
+ - name: Ensure GPG check Enabled for Local Packages (DNF)
+   ini_file:
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
+index 0f2bd164..de00472e 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
+ 
+ title: 'Ensure gpgcheck Enabled for Local Packages'
+ 
+@@ -40,7 +40,7 @@ references:
+     srg: SRG-OS-000366-GPOS-00153
+     stigid@ol7: OL07-00-020060
+     stigid@rhel7: RHEL-07-020060
+-    stigid@rhel8: RHEL-08-010371
++    stigid@almalinux8: RHEL-08-010371
+     vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650
+ 
+ ocil_clause: 'gpgcheck is not enabled or configured correctly to verify local packages'
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+index a8cfc6e5..4ff55004 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+index a9b33d87..b1c33b4b 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+@@ -1,2 +1,2 @@
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+ sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+index 85666c5f..7af9b6da 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
+ 
+ title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories'
+ 
+diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
+index be2c7aa1..40ff5875 100644
+--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol7,ol8,rhel7,rhel8
++prodtype: ol7,ol8,rhel7,rhel8,almalinux8
+ 
+ title: 'Ensure gpgcheck Enabled for Repository Metadata'
+ 
+diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
+index dd52ba7e..18365b4b 100644
+--- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
++++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: 'Install dnf-automatic Package'
+ 
+diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
+index 70de60d2..18a53cc0 100644
+--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # reboot = true
+ # strategy = patch
+ # complexity = low
+diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+index 85c56011..89741252 100644
+--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
++++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804
++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804
+ 
+ title: 'Ensure Software Patches Installed'
+ 
+@@ -17,6 +17,11 @@ description: |-
+     
    $ sudo yum update
    
+     If the system is not configured to use one of these sources, updates (in the form of RPM packages)
+     can be manually downloaded from the ULN and installed using rpm.
++{{% elif product in ["almalinux8"] %}}
++    Run the following command to install updates:
++    
    $ sudo yum update
    
++    If the system is not configured to use repos, updates (in the form of RPM packages)
++    can be manually downloaded from the repos and installed using rpm.
+ {{% elif product in ["sle12", "sle15"] %}}
+     If the system is configured for online updates, invoking the following command will list available
+     security updates:
+@@ -62,7 +67,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
+     stigid@ol7: OL07-00-020260
+     stigid@rhel7: RHEL-07-020260
+-    stigid@rhel8: RHEL-08-010010
++    stigid@almalinux8: RHEL-08-010010
+     stigid@sle12: SLES-12-010010
+     stigid@sle15: SLES-15-010010
+     vmmsrg: SRG-OS-000480-VMM-002000
+diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
+index f0ae5076..8936b05c 100644
+--- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
++++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,rhel8,rhel9
++prodtype: fedora,ol8,rhel8,almalinux8,rhel9
+ 
+ title: Enable dnf-automatic Timer
+ 
+diff --git a/products/almalinux8/CMakeLists.txt b/products/almalinux8/CMakeLists.txt
+new file mode 100644
+index 00000000..c1ac2802
+--- /dev/null
++++ b/products/almalinux8/CMakeLists.txt
+@@ -0,0 +1,28 @@
++# Sometimes our users will try to do: "cd almalinux8; cmake ." That needs to error in a nice way.
++if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
++    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
++endif()
++
++set(PRODUCT "almalinux8")
++set(DISA_SRG_TYPE "os")
++
++ssg_build_product(${PRODUCT})
++
++ssg_build_html_table_by_ref(${PRODUCT} "nist")
++ssg_build_html_table_by_ref(${PRODUCT} "cui")
++ssg_build_html_table_by_ref(${PRODUCT} "cis")
++ssg_build_html_table_by_ref(${PRODUCT} "pcidss")
++ssg_build_html_table_by_ref(${PRODUCT} "anssi")
++
++ssg_build_html_nistrefs_table(${PRODUCT} "ospp")
++ssg_build_html_nistrefs_table(${PRODUCT} "stig")
++
++ssg_build_html_cce_table(${PRODUCT})
++
++ssg_build_html_srgmap_tables(${PRODUCT} "stig" ${DISA_SRG_TYPE})
++
++ssg_build_html_stig_tables(${PRODUCT})
++ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig")
++ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig_gui")
++
++#ssg_build_html_stig_tables(${PRODUCT} "ospp")
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
+new file mode 100644
+index 00000000..b6701749
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
+@@ -0,0 +1,163 @@
++# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-01-28
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
++# Ensure /usr Located On Separate Partition
++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev"
++# Ensure /opt Located On Separate Partition
++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
++# Ensure /srv Located On Separate Partition
++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media:
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
+new file mode 100644
+index 00000000..fe272bb1
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
+@@ -0,0 +1,167 @@
++# SCAP Security Guide ANSSI BP-028 (high) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2020-12-10
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
++# Ensure /usr Located On Separate Partition
++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev"
++# Ensure /opt Located On Separate Partition
++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
++# Ensure /srv Located On Separate Partition
++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media: 
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_high
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
+new file mode 100644
+index 00000000..99294f42
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
+@@ -0,0 +1,163 @@
++# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-01-28
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
++# Ensure /usr Located On Separate Partition
++logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=5000 --fsoptions="nodev"
++# Ensure /opt Located On Separate Partition
++logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
++# Ensure /srv Located On Separate Partition
++logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid"
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media:
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
+new file mode 100644
+index 00000000..4fbcdb6a
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
+@@ -0,0 +1,127 @@
++# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for AlmaLinux 8
++# Version: 0.0.1
++# Date: 2021-01-28
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media: 
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
+new file mode 100644
+index 00000000..200beffb
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
+@@ -0,0 +1,143 @@
++# SCAP Security Guide CIS profile (Level 2 - Server) kickstart for AlmaLinux 8 Server
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# sssd profile sets sha512 to hash passwords
++# passwords are shadowed by default
++# See the manual page for authselect-profile for a complete list of possible options.
++authselect select sssd
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
++logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++
++
++# Harden installation with CIS profile
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
+new file mode 100644
+index 00000000..d5474115
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
+@@ -0,0 +1,133 @@
++# SCAP Security Guide CIS profile (Level 1 - Server) kickstart for AlmaLinux 8 Server
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# sssd profile sets sha512 to hash passwords
++# passwords are shadowed by default
++# See the manual page for authselect-profile for a complete list of possible options.
++authselect select sssd
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++
++
++# Harden installation with CIS profile
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis_server_l1
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
+new file mode 100644
+index 00000000..2cabaa30
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
+@@ -0,0 +1,133 @@
++# SCAP Security Guide CIS profile (Level 1 - Workstation) kickstart for AlmaLinux 8 Server
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# sssd profile sets sha512 to hash passwords
++# passwords are shadowed by default
++# See the manual page for authselect-profile for a complete list of possible options.
++authselect select sssd
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++
++
++# Harden installation with CIS profile
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis_workstation_l1
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
+new file mode 100644
+index 00000000..09b19c64
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
+@@ -0,0 +1,143 @@
++# SCAP Security Guide CIS profile (Level 2 - Workstation) kickstart for AlmaLinux 8 Server
++# Version: 0.0.1
++# Date: 2021-08-12
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# sssd profile sets sha512 to hash passwords
++# passwords are shadowed by default
++# See the manual page for authselect-profile for a complete list of possible options.
++authselect select sssd
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
++logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++
++
++# Harden installation with CIS profile
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_cis_workstation_l2
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
+new file mode 100644
+index 00000000..69239029
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
+@@ -0,0 +1,164 @@
++# SCAP Security Guide CUI profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# --enableshadow	enable shadowed passwords by default
++# --passalgo		hash / crypt algorithm for new passwords
++# See the manual page for authconfig for a complete list of possible options.
++authconfig --enableshadow --passalgo=sha512
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media: 
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_cui
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
+new file mode 100644
+index 00000000..4f4aa074
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
+@@ -0,0 +1,122 @@
++# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 8 Server
++# Version: 0.0.1
++# Date: 2019-11-13
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# sssd profile sets sha512 to hash passwords
++# passwords are shadowed by default
++# See the manual page for authselect-profile for a complete list of possible options.
++authselect select sssd
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# Harden installation with Essential Eight profile
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_e8
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
+new file mode 100644
+index 00000000..7af28b5b
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
+@@ -0,0 +1,122 @@
++# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 8 Server
++# Version: 0.0.1
++# Date: 2020-05-25
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# sssd profile sets sha512 to hash passwords
++# passwords are shadowed by default
++# See the manual page for authselect-profile for a complete list of possible options.
++authselect select sssd
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# Harden installation with HIPAA profile
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_hipaa
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
+new file mode 100644
+index 00000000..4f469518
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
+@@ -0,0 +1,116 @@
++# SCAP Security Guide ISM Official profile kickstart for AlmaLinux 8 Server
++# Version: 0.0.1
++# Date: 2021-08-16
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++#
++network --onboot yes --device eth0 --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# encrypted password form for different plaintext password
++rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# sssd profile sets sha512 to hash passwords
++# passwords are shadowed by default
++# See the manual page for authselect-profile for a complete list of possible options.
++authselect select sssd
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++bootloader --location=mbr --append="crashkernel=auto rhgb quiet"
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++autopart
++
++# Harden installation with Essential Eight profile
++# For more details and configuration options see
++# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_ism_o
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
+new file mode 100644
+index 00000000..3b3996d9
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
+@@ -0,0 +1,164 @@
++# SCAP Security Guide OSPP profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# --enableshadow	enable shadowed passwords by default
++# --passalgo		hash / crypt algorithm for new passwords
++# See the manual page for authconfig for a complete list of possible options.
++authconfig --enableshadow --passalgo=sha512
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media: 
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_ospp
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
+new file mode 100644
+index 00000000..a2149a90
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
+@@ -0,0 +1,154 @@
++# SCAP Security Guide PCI-DSS profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url	        the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++network --onboot yes --bootproto dhcp --noipv6
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# --enableshadow	enable shadowed passwords by default
++# --passalgo		hash / crypt algorithm for new passwords
++# See the manual page for authconfig for a complete list of possible options.
++authconfig --enableshadow --passalgo=sha512
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++#
++# PASSWORD TEMPORARILY DISABLED
++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
++#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow
++# CCE-26557-9: Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# CCE-26435-8: Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# CCE-26639-5: Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# CCE-26215-4: Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev"
++logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media: 
++%addon org_fedora_oscap
++        content-type = scap-security-guide
++        profile = xccdf_org.ssgproject.content_profile_pci-dss
++%end
++
++# Packages selection (%packages section is required)
++%packages
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
+new file mode 100644
+index 00000000..7ac37fbd
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
+@@ -0,0 +1,165 @@
++# SCAP Security Guide STIG profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# --enableshadow	enable shadowed passwords by default
++# --passalgo		hash / crypt algorithm for new passwords
++# See the manual page for authconfig for a complete list of possible options.
++authconfig --enableshadow --passalgo=sha512
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++# 
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this 
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#  
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#   
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media: 
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_stig
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
+new file mode 100644
+index 00000000..4d7d477e
+--- /dev/null
++++ b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
+@@ -0,0 +1,165 @@
++# SCAP Security Guide STIG with GUI profile kickstart for AlmaLinux 8
++#
++# Based on:
++# https://pykickstart.readthedocs.io/en/latest/
++# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
++
++# Specify installation method to use for installation
++# To use a different one comment out the 'url' one below, update
++# the selected choice with proper options & un-comment it
++#
++# Install from an installation tree on a remote server via FTP or HTTP:
++# --url		the URL to install from
++#
++# Example:
++#
++# url --url=http://192.168.122.1/image
++#
++# Modify concrete URL in the above example appropriately to reflect the actual
++# environment machine is to be installed in
++#
++# Other possible / supported installation methods:
++# * install from the first CD-ROM/DVD drive on the system:
++#
++# cdrom
++#
++# * install from a directory of ISO images on a local drive:
++#
++# harddrive --partition=hdb2 --dir=/tmp/install-tree
++#
++# * install from provided NFS server:
++#
++# nfs --server= --dir= [--opts=]
++#
++# Set language to use during installation and the default language to use on the installed system (required)
++lang en_US.UTF-8
++
++# Set system keyboard type / layout (required)
++keyboard us
++
++# Configure network information for target system and activate network devices in the installer environment (optional)
++# --onboot	enable device at a boot time
++# --device	device to be activated and / or configured with the network command
++# --bootproto	method to obtain networking configuration for device (default dhcp)
++# --noipv6	disable IPv6 on this device
++#
++# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
++#       "--bootproto=static" must be used. For example:
++# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
++#
++network --onboot yes --bootproto dhcp
++
++# Set the system's root password (required)
++# Plaintext password is: server
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
++
++# The selected profile will restrict root login
++# Add a user that can login and escalate privileges
++# Plaintext password is: admin123
++user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
++
++# Configure firewall settings for the system (optional)
++# --enabled	reject incoming connections that are not in response to outbound requests
++# --ssh		allow sshd service through the firewall
++firewall --enabled --ssh
++
++# Set up the authentication options for the system (required)
++# --enableshadow	enable shadowed passwords by default
++# --passalgo		hash / crypt algorithm for new passwords
++# See the manual page for authconfig for a complete list of possible options.
++authconfig --enableshadow --passalgo=sha512
++
++# State of SELinux on the installed system (optional)
++# Defaults to enforcing
++selinux --enforcing
++
++# Set the system time zone (required)
++timezone --utc America/New_York
++
++# Specify how the bootloader should be installed (required)
++# Plaintext password is: password
++# Refer to e.g.
++#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++# to see how to create encrypted password form for different plaintext password
++bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++
++# Initialize (format) all disks (optional)
++zerombr
++
++# The following partition layout scheme assumes disk of size 20GB or larger
++# Modify size of partitions appropriately to reflect actual machine's hardware
++#
++# Remove Linux partitions from the system prior to creating new ones (optional)
++# --linux	erase all Linux partitions
++# --initlabel	initialize the disk label to the default based on the underlying architecture
++clearpart --linux --initlabel
++
++# Create primary system partitions (required for installs)
++part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
++part pv.01 --grow --size=1
++
++# Create a Logical Volume Management (LVM) group (optional)
++volgroup VolGroup --pesize=4096 pv.01
++
++# Create particular logical volumes (optional)
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
++# Ensure /tmp Located On Separate Partition
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
++logvol swap --name=swap --vgname=VolGroup --size=2016
++
++# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
++# content - security policies - on the installed system.This add-on has been enabled by default
++# since RHEL 7.2. When enabled, the packages necessary to provide this
++# functionality will automatically be installed. However, by default, no policies are enforced,
++# meaning that no checks are performed during or after installation unless specifically configured.
++#
++#  Important
++#   Applying a security policy is not necessary on all systems. This screen should only be used
++#   when a specific policy is mandated by your organization rules or government regulations.
++#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
++#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
++#   Values can be optionally enclosed in single quotes (') or double quotes (").
++#
++#  The following keys are recognized by the add-on:
++#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
++#      - If the content-type is scap-security-guide, the add-on will use content provided by the
++#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
++#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
++#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
++#    xccdf-id - ID of the benchmark you want to use.
++#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
++#    profile - ID of the profile to be applied. Use default to apply the default profile.
++#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
++#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
++#
++#  The following is an example %addon org_fedora_oscap section which uses content from the
++#  scap-security-guide on the installation media:
++%addon org_fedora_oscap
++	content-type = scap-security-guide
++	profile = xccdf_org.ssgproject.content_profile_stig_gui
++%end
++
++# Packages selection (%packages section is required)
++%packages
++
++# Require @Base
++@Base
++
++%end # End of %packages section
++
++# Reboot after the installation is complete (optional)
++# --eject	attempt to eject CD or DVD media before rebooting
++reboot --eject
+diff --git a/products/almalinux8/overlays/srg_support.xml b/products/almalinux8/overlays/srg_support.xml
+new file mode 100644
+index 00000000..08c87ea6
+--- /dev/null
++++ b/products/almalinux8/overlays/srg_support.xml
+@@ -0,0 +1,173 @@
++
+diff --git a/products/almalinux8/product.yml b/products/almalinux8/product.yml
+new file mode 100644
+index 00000000..052ac73e
+--- /dev/null
++++ b/products/almalinux8/product.yml
+@@ -0,0 +1,27 @@
++product: almalinux8
++full_name: AlmaLinux 8
++type: platform
++
++benchmark_root: "../../linux_os/guide"
++
++profiles_root: "./profiles"
++
++pkg_manager: "yum"
++
++init_system: "systemd"
++
++oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-8.xml"
++
++pkg_release: "5ffd890e"
++pkg_version: "3abb34f8"
++
++cpes_root: "../../shared/applicability"
++cpes:
++  - almalinux8:
++      name: "cpe:/o:almalinux:almalinux:8"
++      title: "AlmaLinux 8"
++      check_id: installed_OS_is_almalinux8
++
++# Mapping of CPE platform to package
++platform_package_overrides:
++  login_defs: "shadow-utils"
+diff --git a/products/almalinux8/profiles/anssi_bp28_enhanced.profile b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
+new file mode 100644
+index 00000000..4a34d1e2
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
+@@ -0,0 +1,16 @@
++documentation_complete: true
++
++title: 'ANSSI-BP-028 (enhanced)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++selections:
++    - anssi:all:enhanced
++    - '!selinux_state'
+diff --git a/products/almalinux8/profiles/anssi_bp28_high.profile b/products/almalinux8/profiles/anssi_bp28_high.profile
+new file mode 100644
+index 00000000..5336db82
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_high.profile
+@@ -0,0 +1,15 @@
++documentation_complete: true
++
++title: 'ANSSI-BP-028 (high)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++selections:
++    - anssi:all:high
+diff --git a/products/almalinux8/profiles/anssi_bp28_intermediary.profile b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
+new file mode 100644
+index 00000000..5b7bcebb
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
+@@ -0,0 +1,15 @@
++documentation_complete: true
++
++title: 'ANSSI-BP-028 (intermediary)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++selections:
++  - anssi:all:intermediary
+diff --git a/products/almalinux8/profiles/anssi_bp28_minimal.profile b/products/almalinux8/profiles/anssi_bp28_minimal.profile
+new file mode 100644
+index 00000000..b3fc48f8
+--- /dev/null
++++ b/products/almalinux8/profiles/anssi_bp28_minimal.profile
+@@ -0,0 +1,16 @@
++documentation_complete: true
++
++title: 'ANSSI-BP-028 (minimal)'
++
++description: |-
++    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.
++
++    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
++    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
++
++    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
++    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
++
++selections:
++  - anssi:all:minimal
++
+diff --git a/products/almalinux8/profiles/cis.profile b/products/almalinux8/profiles/cis.profile
+new file mode 100644
+index 00000000..d598a219
+--- /dev/null
++++ b/products/almalinux8/profiles/cis.profile
+@@ -0,0 +1,22 @@
++documentation_complete: true
++
++metadata:
++    version: 1.0.0
++    SMEs:
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Server'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 2 - Server"
++    configuration from the Center for Internet Security®
++    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l2_server
+diff --git a/products/almalinux8/profiles/cis_server_l1.profile b/products/almalinux8/profiles/cis_server_l1.profile
+new file mode 100644
+index 00000000..050a7789
+--- /dev/null
++++ b/products/almalinux8/profiles/cis_server_l1.profile
+@@ -0,0 +1,22 @@
++documentation_complete: true
++
++metadata:
++    version: 1.0.0
++    SMEs:
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Server'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 1 - Server"
++    configuration from the Center for Internet Security®
++    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l1_server
+diff --git a/products/almalinux8/profiles/cis_workstation_l1.profile b/products/almalinux8/profiles/cis_workstation_l1.profile
+new file mode 100644
+index 00000000..8ffc95a4
+--- /dev/null
++++ b/products/almalinux8/profiles/cis_workstation_l1.profile
+@@ -0,0 +1,22 @@
++documentation_complete: true
++
++metadata:
++    version: 1.0.0
++    SMEs:
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Workstation'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 1 - Workstation"
++    configuration from the Center for Internet Security®
++    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l1_workstation
+diff --git a/products/almalinux8/profiles/cis_workstation_l2.profile b/products/almalinux8/profiles/cis_workstation_l2.profile
+new file mode 100644
+index 00000000..9df68893
+--- /dev/null
++++ b/products/almalinux8/profiles/cis_workstation_l2.profile
+@@ -0,0 +1,22 @@
++documentation_complete: true
++
++metadata:
++    version: 1.0.0
++    SMEs:
++        - vojtapolasek
++        - yuumasato
++
++reference: https://www.cisecurity.org/benchmark/almalinux/
++
++title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Workstation'
++
++description: |-
++    This profile defines a baseline that aligns to the "Level 2 - Workstation"
++    configuration from the Center for Internet Security®
++    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
++
++    This profile includes Center for Internet Security®
++    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
++
++selections:
++    - cis_rhel8:all:l2_workstation
+diff --git a/products/almalinux8/profiles/cjis.profile b/products/almalinux8/profiles/cjis.profile
+new file mode 100644
+index 00000000..eec51034
+--- /dev/null
++++ b/products/almalinux8/profiles/cjis.profile
+@@ -0,0 +1,140 @@
++documentation_complete: false
++
++metadata:
++    version: 5.4
++    SMEs:
++        - carlosmmatos
++
++reference: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
++
++title: 'Criminal Justice Information Services (CJIS) Security Policy'
++
++description: |-
++    This profile is derived from FBI's CJIS v5.4
++    Security Policy. A copy of this policy can be found at the CJIS Security
++    Policy Resource Center:
++
++    https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
++
++selections:
++    - service_auditd_enabled
++    - grub2_audit_argument
++    - auditd_data_retention_num_logs
++    - auditd_data_retention_max_log_file
++    - auditd_data_retention_max_log_file_action
++    - auditd_data_retention_space_left_action
++    - auditd_data_retention_admin_space_left_action
++    - auditd_data_retention_action_mail_acct
++    - auditd_audispd_syslog_plugin_activated
++    - audit_rules_time_adjtimex
++    - audit_rules_time_settimeofday
++    - audit_rules_time_stime
++    - audit_rules_time_clock_settime
++    - audit_rules_time_watch_localtime
++    - audit_rules_usergroup_modification
++    - audit_rules_networkconfig_modification
++    - file_permissions_var_log_audit
++    - file_ownership_var_log_audit
++    - audit_rules_mac_modification
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_fchmod
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchown
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_setxattr
++    - audit_rules_login_events
++    - audit_rules_session_events
++    - audit_rules_unsuccessful_file_modification
++    - audit_rules_privileged_commands
++    - audit_rules_media_export
++    - audit_rules_file_deletion_events
++    - audit_rules_sysadmin_actions
++    - audit_rules_kernel_module_loading
++    - audit_rules_immutable
++    - account_unique_name
++    - gid_passwd_group_same
++    - accounts_password_all_shadowed
++    - no_empty_passwords
++    - display_login_attempts
++    - var_accounts_password_minlen_login_defs=12
++    - var_accounts_maximum_age_login_defs=90
++    - var_password_pam_unix_remember=10
++    - var_account_disable_post_pw_expiration=0
++    - var_password_pam_minlen=12
++    - var_accounts_minimum_age_login_defs=1
++    - var_password_pam_difok=6
++    - var_accounts_max_concurrent_login_sessions=3
++    - account_disable_post_pw_expiration
++    - accounts_password_pam_minlen
++    - accounts_minimum_age_login_defs
++    - accounts_password_pam_difok
++    - accounts_max_concurrent_login_sessions
++    - set_password_hashing_algorithm_systemauth
++    - set_password_hashing_algorithm_logindefs
++    - set_password_hashing_algorithm_libuserconf
++    - file_owner_etc_shadow
++    - file_groupowner_etc_shadow
++    - file_permissions_etc_shadow
++    - file_owner_etc_group
++    - file_groupowner_etc_group
++    - file_permissions_etc_group
++    - file_owner_etc_passwd
++    - file_groupowner_etc_passwd
++    - file_permissions_etc_passwd
++    - file_owner_grub2_cfg
++    - file_groupowner_grub2_cfg
++    - var_password_pam_retry=5
++    - var_accounts_passwords_pam_faillock_deny=5
++    - var_accounts_passwords_pam_faillock_unlock_time=600
++    - dconf_db_up_to_date
++    - dconf_gnome_screensaver_idle_delay
++    - dconf_gnome_screensaver_idle_activation_enabled
++    - dconf_gnome_screensaver_lock_enabled
++    - dconf_gnome_screensaver_mode_blank
++    - sshd_allow_only_protocol2
++    - sshd_set_idle_timeout
++    - var_sshd_set_keepalive=0
++    - sshd_set_keepalive_0
++    - disable_host_auth
++    - sshd_disable_root_login
++    - sshd_disable_empty_passwords
++    - sshd_enable_warning_banner
++    - sshd_do_not_permit_user_env
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
++    - kernel_module_dccp_disabled
++    - kernel_module_sctp_disabled
++    - service_firewalld_enabled
++    - set_firewalld_default_zone
++    - firewalld_sshd_port_enabled
++    - sshd_idle_timeout_value=30_minutes
++    - inactivity_timeout_value=30_minutes
++    - sysctl_net_ipv4_conf_default_accept_source_route
++    - sysctl_net_ipv4_tcp_syncookies
++    - sysctl_net_ipv4_conf_all_send_redirects
++    - sysctl_net_ipv4_conf_default_send_redirects
++    - sysctl_net_ipv4_conf_all_accept_redirects
++    - sysctl_net_ipv4_conf_default_accept_redirects
++    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
++    - var_password_pam_ocredit=1
++    - var_password_pam_dcredit=1
++    - var_password_pam_ucredit=1
++    - var_password_pam_lcredit=1
++    - package_aide_installed
++    - aide_build_database
++    - aide_periodic_cron_checking
++    - rpm_verify_permissions
++    - rpm_verify_hashes
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++    - security_patches_up_to_date
++    - kernel_module_bluetooth_disabled
+diff --git a/products/almalinux8/profiles/cui.profile b/products/almalinux8/profiles/cui.profile
+new file mode 100644
+index 00000000..53197176
+--- /dev/null
++++ b/products/almalinux8/profiles/cui.profile
+@@ -0,0 +1,32 @@
++documentation_complete: true
++
++metadata:
++    version: TBD
++    SMEs:
++        - carlosmmatos
++
++title: 'Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)'
++
++description: |-
++    From NIST 800-171, Section 2.2:
++    Security requirements for protecting the confidentiality of CUI in nonfederal
++    information systems and organizations have a well-defined structure that
++    consists of:
++
++    (i) a basic security requirements section;
++    (ii) a derived security requirements section.
++
++    The basic security requirements are obtained from FIPS Publication 200, which
++    provides the high-level and fundamental security requirements for federal
++    information and information systems. The derived security requirements, which
++    supplement the basic security requirements, are taken from the security controls
++    in NIST Special Publication 800-53.
++
++    This profile configures AlmaLinux 8 to the NIST Special
++    Publication 800-53 controls identified for securing Controlled Unclassified
++    Information (CUI)."
++
++extends: ospp
++
++selections:
++    - inactivity_timeout_value=10_minutes
+diff --git a/products/almalinux8/profiles/e8.profile b/products/almalinux8/profiles/e8.profile
+new file mode 100644
+index 00000000..d154b66f
+--- /dev/null
++++ b/products/almalinux8/profiles/e8.profile
+@@ -0,0 +1,149 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - shaneboulden
++
++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers 
++
++title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
++
++description: |-
++  This profile contains configuration checks for AlmaLinux 8
++  that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
++
++  A copy of the Essential Eight in Linux Environments guide can be found at the
++  ACSC website:
++
++  https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
++
++selections:
++
++  ### Remove obsolete packages
++  - package_talk_removed
++  - package_talk-server_removed
++  - package_xinetd_removed
++  - service_xinetd_disabled
++  - package_ypbind_removed
++  - package_telnet_removed
++  - service_telnet_disabled
++  - package_telnet-server_removed
++  - package_rsh_removed
++  - package_rsh-server_removed
++  - service_zebra_disabled
++  - package_quagga_removed
++  - service_avahi-daemon_disabled
++  - package_squid_removed
++  - service_squid_disabled
++
++  ### Software update
++  - ensure_almalinux_gpgkey_installed
++  - ensure_gpgcheck_never_disabled
++  - ensure_gpgcheck_local_packages
++  - ensure_gpgcheck_globally_activated
++  - security_patches_up_to_date
++  - dnf-automatic_security_updates_only
++
++  ### System security settings
++  - sysctl_kernel_randomize_va_space
++  - sysctl_kernel_exec_shield
++  - sysctl_kernel_kptr_restrict
++  - sysctl_kernel_dmesg_restrict
++  - sysctl_kernel_kexec_load_disabled
++  - sysctl_kernel_yama_ptrace_scope
++  - sysctl_kernel_unprivileged_bpf_disabled
++  - sysctl_net_core_bpf_jit_harden
++
++  ### SELinux
++  - var_selinux_state=enforcing
++  - selinux_state
++  - var_selinux_policy_name=targeted
++  - selinux_policytype
++
++  ### Filesystem integrity
++  - rpm_verify_hashes
++  - rpm_verify_permissions
++  - rpm_verify_ownership
++  - file_permissions_unauthorized_sgid
++  - file_permissions_unauthorized_suid
++  - file_permissions_unauthorized_world_writable
++  - dir_perms_world_writable_sticky_bits
++  - file_permissions_library_dirs
++  - file_ownership_binary_dirs
++  - file_permissions_binary_dirs
++  - file_ownership_library_dirs
++
++  ### Passwords
++  - no_empty_passwords
++
++  ### Partitioning
++  - mount_option_dev_shm_nodev
++  - mount_option_dev_shm_nosuid
++  - mount_option_dev_shm_noexec
++
++  ### Network
++  - package_firewalld_installed
++  - service_firewalld_enabled
++  - network_sniffer_disabled
++
++  ### Admin privileges
++  - accounts_no_uid_except_zero
++  - sudo_remove_nopasswd
++  - sudo_remove_no_authenticate
++  - sudo_require_authentication
++
++  ### Audit
++  - package_rsyslog_installed
++  - service_rsyslog_enabled
++  - service_auditd_enabled
++  - var_auditd_flush=incremental_async
++  - auditd_data_retention_flush
++  - auditd_local_events
++  - auditd_write_logs
++  - auditd_log_format
++  - auditd_freq
++  - auditd_name_format
++  - audit_rules_login_events_tallylog
++  - audit_rules_login_events_faillock
++  - audit_rules_login_events_lastlog
++  - audit_rules_login_events
++  - audit_rules_time_adjtimex
++  - audit_rules_time_clock_settime
++  - audit_rules_time_watch_localtime
++  - audit_rules_time_settimeofday
++  - audit_rules_time_stime
++  - audit_rules_execution_restorecon
++  - audit_rules_execution_chcon
++  - audit_rules_execution_semanage
++  - audit_rules_execution_setsebool
++  - audit_rules_execution_setfiles
++  - audit_rules_execution_seunshare
++  - audit_rules_sysadmin_actions
++  - audit_rules_networkconfig_modification
++  - audit_rules_usergroup_modification
++  - audit_rules_dac_modification_chmod
++  - audit_rules_dac_modification_chown
++  - audit_rules_kernel_module_loading
++
++  ### Secure access
++  - sshd_disable_root_login
++  - sshd_disable_gssapi_auth
++  - sshd_print_last_log
++  - sshd_do_not_permit_user_env
++  - sshd_disable_rhosts
++  - sshd_set_loglevel_info
++  - sshd_disable_empty_passwords
++  - sshd_disable_user_known_hosts
++  - sshd_enable_strictmodes
++
++  # See also: https://www.cyber.gov.au/acsc/view-all-content/guidance/asd-approved-cryptographic-algorithms
++  - var_system_crypto_policy=default_nosha1
++  - configure_crypto_policy
++  - configure_ssh_crypto_policy
++
++  ### Application whitelisting
++  - package_fapolicyd_installed
++  - service_fapolicyd_enabled
++
++  ### Backup
++  - package_rear_installed
+diff --git a/products/almalinux8/profiles/hipaa.profile b/products/almalinux8/profiles/hipaa.profile
+new file mode 100644
+index 00000000..43305cc2
+--- /dev/null
++++ b/products/almalinux8/profiles/hipaa.profile
+@@ -0,0 +1,165 @@
++documentation_complete: True
++
++metadata:
++    SMEs:
++        - jjaswanson4
++        - carlosmmatos
++
++reference: https://www.hhs.gov/hipaa/for-professionals/index.html
++
++title: 'Health Insurance Portability and Accountability Act (HIPAA)'
++
++description: |-
++    The HIPAA Security Rule establishes U.S. national standards to protect individuals’
++    electronic personal health information that is created, received, used, or
++    maintained by a covered entity. The Security Rule requires appropriate
++    administrative, physical and technical safeguards to ensure the
++    confidentiality, integrity, and security of electronic protected health
++    information.
++
++    This profile configures AlmaLinux 8 to the HIPAA Security
++    Rule identified for securing of electronic protected health information.
++    Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).   
++
++selections:
++    - grub2_password
++    - grub2_uefi_password
++    - file_groupowner_grub2_cfg
++    - file_permissions_grub2_cfg
++    - file_owner_grub2_cfg
++    - grub2_disable_interactive_boot
++    - no_direct_root_logins
++    - no_empty_passwords
++    - require_singleuser_auth
++    - restrict_serial_port_logins
++    - securetty_root_login_console_only
++    - service_debug-shell_disabled
++    - disable_ctrlaltdel_reboot
++    - disable_ctrlaltdel_burstaction
++    - dconf_db_up_to_date
++    - dconf_gnome_remote_access_credential_prompt
++    - dconf_gnome_remote_access_encryption
++    - sshd_disable_empty_passwords
++    - sshd_disable_root_login
++    - libreswan_approved_tunnels
++    - no_rsh_trust_files
++    - package_rsh-server_removed
++    - package_talk_removed
++    - package_talk-server_removed
++    - package_telnet_removed
++    - package_telnet-server_removed
++    - package_xinetd_removed
++    - service_crond_enabled
++    - service_rexec_disabled
++    - service_rlogin_disabled
++    - service_telnet_disabled
++    - service_xinetd_disabled
++    - service_zebra_disabled
++    - use_kerberos_security_all_exports
++    - disable_host_auth
++    - sshd_allow_only_protocol2
++    - sshd_disable_compression
++    - sshd_disable_gssapi_auth
++    - sshd_disable_kerb_auth
++    - sshd_do_not_permit_user_env
++    - sshd_enable_strictmodes
++    - sshd_enable_warning_banner
++    - var_sshd_set_keepalive=0
++    - sshd_set_keepalive_0
++    - encrypt_partitions
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
++    - var_selinux_policy_name=targeted
++    - var_selinux_state=enforcing
++    - grub2_enable_selinux
++    - sebool_selinuxuser_execheap
++    - sebool_selinuxuser_execmod
++    - sebool_selinuxuser_execstack
++    - selinux_confinement_of_daemons
++    - selinux_policytype
++    - selinux_state
++    - service_kdump_disabled
++    - sysctl_fs_suid_dumpable
++    - sysctl_kernel_dmesg_restrict
++    - sysctl_kernel_exec_shield
++    - sysctl_kernel_randomize_va_space
++    - rpm_verify_hashes
++    - rpm_verify_permissions
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++    - ensure_gpgcheck_local_packages
++    - grub2_audit_argument
++    - service_auditd_enabled
++    - audit_rules_privileged_commands_sudo
++    - audit_rules_privileged_commands_su
++    - audit_rules_immutable
++    - kernel_module_usb-storage_disabled
++    - service_autofs_disabled
++    - auditd_audispd_syslog_plugin_activated
++    - rsyslog_remote_loghost
++    - auditd_data_retention_flush
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchmod
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fchown
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_setxattr
++    - audit_rules_execution_chcon
++    - audit_rules_execution_restorecon
++    - audit_rules_execution_semanage
++    - audit_rules_execution_setsebool
++    - audit_rules_file_deletion_events_renameat
++    - audit_rules_file_deletion_events_rename
++    - audit_rules_file_deletion_events_rmdir
++    - audit_rules_file_deletion_events_unlinkat
++    - audit_rules_file_deletion_events_unlink
++    - audit_rules_kernel_module_loading_delete
++    - audit_rules_kernel_module_loading_init
++    - audit_rules_login_events_faillock
++    - audit_rules_login_events_lastlog
++    - audit_rules_login_events_tallylog
++    - audit_rules_mac_modification
++    - audit_rules_media_export
++    - audit_rules_networkconfig_modification
++    - audit_rules_privileged_commands_chage
++    - audit_rules_privileged_commands_chsh
++    - audit_rules_privileged_commands_crontab
++    - audit_rules_privileged_commands_gpasswd
++    - audit_rules_privileged_commands_newgrp
++    - audit_rules_privileged_commands_pam_timestamp_check
++    - audit_rules_privileged_commands_passwd
++    - audit_rules_privileged_commands_postdrop
++    - audit_rules_privileged_commands_postqueue
++    - audit_rules_privileged_commands_ssh_keysign
++    - audit_rules_privileged_commands_sudoedit
++    - audit_rules_privileged_commands_umount
++    - audit_rules_privileged_commands_unix_chkpwd
++    - audit_rules_privileged_commands_userhelper
++    - audit_rules_session_events
++    - audit_rules_sysadmin_actions
++    - audit_rules_system_shutdown
++    - audit_rules_time_adjtimex
++    - audit_rules_time_clock_settime
++    - audit_rules_time_settimeofday
++    - audit_rules_time_stime
++    - audit_rules_time_watch_localtime
++    - audit_rules_unsuccessful_file_modification_creat
++    - audit_rules_unsuccessful_file_modification_ftruncate
++    - audit_rules_unsuccessful_file_modification_openat
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at
++    - audit_rules_unsuccessful_file_modification_open
++    - audit_rules_unsuccessful_file_modification_truncate
++    - audit_rules_usergroup_modification_group
++    - audit_rules_usergroup_modification_gshadow
++    - audit_rules_usergroup_modification_opasswd
++    - audit_rules_usergroup_modification_passwd
++    - audit_rules_usergroup_modification_shadow
+diff --git a/products/almalinux8/profiles/ism_o.profile b/products/almalinux8/profiles/ism_o.profile
+new file mode 100644
+index 00000000..63aa09b3
+--- /dev/null
++++ b/products/almalinux8/profiles/ism_o.profile
+@@ -0,0 +1,135 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - shaneboulden
++        - wcushen
++        - ahamilto156
++
++reference: https://www.cyber.gov.au/ism
++
++title: 'Australian Cyber Security Centre (ACSC) ISM Official'
++
++description: |-
++  This profile contains configuration checks for AlmaLinux 8
++  that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
++  with the applicability marking of OFFICIAL.
++
++  The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
++  AlmaLinux security controls with the ISM, which can be used to select controls
++  specific to an organisation's security posture and risk profile.
++
++  A copy of the ISM can be found at the ACSC website:
++
++  https://www.cyber.gov.au/ism
++
++extends: e8
++
++selections:
++
++  ## Operating system configuration
++  ## Identifiers 1491
++  - no_shelllogin_for_systemaccounts
++
++  ## Local administrator accounts
++  ## Identifiers 1382 / 1410
++  - accounts_password_all_shadowed
++  - package_sudo_installed
++
++  ## Content filtering & Anti virus
++  ## Identifiers  0576 / 1341 / 1034 / 1417 / 1288
++  - package_aide_installed
++
++  ## Software firewall
++  ## Identifiers 1416
++  - configure_firewalld_ports
++  ## Removing due to build error
++  ## - configure_firewalld_rate_limiting
++  - firewalld_sshd_port_enabled
++  - set_firewalld_default_zone
++
++  ## Endpoint device control software
++  ## Identifiers 1418
++  - package_usbguard_installed
++  - service_usbguard_enabled
++  - usbguard_allow_hid_and_hub
++
++  ## Authentication hardening
++  ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560
++  ## 1561 / 1546 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431
++  - sshd_max_auth_tries_value=5
++  - disable_host_auth
++  - require_emergency_target_auth
++  - require_singleuser_auth
++  - sshd_disable_kerb_auth
++  - sshd_set_max_auth_tries
++
++  ## Password authentication & Protecting credentials
++  ## Identifiers 0421 / 0431 / 0418 / 1402
++  - var_password_pam_minlen=14
++  - var_accounts_password_warn_age_login_defs=7
++  - var_accounts_minimum_age_login_defs=1
++  - var_accounts_maximum_age_login_defs=60
++  - accounts_password_warn_age_login_defs
++  - accounts_maximum_age_login_defs
++  - accounts_minimum_age_login_defs
++  - accounts_passwords_pam_faillock_interval
++  - accounts_passwords_pam_faillock_unlock_time
++  - accounts_passwords_pam_faillock_deny
++  - accounts_passwords_pam_faillock_deny_root
++  - accounts_password_pam_minlen
++
++  ## Centralised logging facility
++  ## Identifiers 1405 / 0988
++  - rsyslog_cron_logging
++  - rsyslog_files_groupownership
++  - rsyslog_files_ownership
++  - rsyslog_files_permissions
++  - rsyslog_nolisten
++  - rsyslog_remote_loghost
++  - rsyslog_remote_tls
++  - rsyslog_remote_tls_cacert
++  - package_chrony_installed
++  - service_chronyd_enabled
++  - chronyd_or_ntpd_specify_multiple_servers
++  - chronyd_specify_remote_server
++  - service_chronyd_or_ntpd_enabled
++
++  ## Events to be logged
++  ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957
++  - display_login_attempts
++  - sebool_auditadm_exec_content
++  - audit_rules_privileged_commands
++  - audit_rules_session_events
++  - audit_rules_unsuccessful_file_modification
++  - audit_access_failed
++  - audit_access_success
++
++  ## Web application & Database servers
++  ## Identifiers 1552 / 1277
++  - openssl_use_strong_entropy
++
++  ## Network design and configuration
++  ## Identifiers 1055 / 1311
++  - network_nmcli_permissions
++  - service_snmpd_disabled
++  - snmpd_use_newer_protocol
++
++  ## Wireless networks
++  ## Identifiers 1315
++  - wireless_disable_interfaces
++
++  ## ASD Approved Cryptographic Algorithms
++  ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 /
++  ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 /  1139 /
++  ## 1372 / 1373 / 1374 / 1375
++  - enable_fips_mode
++  - var_system_crypto_policy=fips
++  - configure_crypto_policy
++
++  ## Secure Shell access
++  ## Identifiers 0484 / 1506 / 1449 / 0487
++  - sshd_allow_only_protocol2
++  - sshd_enable_warning_banner
++  - sshd_disable_x11_forwarding
++  - file_permissions_sshd_private_key
+diff --git a/products/almalinux8/profiles/ospp-mls.profile b/products/almalinux8/profiles/ospp-mls.profile
+new file mode 100644
+index 00000000..d1d1b8af
+--- /dev/null
++++ b/products/almalinux8/profiles/ospp-mls.profile
+@@ -0,0 +1,25 @@
++documentation_complete: false
++
++title: 'Protection Profile for General Purpose Operating Systems - MLS Mode'
++
++description: |-
++    Placeholder to put MLS specific rules
++
++extends: ospp
++
++selections:
++
++    ################################################
++    ## MUST INSTALL PACKAGES IN MLS MODE
++    #cups
++    #foomatic
++    #ghostscript
++    #ghostscript-fonts
++    #checkpolicy
++    #mcstrans
++    #policycoreutils-newrole
++    #selinux-policy-devel
++    ##xinetd
++    #iproute
++    #iputils
++    #netlabel_tools
+diff --git a/products/almalinux8/profiles/ospp.profile b/products/almalinux8/profiles/ospp.profile
+new file mode 100644
+index 00000000..ce4ccaf3
+--- /dev/null
++++ b/products/almalinux8/profiles/ospp.profile
+@@ -0,0 +1,445 @@
++documentation_complete: true
++
++metadata:
++    version: 4.2.1
++    SMEs:
++        - comps
++        - carlosmmatos
++        - stevegrubb
++
++reference: https://www.niap-ccevs.org/Profile/PP.cfm
++
++title: 'Protection Profile for General Purpose Operating Systems'
++
++description: |-
++    This profile reflects mandatory configuration controls identified in the
++    NIAP Configuration Annex to the Protection Profile for General Purpose
++    Operating Systems (Protection Profile Version 4.2.1).
++
++    This configuration profile is consistent with CNSSI-1253, which requires
++    U.S. National Security Systems to adhere to certain configuration
++    parameters. Accordingly, this configuration profile is suitable for
++    use in U.S. National Security Systems.
++
++selections:
++
++    #######################################################
++    ### GENERAL REQUIREMENTS
++    ### Things needed to meet OSPP functional requirements.
++    #######################################################
++
++    ### Partitioning
++    - mount_option_home_nodev
++    - mount_option_home_nosuid
++    - mount_option_tmp_nodev
++    - mount_option_tmp_noexec
++    - mount_option_tmp_nosuid
++    - partition_for_var_tmp
++    - mount_option_var_tmp_nodev
++    - mount_option_var_tmp_noexec
++    - mount_option_var_tmp_nosuid
++    - mount_option_dev_shm_nodev
++    - mount_option_dev_shm_noexec
++    - mount_option_dev_shm_nosuid
++    - mount_option_nodev_nonroot_local_partitions
++    - mount_option_boot_nodev
++    - mount_option_boot_nosuid
++    - partition_for_home
++    - partition_for_var
++    - mount_option_var_nodev
++    - partition_for_var_log
++    - mount_option_var_log_nodev
++    - mount_option_var_log_nosuid
++    - mount_option_var_log_noexec
++    - partition_for_var_log_audit
++    - mount_option_var_log_audit_nodev
++    - mount_option_var_log_audit_nosuid
++    - mount_option_var_log_audit_noexec
++
++    ### Services
++    # sshd
++    - sshd_disable_root_login
++    - sshd_enable_strictmodes
++    - disable_host_auth
++    - sshd_disable_empty_passwords
++    - sshd_disable_kerb_auth
++    - sshd_disable_gssapi_auth
++    - var_sshd_set_keepalive=0
++    - sshd_set_keepalive_0
++    - sshd_enable_warning_banner
++    - sshd_rekey_limit
++    - var_rekey_limit_size=1G
++    - var_rekey_limit_time=1hour
++    - sshd_use_strong_rng
++    - openssl_use_strong_entropy
++
++    # Time Server
++    - chronyd_client_only
++    - chronyd_no_chronyc_network
++
++    ### Network Settings
++    - sysctl_net_ipv6_conf_all_accept_ra
++    - sysctl_net_ipv6_conf_default_accept_ra
++    - sysctl_net_ipv4_conf_all_accept_redirects
++    - sysctl_net_ipv4_conf_default_accept_redirects
++    - sysctl_net_ipv6_conf_all_accept_redirects
++    - sysctl_net_ipv6_conf_default_accept_redirects
++    - sysctl_net_ipv4_conf_all_accept_source_route
++    - sysctl_net_ipv4_conf_default_accept_source_route
++    - sysctl_net_ipv6_conf_all_accept_source_route
++    - sysctl_net_ipv6_conf_default_accept_source_route
++    - sysctl_net_ipv4_conf_all_secure_redirects
++    - sysctl_net_ipv4_conf_default_secure_redirects
++    - sysctl_net_ipv4_conf_all_send_redirects
++    - sysctl_net_ipv4_conf_default_send_redirects
++    - sysctl_net_ipv4_conf_all_log_martians
++    - sysctl_net_ipv4_conf_default_log_martians
++    - sysctl_net_ipv4_conf_all_rp_filter
++    - sysctl_net_ipv4_conf_default_rp_filter
++    - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
++    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
++    - sysctl_net_ipv4_ip_forward
++    - sysctl_net_ipv4_tcp_syncookies
++
++    ### systemd
++    - disable_ctrlaltdel_reboot
++    - disable_ctrlaltdel_burstaction
++    - service_debug-shell_disabled
++
++    ### umask
++    - var_accounts_user_umask=027
++    - accounts_umask_etc_profile
++    - accounts_umask_etc_bashrc
++    - accounts_umask_etc_csh_cshrc
++
++    ### Software update
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_local_packages
++    - ensure_gpgcheck_never_disabled
++
++    ### Passwords
++    - var_password_pam_difok=4
++    - accounts_password_pam_difok
++    - var_password_pam_maxrepeat=3
++    - accounts_password_pam_maxrepeat
++    - var_password_pam_maxclassrepeat=4
++    - accounts_password_pam_maxclassrepeat
++
++    ### Kernel Config
++    ## Boot prompt
++    - grub2_audit_argument
++    - grub2_audit_backlog_limit_argument
++    - grub2_slub_debug_argument
++    - grub2_page_poison_argument
++    - grub2_vsyscall_argument
++    - grub2_vsyscall_argument.role=unscored
++    - grub2_vsyscall_argument.severity=info
++    - grub2_pti_argument
++    - grub2_kernel_trust_cpu_rng
++
++    ## Security Settings
++    - sysctl_kernel_kptr_restrict
++    - sysctl_kernel_dmesg_restrict
++    - sysctl_kernel_kexec_load_disabled
++    - sysctl_kernel_yama_ptrace_scope
++    - sysctl_kernel_perf_event_paranoid
++    - sysctl_user_max_user_namespaces
++    - sysctl_user_max_user_namespaces.role=unscored
++    - sysctl_user_max_user_namespaces.severity=info
++    - sysctl_kernel_unprivileged_bpf_disabled
++    - sysctl_net_core_bpf_jit_harden
++    - service_kdump_disabled
++
++    ## File System Settings
++    - sysctl_fs_protected_hardlinks
++    - sysctl_fs_protected_symlinks
++
++    ### Audit
++    - service_auditd_enabled
++    - var_auditd_flush=incremental_async
++    - auditd_data_retention_flush
++    - auditd_local_events
++    - auditd_write_logs
++    - auditd_log_format
++    - auditd_freq
++    - auditd_name_format
++
++    ### Module Blacklist
++    - kernel_module_cramfs_disabled
++    - kernel_module_bluetooth_disabled
++    - kernel_module_sctp_disabled
++    - kernel_module_firewire-core_disabled
++    - kernel_module_atm_disabled
++    - kernel_module_can_disabled
++    - kernel_module_tipc_disabled
++
++    ### rpcbind
++
++    ### Install Required Packages
++    - package_aide_installed
++    - package_dnf-automatic_installed
++    - package_subscription-manager_installed
++    - package_dnf-plugin-subscription-manager_installed
++    - package_firewalld_installed
++    - package_openscap-scanner_installed
++    - package_policycoreutils_installed
++    - package_sudo_installed
++    - package_usbguard_installed
++    - package_scap-security-guide_installed
++    - package_audit_installed
++    - package_crypto-policies_installed
++    - package_openssh-server_installed
++    - package_openssh-clients_installed
++    - package_policycoreutils-python-utils_installed
++    - package_rsyslog_installed
++    - package_rsyslog-gnutls_installed
++    - package_audispd-plugins_installed
++    - package_chrony_installed
++    - package_gnutls-utils_installed
++
++    ### Remove Prohibited Packages
++    - package_sendmail_removed
++    - package_iprutils_removed
++    - package_gssproxy_removed
++    - package_nfs-utils_removed
++    - package_krb5-workstation_removed
++    - package_abrt-addon-kerneloops_removed
++    - package_abrt-addon-python_removed
++    - package_abrt-addon-ccpp_removed
++    - package_abrt-plugin-rhtsupport_removed
++    - package_abrt-plugin-logger_removed
++    - package_abrt-plugin-sosreport_removed
++    - package_abrt-cli_removed
++    - package_abrt_removed
++
++    ### Login
++    - disable_users_coredumps
++    - sysctl_kernel_core_pattern
++    - coredump_disable_storage
++    - coredump_disable_backtraces
++    - service_systemd-coredump_disabled
++    - var_accounts_max_concurrent_login_sessions=10
++    - accounts_max_concurrent_login_sessions
++    - securetty_root_login_console_only
++    - var_password_pam_unix_remember=5
++    - accounts_password_pam_unix_remember
++    - use_pam_wheel_for_su
++
++    ### SELinux Configuration
++    - var_selinux_state=enforcing
++    - selinux_state
++    - var_selinux_policy_name=targeted
++    - selinux_policytype
++
++    ### Application Whitelisting (RHEL 8)
++    - package_fapolicyd_installed
++    - service_fapolicyd_enabled
++
++    ### Configure USBGuard
++    - service_usbguard_enabled
++    - configure_usbguard_auditbackend
++    - usbguard_allow_hid_and_hub
++
++
++    ### Enable / Configure FIPS
++    - enable_fips_mode
++    - var_system_crypto_policy=fips_ospp
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
++    - configure_bind_crypto_policy
++    - configure_openssl_crypto_policy
++    - configure_libreswan_crypto_policy
++    - configure_kerberos_crypto_policy
++    - enable_dracut_fips_module
++
++    #######################################################
++    ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE
++    ### FOR GENERAL PURPOSE OPERATING SYSTEMS
++    ### ANNEX RELEASE 1
++    ### FOR PROTECTION PROFILE VERSIONS 4.2
++    ###
++    ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/
++    #######################################################
++
++    ## Configure Minimum Password Length to 12 Characters
++    ## IA-5 (1)(a) / FMT_MOF_EXT.1
++    - var_accounts_password_minlen_login_defs=12
++    - accounts_password_minlen_login_defs
++    - var_password_pam_minlen=12
++    - accounts_password_pam_minlen
++
++    ## Require at Least 1 Special Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_ocredit=1
++    - accounts_password_pam_ocredit
++
++    ## Require at Least 1 Numeric Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_dcredit=1
++    - accounts_password_pam_dcredit
++
++    ## Require at Least 1 Uppercase Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_ucredit=1
++    - accounts_password_pam_ucredit
++
++    ## Require at Least 1 Lowercase Character in Password
++    ## IA-5(1)(a) / FMT_MOF_EXT.1
++    - var_password_pam_lcredit=1
++    - accounts_password_pam_lcredit
++
++    ## Enable Screen Lock
++    ## FMT_MOF_EXT.1
++    - package_tmux_installed
++    - configure_bashrc_exec_tmux
++    - no_tmux_in_shells
++    - configure_tmux_lock_command
++    - configure_tmux_lock_after_time
++
++    ## Set Screen Lock Timeout Period to 30 Minutes or Less
++    ## AC-11(a) / FMT_MOF_EXT.1
++    ## We deliberately set sshd timeout to 1 minute before tmux lock timeout
++    - sshd_idle_timeout_value=14_minutes
++    - sshd_set_idle_timeout
++
++    ## Disable Unauthenticated Login (such as Guest Accounts)
++    ## FIA_UAU.1
++    - require_singleuser_auth
++    - grub2_disable_interactive_boot
++    - grub2_uefi_password
++    - no_empty_passwords
++
++    ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes
++    ## AC-7 / FIA_AFL.1
++    - var_accounts_passwords_pam_faillock_deny=3
++    - accounts_passwords_pam_faillock_deny
++    - var_accounts_passwords_pam_faillock_fail_interval=900
++    - accounts_passwords_pam_faillock_interval
++    - var_accounts_passwords_pam_faillock_unlock_time=never
++    - accounts_passwords_pam_faillock_unlock_time
++
++    ## Enable Host-Based Firewall
++    ## SC-7(12) / FMT_MOF_EXT.1
++    - service_firewalld_enabled
++
++    ## Configure Name/Addres of Remote Management Server
++    ##  From Which to Receive Config Settings
++    ## CM-3(3) / FMT_MOF_EXT.1
++
++    ## Configure the System to Offload Audit Records to a Log
++    ##  Server
++    ## AU-4(1) / FAU_GEN.1.1.c
++    # temporarily dropped
++
++    ## Set Logon Warning Banner
++    ## AC-8(a) / FMT_MOF_EXT.1
++
++    ## Audit All Logons (Success/Failure) and Logoffs (Success)
++    ##  CNSSI 1253 Value or DoD-Specific Values:
++    ##      (1) Logons (Success/Failure)
++    ##      (2) Logoffs (Success)
++    ## AU-2(a) / FAU_GEN.1.1.c
++
++    ## Audit File and Object Events (Unsuccessful)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      (1) Create (Success/Failure)
++    ##      (2) Access (Success/Failure)
++    ##      (3) Delete (Sucess/Failure)
++    ##      (4) Modify (Success/Failure)
++    ##      (5) Permission Modification (Sucess/Failure)
++    ##      (6) Ownership Modification (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ##
++    ##
++    ## (1) Create (Success/Failure)
++    ##      (open with O_CREAT)
++    ## (2) Access (Success/Failure)
++    ## (3) Delete (Success/Failure)
++    ## (4) Modify (Success/Failure)
++    ## (5) Permission Modification (Success/Failure)
++    ## (6) Ownership Modification (Success/Failure)
++
++    ## Audit User and Group Management Events (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      (1) User add, delete, modify, disable, enable (Success/Failure)
++    ##      (2) Group/Role add, delete, modify (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ##
++    ## Generic User and Group Management Events (Success/Failure)
++    ## Selection of setuid programs that relate to
++    ## user accounts.
++    ##
++    ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure)
++    ##
++    ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure)
++    ##
++    ## Audit Privilege or Role Escalation Events (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      - Privilege/Role escalation (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ## Audit All Audit and Log Data Accesses (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      - Audit and log data access (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ## Audit Cryptographic Verification of Software (Success/Failure)
++    ##  CNSSI 1253 Value or DoD-specific Values:
++    ##      - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
++    ##        etc) initialization (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
++    ## AU-2(a) / FAU_GEN.1.1.c
++    - audit_basic_configuration
++    - audit_immutable_login_uids
++    - audit_create_failed
++    - audit_create_success
++    - audit_modify_failed
++    - audit_modify_success
++    - audit_access_failed
++    - audit_access_success
++    - audit_delete_failed
++    - audit_delete_success
++    - audit_perm_change_failed
++    - audit_perm_change_success
++    - audit_owner_change_failed
++    - audit_owner_change_success
++    - audit_ospp_general
++    - audit_module_load
++
++    ## Enable Automatic Software Updates
++    ## SI-2 / FMT_MOF_EXT.1
++    # Configure dnf-automatic to Install Only Security Updates
++    - dnf-automatic_security_updates_only
++
++    # Configure dnf-automatic to Install Available Updates Automatically
++    - dnf-automatic_apply_updates
++
++    # Enable dnf-automatic Timer
++    - timer_dnf-automatic_enabled
++
++    # Configure TLS for remote logging
++    - rsyslog_remote_tls
++    - rsyslog_remote_tls_cacert
++
++    # Prevent Kerberos use by system daemons
++    - kerberos_disable_no_keytab
++
++    # set ssh client rekey limit
++    - ssh_client_rekey_limit
++    - var_ssh_client_rekey_limit_size=1G
++    - var_ssh_client_rekey_limit_time=1hour
++
++# configure ssh client to use strong entropy
++    - ssh_client_use_strong_rng_sh
++    - ssh_client_use_strong_rng_csh
++
++    # zIPl specific rules
++    - zipl_bls_entries_only
++    - zipl_bootmap_is_up_to_date
++    - zipl_audit_argument
++    - zipl_audit_backlog_limit_argument
++    - zipl_slub_debug_argument
++    - zipl_page_poison_argument
++    - zipl_vsyscall_argument
++    - zipl_vsyscall_argument.role=unscored
++    - zipl_vsyscall_argument.severity=info
+diff --git a/products/almalinux8/profiles/pci-dss.profile b/products/almalinux8/profiles/pci-dss.profile
+new file mode 100644
+index 00000000..9faa9b1f
+--- /dev/null
++++ b/products/almalinux8/profiles/pci-dss.profile
+@@ -0,0 +1,148 @@
++documentation_complete: true
++
++metadata:
++    SMEs:
++        - carlosmmatos
++
++reference: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
++
++title: 'PCI-DSS v3.2.1 Control Baseline for AlmaLinux 8'
++
++description: |-
++    Ensures PCI-DSS v3.2.1 security configuration settings are applied.
++
++selections:
++    - var_password_pam_unix_remember=4
++    - var_account_disable_post_pw_expiration=90
++    - var_accounts_passwords_pam_faillock_deny=6
++    - var_accounts_passwords_pam_faillock_unlock_time=1800
++    - sshd_idle_timeout_value=15_minutes
++    - var_password_pam_minlen=7
++    - var_password_pam_minclass=2
++    - var_accounts_maximum_age_login_defs=90
++    - var_auditd_num_logs=5
++    - service_auditd_enabled
++    - grub2_audit_argument
++    - auditd_data_retention_num_logs
++    - auditd_data_retention_max_log_file
++    - auditd_data_retention_max_log_file_action
++    - auditd_data_retention_space_left_action
++    - auditd_data_retention_admin_space_left_action
++    - auditd_data_retention_action_mail_acct
++    - package_audispd-plugins_installed
++    - auditd_audispd_syslog_plugin_activated
++    - audit_rules_time_adjtimex
++    - audit_rules_time_settimeofday
++    - audit_rules_time_stime
++    - audit_rules_time_clock_settime
++    - audit_rules_time_watch_localtime
++    - audit_rules_usergroup_modification_group
++    - audit_rules_usergroup_modification_gshadow
++    - audit_rules_usergroup_modification_opasswd
++    - audit_rules_usergroup_modification_passwd
++    - audit_rules_usergroup_modification_shadow
++    - audit_rules_networkconfig_modification
++    - file_permissions_var_log_audit
++    - file_ownership_var_log_audit
++    - audit_rules_mac_modification
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_fchmod
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchown
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_setxattr
++    - audit_rules_login_events
++    - audit_rules_session_events
++    - audit_rules_unsuccessful_file_modification_creat
++    - audit_rules_unsuccessful_file_modification_ftruncate
++    - audit_rules_unsuccessful_file_modification_open
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at
++    - audit_rules_unsuccessful_file_modification_openat
++    - audit_rules_unsuccessful_file_modification_truncate
++    - audit_rules_privileged_commands
++    - audit_rules_media_export
++    - audit_rules_file_deletion_events_rename
++    - audit_rules_file_deletion_events_renameat
++    - audit_rules_file_deletion_events_rmdir
++    - audit_rules_file_deletion_events_unlink
++    - audit_rules_file_deletion_events_unlinkat
++    - audit_rules_sysadmin_actions
++    - audit_rules_kernel_module_loading_delete
++    - audit_rules_kernel_module_loading_finit
++    - audit_rules_kernel_module_loading_init
++    - audit_rules_immutable
++    - var_multiple_time_servers=rhel
++    - service_chronyd_or_ntpd_enabled
++    - chronyd_or_ntpd_specify_remote_server
++    - chronyd_or_ntpd_specify_multiple_servers
++    - rpm_verify_permissions
++    - rpm_verify_hashes
++    - install_hids
++    - rsyslog_files_permissions
++    - rsyslog_files_ownership
++    - rsyslog_files_groupownership
++    - ensure_logrotate_activated
++    - package_aide_installed
++    - aide_build_database
++    - aide_periodic_cron_checking
++    - account_unique_name
++    - gid_passwd_group_same
++    - accounts_password_all_shadowed
++    - no_empty_passwords
++    - display_login_attempts
++    - account_disable_post_pw_expiration
++    - accounts_passwords_pam_faillock_deny
++    - accounts_passwords_pam_faillock_unlock_time
++    - dconf_db_up_to_date
++    - dconf_gnome_screensaver_idle_delay
++    - dconf_gnome_screensaver_idle_activation_enabled
++    - dconf_gnome_screensaver_lock_enabled
++    - dconf_gnome_screensaver_mode_blank
++    - sshd_set_idle_timeout
++    - var_sshd_set_keepalive=0
++    - sshd_set_keepalive_0
++    - accounts_password_pam_minlen
++    - accounts_password_pam_dcredit
++    - accounts_password_pam_ucredit
++    - accounts_password_pam_lcredit
++    - accounts_password_pam_unix_remember
++    - accounts_maximum_age_login_defs
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++    - security_patches_up_to_date
++    - package_opensc_installed
++    - var_smartcard_drivers=cac
++    - configure_opensc_card_drivers
++    - force_opensc_card_drivers
++    - package_pcsc-lite_installed
++    - service_pcscd_enabled
++    - sssd_enable_smartcards
++    - set_password_hashing_algorithm_systemauth
++    - set_password_hashing_algorithm_logindefs
++    - set_password_hashing_algorithm_libuserconf
++    - file_owner_etc_shadow
++    - file_groupowner_etc_shadow
++    - file_permissions_etc_shadow
++    - file_owner_etc_group
++    - file_groupowner_etc_group
++    - file_permissions_etc_group
++    - file_owner_etc_passwd
++    - file_groupowner_etc_passwd
++    - file_permissions_etc_passwd
++    - file_owner_grub2_cfg
++    - file_groupowner_grub2_cfg
++    - package_libreswan_installed
++    - configure_crypto_policy
++    - configure_bind_crypto_policy
++    - configure_openssl_crypto_policy
++    - configure_libreswan_crypto_policy
++    - configure_ssh_crypto_policy
++    - configure_kerberos_crypto_policy
+diff --git a/products/almalinux8/profiles/rht-ccp.profile b/products/almalinux8/profiles/rht-ccp.profile
+new file mode 100644
+index 00000000..282e0b0b
+--- /dev/null
++++ b/products/almalinux8/profiles/rht-ccp.profile
+@@ -0,0 +1,100 @@
++documentation_complete: false
++
++title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)'
++
++description: |-
++    This profile contains the minimum security relevant
++    configuration settings recommended by Red Hat, Inc for
++    instances deployed by Red Hat Certified Cloud Providers.
++
++selections:
++    - var_selinux_state=enforcing
++    - var_selinux_policy_name=targeted
++    - file_owner_logfiles_value=root
++    - file_groupowner_logfiles_value=root
++    - sshd_idle_timeout_value=5_minutes
++    - var_accounts_password_minlen_login_defs=6
++    - var_accounts_minimum_age_login_defs=7
++    - var_accounts_passwords_pam_faillock_deny=5
++    - var_accounts_password_warn_age_login_defs=7
++    - var_password_pam_retry=3
++    - var_password_pam_dcredit=1
++    - var_password_pam_ucredit=2
++    - var_password_pam_ocredit=2
++    - var_password_pam_lcredit=2
++    - var_password_pam_difok=3
++    - var_password_pam_unix_remember=5
++    - var_accounts_user_umask=077
++    - login_banner_text=usgcb_default
++    - partition_for_tmp
++    - partition_for_var
++    - partition_for_var_log
++    - partition_for_var_log_audit
++    - selinux_state
++    - selinux_policytype
++    - ensure_almalinux_gpgkey_installed
++    - security_patches_up_to_date
++    - ensure_gpgcheck_globally_activated
++    - ensure_gpgcheck_never_disabled
++    - package_aide_installed
++    - accounts_password_pam_unix_remember
++    - no_shelllogin_for_systemaccounts
++    - no_empty_passwords
++    - accounts_password_all_shadowed
++    - accounts_no_uid_except_zero
++    - accounts_password_minlen_login_defs
++    - accounts_minimum_age_login_defs
++    - accounts_password_warn_age_login_defs
++    - accounts_password_pam_retry
++    - accounts_password_pam_dcredit
++    - accounts_password_pam_ucredit
++    - accounts_password_pam_ocredit
++    - accounts_password_pam_lcredit
++    - accounts_password_pam_difok
++    - accounts_passwords_pam_faillock_deny
++    - set_password_hashing_algorithm_systemauth
++    - set_password_hashing_algorithm_logindefs
++    - set_password_hashing_algorithm_libuserconf
++    - require_singleuser_auth
++    - file_owner_etc_shadow
++    - file_groupowner_etc_shadow
++    - file_permissions_etc_shadow
++    - file_owner_etc_gshadow
++    - file_groupowner_etc_gshadow
++    - file_permissions_etc_gshadow
++    - file_owner_etc_passwd
++    - file_groupowner_etc_passwd
++    - file_permissions_etc_passwd
++    - file_owner_etc_group
++    - file_groupowner_etc_group
++    - file_permissions_etc_group
++    - file_permissions_library_dirs
++    - file_ownership_library_dirs
++    - file_permissions_binary_dirs
++    - file_ownership_binary_dirs
++    - file_permissions_var_log_audit
++    - file_owner_grub2_cfg
++    - file_groupowner_grub2_cfg
++    - file_permissions_grub2_cfg
++    - grub2_password
++    - kernel_module_dccp_disabled
++    - kernel_module_sctp_disabled
++    - service_firewalld_enabled
++    - set_firewalld_default_zone
++    - firewalld_sshd_port_enabled
++    - service_abrtd_disabled
++    - service_telnet_disabled
++    - package_telnet-server_removed
++    - package_telnet_removed
++    - sshd_allow_only_protocol2
++    - sshd_set_idle_timeout
++    - var_sshd_set_keepalive=0
++    - sshd_set_keepalive_0
++    - disable_host_auth
++    - sshd_disable_root_login
++    - sshd_disable_empty_passwords
++    - sshd_enable_warning_banner
++    - sshd_do_not_permit_user_env
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_ssh_crypto_policy
+diff --git a/products/almalinux8/profiles/standard.profile b/products/almalinux8/profiles/standard.profile
+new file mode 100644
+index 00000000..7904d13c
+--- /dev/null
++++ b/products/almalinux8/profiles/standard.profile
+@@ -0,0 +1,67 @@
++documentation_complete: false
++
++title: 'Standard System Security Profile for AlmaLinux 8'
++
++description: |-
++    This profile contains rules to ensure standard security baseline
++    of a AlmaLinux 8 system. Regardless of your system's workload
++    all of these checks should pass.
++
++selections:
++    - ensure_almalinux_gpgkey_installed
++    - ensure_gpgcheck_globally_activated
++    - rpm_verify_permissions
++    - rpm_verify_hashes
++    - security_patches_up_to_date
++    - no_empty_passwords
++    - file_permissions_unauthorized_sgid
++    - file_permissions_unauthorized_suid
++    - file_permissions_unauthorized_world_writable
++    - accounts_root_path_dirs_no_write
++    - dir_perms_world_writable_sticky_bits
++    - mount_option_dev_shm_nodev
++    - mount_option_dev_shm_nosuid
++    - partition_for_var_log
++    - partition_for_var_log_audit
++    - package_rsyslog_installed
++    - service_rsyslog_enabled
++    - audit_rules_time_adjtimex
++    - audit_rules_time_settimeofday
++    - audit_rules_time_stime
++    - audit_rules_time_clock_settime
++    - audit_rules_time_watch_localtime
++    - audit_rules_usergroup_modification
++    - audit_rules_networkconfig_modification
++    - audit_rules_mac_modification
++    - audit_rules_dac_modification_chmod
++    - audit_rules_dac_modification_chown
++    - audit_rules_dac_modification_fchmod
++    - audit_rules_dac_modification_fchmodat
++    - audit_rules_dac_modification_fchown
++    - audit_rules_dac_modification_fchownat
++    - audit_rules_dac_modification_fremovexattr
++    - audit_rules_dac_modification_fsetxattr
++    - audit_rules_dac_modification_lchown
++    - audit_rules_dac_modification_lremovexattr
++    - audit_rules_dac_modification_lsetxattr
++    - audit_rules_dac_modification_removexattr
++    - audit_rules_dac_modification_setxattr
++    - audit_rules_unsuccessful_file_modification
++    - audit_rules_privileged_commands
++    - audit_rules_media_export
++    - audit_rules_file_deletion_events
++    - audit_rules_sysadmin_actions
++    - audit_rules_kernel_module_loading
++    - service_abrtd_disabled
++    - service_atd_disabled
++    - service_autofs_disabled
++    - service_ntpdate_disabled
++    - service_oddjobd_disabled
++    - service_qpidd_disabled
++    - service_rdisc_disabled
++    - configure_crypto_policy
++    - configure_bind_crypto_policy
++    - configure_openssl_crypto_policy
++    - configure_libreswan_crypto_policy
++    - configure_ssh_crypto_policy
++    - configure_kerberos_crypto_policy
+diff --git a/products/almalinux8/profiles/stig.profile b/products/almalinux8/profiles/stig.profile
+new file mode 100644
+index 00000000..ec8f3137
+--- /dev/null
++++ b/products/almalinux8/profiles/stig.profile
+@@ -0,0 +1,1186 @@
++documentation_complete: true
++
++metadata:
++    version: V1R3
++    SMEs:
++        - ggbecker
++
++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
++
++title: 'DISA STIG for AlmaLinux 8'
++
++description: |-
++    This profile contains configuration checks that align to the
++    DISA STIG for AlmaLinux 8 V1R3.
++
++selections:
++    ### Variables
++    - var_rekey_limit_size=1G
++    - var_rekey_limit_time=1hour
++    - var_accounts_user_umask=077
++    - var_password_pam_difok=8
++    - var_password_pam_maxrepeat=3
++    - var_sshd_disable_compression=no
++    - var_password_hashing_algorithm=SHA512
++    - var_password_pam_maxclassrepeat=4
++    - var_password_pam_minclass=4
++    - var_accounts_minimum_age_login_defs=1
++    - var_accounts_max_concurrent_login_sessions=10
++    - var_password_pam_remember=5
++    - var_password_pam_remember_control_flag=required
++    - var_selinux_state=enforcing
++    - var_selinux_policy_name=targeted
++    - var_accounts_password_minlen_login_defs=15
++    - var_password_pam_unix_rounds=5000
++    - var_password_pam_minlen=15
++    - var_password_pam_ocredit=1
++    - var_password_pam_dcredit=1
++    - var_password_pam_dictcheck=1
++    - var_password_pam_ucredit=1
++    - var_password_pam_lcredit=1
++    - var_password_pam_retry=3
++    - var_password_pam_minlen=15
++    - var_sshd_set_keepalive=0
++    - sshd_approved_macs=stig
++    - sshd_approved_ciphers=stig
++    - sshd_idle_timeout_value=10_minutes
++    - var_accounts_authorized_local_users_regex=rhel8
++    - var_accounts_passwords_pam_faillock_deny=3
++    - var_accounts_passwords_pam_faillock_fail_interval=900
++    - var_accounts_passwords_pam_faillock_unlock_time=never
++    - var_ssh_client_rekey_limit_size=1G
++    - var_ssh_client_rekey_limit_time=1hour
++    - var_accounts_fail_delay=4
++    - var_account_disable_post_pw_expiration=35
++    - var_auditd_action_mail_acct=root
++    - var_time_service_set_maxpoll=18_hours
++    - var_accounts_maximum_age_login_defs=60
++    - var_auditd_space_left_percentage=25pc
++    - var_auditd_space_left_action=email
++    - var_auditd_disk_error_action=halt
++    - var_auditd_max_log_file_action=syslog
++    - var_auditd_disk_full_action=halt
++
++    ### Enable / Configure FIPS
++    - enable_fips_mode
++    - var_system_crypto_policy=fips
++    - configure_crypto_policy
++    - configure_bind_crypto_policy
++    - configure_libreswan_crypto_policy
++    - configure_kerberos_crypto_policy
++    - enable_dracut_fips_module
++
++    ### Rules:
++    # RHEL-08-010000
++    - installed_OS_is_vendor_supported
++
++    # RHEL-08-010001
++    - package_mcafeetp_installed
++    - agent_mfetpd_running
++
++    # RHEL-08-010010
++    - security_patches_up_to_date
++
++    # RHEL-08-010020
++    - sysctl_crypto_fips_enabled
++
++    # RHEL-08-010030
++    - encrypt_partitions
++
++    # RHEL-08-010040
++    - sshd_enable_warning_banner
++
++    # RHEL-08-010049
++    - dconf_gnome_banner_enabled
++
++    # RHEL-08-010050
++    - dconf_gnome_login_banner_text
++
++    # RHEL-08-010060
++    - banner_etc_issue
++
++    # RHEL-08-010070
++    - rsyslog_remote_access_monitoring
++
++    # RHEL-08-010090
++
++    # RHEL-08-010100
++
++    # RHEL-08-010110
++    - set_password_hashing_algorithm_logindefs
++
++    # RHEL-08-010120
++    - accounts_password_all_shadowed_sha512
++
++    # RHEL-08-010130
++    - accounts_password_pam_unix_rounds_password_auth
++
++    # RHEL-08-010131
++    - accounts_password_pam_unix_rounds_system_auth
++
++    # RHEL-08-010140
++    - grub2_uefi_password
++
++    # RHEL-08-010141
++    - grub2_uefi_admin_username
++
++    # RHEL-08-010149
++    - grub2_admin_username
++
++    # RHEL-08-010150
++    - grub2_password
++
++    # RHEL-08-010151
++    - require_singleuser_auth
++
++    # RHEL-08-010152
++    - require_emergency_target_auth
++
++    # RHEL-08-010160
++    - set_password_hashing_algorithm_systemauth
++
++    # RHEL-08-010161
++    - kerberos_disable_no_keytab
++
++    # RHEL-08-010162
++    - package_krb5-workstation_removed
++
++    # RHEL-08-010170
++    - selinux_state
++
++    # RHEL-08-010171
++    - package_policycoreutils_installed
++
++    # RHEL-08-010180
++
++    # RHEL-08-010190
++    - dir_perms_world_writable_sticky_bits
++
++    # RHEL-08-010200
++    - sshd_set_keepalive_0
++
++    # RHEL-08-010201
++    - sshd_set_idle_timeout
++
++    # RHEL-08-010210
++    - file_permissions_var_log_messages
++
++    # RHEL-08-010220
++    - file_owner_var_log_messages
++
++    # RHEL-08-010230
++    - file_groupowner_var_log_messages
++
++    # RHEL-08-010240
++    - file_permissions_var_log
++
++    # RHEL-08-010250
++    - file_owner_var_log
++
++    # RHEL-08-010260
++    - file_groupowner_var_log
++
++    # *** SHARED *** #
++    # RHEL-08-010290 && RHEL-08-010291
++    # *** SHARED *** #
++    - configure_ssh_crypto_policy
++
++    # RHEL-08-010290
++    - harden_sshd_macs_openssh_conf_crypto_policy
++    - harden_sshd_macs_opensshserver_conf_crypto_policy
++
++    # RHEL-08-010291
++    - harden_sshd_ciphers_openssh_conf_crypto_policy
++    - harden_sshd_ciphers_opensshserver_conf_crypto_policy
++
++    # RHEL-08-010292
++    - sshd_use_strong_rng
++
++    # RHEL-08-010293
++    - configure_openssl_crypto_policy
++
++    # RHEL-08-010294
++    - configure_openssl_tls_crypto_policy
++
++    # RHEL-08-010295
++    - configure_gnutls_tls_crypto_policy
++
++    # RHEL-08-010300
++    - file_permissions_binary_dirs
++
++    # RHEL-08-010310
++    - file_ownership_binary_dirs
++
++    # RHEL-08-010320
++    - file_groupownership_system_commands_dirs
++
++    # RHEL-08-010330
++    - file_permissions_library_dirs
++
++    # RHEL-08-010340
++    - file_ownership_library_dirs
++
++    # RHEL-08-010350
++    - root_permissions_syslibrary_files
++    - dir_group_ownership_library_dirs
++
++    # RHEL-08-010360
++    - package_aide_installed
++    - aide_scan_notification
++
++    # RHEL-08-010370
++    - ensure_gpgcheck_globally_activated
++
++    # RHEL-08-010371
++    - ensure_gpgcheck_local_packages
++
++    # RHEL-08-010372
++    - sysctl_kernel_kexec_load_disabled
++
++    # RHEL-08-010373
++    - sysctl_fs_protected_symlinks
++
++    # RHEL-08-010374
++    - sysctl_fs_protected_hardlinks
++
++    # RHEL-08-010375
++    - sysctl_kernel_dmesg_restrict
++
++    # RHEL-08-010376
++    - sysctl_kernel_perf_event_paranoid
++
++    # RHEL-08-010380
++    - sudo_remove_nopasswd
++
++    # RHEL-08-010381
++    - sudo_remove_no_authenticate
++
++    # RHEL-08-010382
++    - sudo_restrict_privilege_elevation_to_authorized
++
++    # RHEL-08-010383
++    - sudoers_validate_passwd
++
++    # RHEL-08-010384
++    - sudo_require_reauthentication
++    - var_sudo_timestamp_timeout=always_prompt
++
++    # RHEL-08-010390
++    - install_smartcard_packages
++
++    # RHEL-08-010400
++
++    # RHEL-08-010410
++    - package_opensc_installed
++
++    # RHEL-08-010420
++    - bios_enable_execution_restrictions
++
++    # RHEL-08-010421
++    - grub2_page_poison_argument
++
++    # RHEL-08-010422
++    - grub2_vsyscall_argument
++
++    # RHEL-08-010423
++    - grub2_slub_debug_argument
++
++    # RHEL-08-010430
++    - sysctl_kernel_randomize_va_space
++
++    # RHEL-08-010440
++    - clean_components_post_updating
++
++    # RHEL-08-010450
++    - selinux_policytype
++
++    # RHEL-08-010460
++    - no_host_based_files
++
++    # RHEL-08-010470
++    - no_user_host_based_files
++
++    # RHEL-08-010471
++    - service_rngd_enabled
++
++    # RHEL-08-010472
++    - package_rng-tools_installed
++
++    # RHEL-08-010480
++    - file_permissions_sshd_pub_key
++
++    # RHEL-08-010490
++    - file_permissions_sshd_private_key
++
++    # RHEL-08-010500
++    - sshd_enable_strictmodes
++
++    # RHEL-08-010510
++    - sshd_disable_compression
++
++    # RHEL-08-010520
++    - sshd_disable_user_known_hosts
++
++    # RHEL-08-010521
++    - sshd_disable_kerb_auth
++
++    # RHEL-08-010522
++    - sshd_disable_gssapi_auth
++
++    # RHEL-08-010540
++    - partition_for_var
++
++    # RHEL-08-010541
++    - partition_for_var_log
++
++    # RHEL-08-010542
++    - partition_for_var_log_audit
++
++    # RHEL-08-010543
++    - partition_for_tmp
++
++    # RHEL-08-010544
++    ### NOTE: Will probably show up in V1R3 - Q3 of 21'
++    - partition_for_var_tmp
++
++    # RHEL-08-010550
++    - sshd_disable_root_login
++
++    # RHEL-08-010560
++    - service_auditd_enabled
++
++    # RHEL-08-010561
++    - service_rsyslog_enabled
++
++    # RHEL-08-010570
++    - mount_option_home_nosuid
++
++    # RHEL-08-010571
++    - mount_option_boot_nosuid
++
++    # RHEL-08-010580
++    - mount_option_nodev_nonroot_local_partitions
++
++    # RHEL-08-010590
++    - mount_option_home_noexec
++
++    # RHEL-08-010600
++    - mount_option_nodev_removable_partitions
++
++    # RHEL-08-010610
++    - mount_option_noexec_removable_partitions
++
++    # RHEL-08-010620
++    - mount_option_nosuid_removable_partitions
++
++    # RHEL-08-010630
++    - mount_option_noexec_remote_filesystems
++
++    # RHEL-08-010640
++    - mount_option_nodev_remote_filesystems
++
++    # RHEL-08-010650
++    - mount_option_nosuid_remote_filesystems
++
++    # RHEL-08-010660
++    - accounts_user_dot_no_world_writable_programs
++
++    # RHEL-08-010670
++    - service_kdump_disabled
++
++    # RHEL-08-010671
++    - sysctl_kernel_core_pattern
++
++    # RHEL-08-010672
++    - service_systemd-coredump_disabled
++
++    # RHEL-08-010673
++    - disable_users_coredumps
++
++    # RHEL-08-010674
++    - coredump_disable_storage
++
++    # RHEL-08-010675
++    - coredump_disable_backtraces
++
++    # RHEL-08-010680
++    - network_configure_name_resolution
++
++    # RHEL-08-010690
++    - accounts_user_home_paths_only
++
++    # RHEL-08-010700
++    - dir_perms_world_writable_root_owned
++
++    # RHEL-08-010710
++
++    # RHEL-08-010720
++    - accounts_user_interactive_home_directory_defined
++
++    # RHEL-08-010730
++    - file_permissions_home_directories
++
++    # RHEL-08-010740
++    - file_groupownership_home_directories
++
++    # RHEL-08-010750
++    - accounts_user_interactive_home_directory_exists
++
++    # RHEL-08-010760
++    - accounts_have_homedir_login_defs
++
++    # RHEL-08-010770
++    - file_permission_user_init_files
++
++    # RHEL-08-010780
++    - no_files_unowned_by_user
++
++    # RHEL-08-010790
++    - file_permissions_ungroupowned
++
++    # RHEL-08-010800
++    - partition_for_home
++
++    # RHEL-08-010820
++    - gnome_gdm_disable_automatic_login
++
++    # RHEL-08-010830
++    - sshd_do_not_permit_user_env
++
++    # RHEL-08-020000
++    - account_temp_expire_date
++
++    # RHEL-08-020010
++    - accounts_passwords_pam_faillock_deny
++
++    # RHEL-08-020011
++
++    # RHEL-08-020012
++    - accounts_passwords_pam_faillock_interval
++
++    # RHEL-08-020013
++
++    # RHEL-08-020014
++    - accounts_passwords_pam_faillock_unlock_time
++
++    # RHEL-08-020015
++
++    # RHEL-08-020016
++
++    # RHEL-08-020017
++
++    # RHEL-08-020018
++
++    # RHEL-08-020019
++
++    # RHEL-08-020020
++
++    # RHEL-08-020021
++
++    # RHEL-08-020022
++    - accounts_passwords_pam_faillock_deny_root
++
++    # RHEL-08-020023
++
++    # RHEL-08-020024
++    - accounts_max_concurrent_login_sessions
++
++    # RHEL-08-020030
++    - dconf_gnome_screensaver_lock_enabled
++
++    # RHEL-08-020039
++    - package_tmux_installed
++
++    # RHEL-08-020040
++    - configure_tmux_lock_command
++
++    # RHEL-08-020041
++    - configure_bashrc_exec_tmux
++
++    # RHEL-08-020042
++    - no_tmux_in_shells
++
++    # RHEL-08-020050
++    - dconf_gnome_lock_screen_on_smartcard_removal
++
++    # RHEL-08-020060
++    - dconf_gnome_screensaver_idle_delay
++
++    # RHEL-08-020070
++    - configure_tmux_lock_after_time
++
++    # RHEL-08-020080
++
++    # RHEL-08-020090
++    - sssd_enable_certmap
++
++    # RHEL-08-020100
++    - accounts_password_pam_retry
++
++    # RHEL-08-020110
++    - accounts_password_pam_ucredit
++
++    # RHEL-08-020120
++    - accounts_password_pam_lcredit
++
++    # RHEL-08-020130
++    - accounts_password_pam_dcredit
++
++    # RHEL-08-020140
++    - accounts_password_pam_maxclassrepeat
++
++    # RHEL-08-020150
++    - accounts_password_pam_maxrepeat
++
++    # RHEL-08-020160
++    - accounts_password_pam_minclass
++
++    # RHEL-08-020170
++    - accounts_password_pam_difok
++
++    # RHEL-08-020180
++    - accounts_password_set_min_life_existing
++
++    # RHEL-08-020190
++    - accounts_minimum_age_login_defs
++
++    # RHEL-08-020200
++    - accounts_maximum_age_login_defs
++
++    # RHEL-08-020210
++    - accounts_password_set_max_life_existing
++
++    # RHEL-08-020220
++    - accounts_password_pam_pwhistory_remember_system_auth
++    - accounts_password_pam_pwhistory_remember_password_auth
++
++    # RHEL-08-020230
++    - accounts_password_pam_minlen
++
++    # RHEL-08-020231
++    - accounts_password_minlen_login_defs
++
++    # RHEL-08-020240
++    - account_unique_id
++
++    # RHEL-08-020250
++    - sssd_enable_smartcards
++
++    # RHEL-08-020260
++    - account_disable_post_pw_expiration
++
++    # RHEL-08-020270
++    - account_emergency_expire_date
++
++    # RHEL-08-020280
++    - accounts_password_pam_ocredit
++
++    # RHEL-08-020290
++    - sssd_offline_cred_expiration
++
++    # RHEL-08-020300
++    - accounts_password_pam_dictcheck
++
++    # RHEL-08-020310
++    - accounts_logon_fail_delay
++
++    # RHEL-08-020320
++    - accounts_authorized_local_users
++
++    # RHEL-08-020330
++    - sshd_disable_empty_passwords
++
++    # RHEL-08-020331
++    - no_empty_passwords
++
++    # RHEL-08-020332
++
++    # RHEL-08-020340
++    - display_login_attempts
++
++    # RHEL-08-020350
++    - sshd_print_last_log
++
++    # RHEL-08-020351
++    - accounts_umask_etc_login_defs
++
++    # RHEL-08-020352
++    - accounts_umask_interactive_users
++
++    # RHEL-08-020353
++    - accounts_umask_etc_bashrc
++
++    # RHEL-08-030000
++    - audit_rules_suid_privilege_function
++
++    # RHEL-08-030010
++    - rsyslog_cron_logging
++
++    # RHEL-08-030020
++    - auditd_data_retention_action_mail_acct
++
++    # RHEL-08-030030
++    - postfix_client_configure_mail_alias
++
++    # RHEL-08-030040
++    - auditd_data_disk_error_action
++
++    # RHEL-08-030050
++    - auditd_data_retention_max_log_file_action
++
++    # RHEL-08-030060
++    - auditd_data_disk_full_action
++
++    # RHEL-08-030061
++    - auditd_local_events
++
++    # RHEL-08-030062
++    - auditd_name_format
++
++    # RHEL-08-030063
++    - auditd_log_format
++
++    # RHEL-08-030070
++    - file_permissions_var_log_audit
++
++    # RHEL-08-030080
++    - file_ownership_var_log_audit_stig
++
++    # RHEL-08-030090
++    - file_group_ownership_var_log_audit
++
++    # RHEL-08-030100
++    - directory_ownership_var_log_audit
++
++    # RHEL-08-030110
++    - directory_group_ownership_var_log_audit
++
++    # RHEL-08-030120
++    - directory_permissions_var_log_audit
++
++    # *** NOTE *** #
++    # Audit rules are currently under review as to how best to approach
++    # them. We are working with DISA and our internal audit experts to
++    # provide a final solution soon.
++    # ************ #
++
++    # RHEL-08-030121
++    - audit_rules_immutable
++
++    # RHEL-08-030122
++    - audit_immutable_login_uids
++
++    # RHEL-08-030130
++    - audit_rules_usergroup_modification_shadow
++
++    # RHEL-08-030140
++    - audit_rules_usergroup_modification_opasswd
++
++    # RHEL-08-030150
++    - audit_rules_usergroup_modification_passwd
++
++    # RHEL-08-030160
++    - audit_rules_usergroup_modification_gshadow
++
++    # RHEL-08-030170
++    - audit_rules_usergroup_modification_group
++
++    # RHEL-08-030171
++    - audit_rules_sudoers
++
++    # RHEL-08-030172
++    - audit_rules_sudoers_d
++
++    # RHEL-08-030180
++    - package_audit_installed
++
++    # RHEL-08-030181
++    - service_auditd_enabled
++
++    # RHEL-08-030190
++    - audit_rules_privileged_commands_su
++
++    # RHEL-08-030200
++    - audit_rules_dac_modification_lremovexattr
++
++    # RHEL-08-030210
++    - audit_rules_dac_modification_removexattr
++
++    # RHEL-08-030220
++    - audit_rules_dac_modification_lsetxattr
++
++    # RHEL-08-030230
++    - audit_rules_dac_modification_fsetxattr
++
++    # RHEL-08-030240
++    - audit_rules_dac_modification_fremovexattr
++
++    # RHEL-08-030250
++    - audit_rules_privileged_commands_chage
++
++    # RHEL-08-030260
++    - audit_rules_execution_chcon
++
++    # RHEL-08-030270
++    - audit_rules_dac_modification_setxattr
++
++    # RHEL-08-030280
++    - audit_rules_privileged_commands_ssh_agent
++
++    # RHEL-08-030290
++    - audit_rules_privileged_commands_passwd
++
++    # RHEL-08-030300
++    - audit_rules_privileged_commands_mount
++
++    # RHEL-08-030301
++    - audit_rules_privileged_commands_umount
++
++    # RHEL-08-030302
++    - audit_rules_media_export
++
++    # RHEL-08-030310
++    - audit_rules_privileged_commands_unix_update
++
++    # RHEL-08-030311
++    - audit_rules_privileged_commands_postdrop
++
++    # RHEL-08-030312
++    - audit_rules_privileged_commands_postqueue
++
++    # RHEL-08-030313
++    - audit_rules_execution_semanage
++
++    # RHEL-08-030314
++    - audit_rules_execution_setfiles
++
++    # RHEL-08-030315
++    - audit_rules_privileged_commands_userhelper
++
++    # RHEL-08-030316
++    - audit_rules_execution_setsebool
++
++    # RHEL-08-030317
++    - audit_rules_privileged_commands_unix_chkpwd
++
++    # RHEL-08-030320
++    - audit_rules_privileged_commands_ssh_keysign
++
++    # RHEL-08-030330
++    - audit_rules_execution_setfacl
++
++    # RHEL-08-030340
++    - audit_rules_privileged_commands_pam_timestamp_check
++
++    # RHEL-08-030350
++    - audit_rules_privileged_commands_newgrp
++
++    # RHEL-08-030360
++    - audit_rules_kernel_module_loading_init
++
++    # RHEL-08-030361
++    - audit_rules_file_deletion_events_rename
++
++    # RHEL-08-030362
++    - audit_rules_file_deletion_events_renameat
++
++    # RHEL-08-030363
++    - audit_rules_file_deletion_events_rmdir
++
++    # RHEL-08-030364
++    - audit_rules_file_deletion_events_unlink
++
++    # RHEL-08-030365
++    - audit_rules_file_deletion_events_unlinkat
++
++    # RHEL-08-030370
++    - audit_rules_privileged_commands_gpasswd
++
++    # RHEL-08-030380
++    - audit_rules_kernel_module_loading_finit
++
++    # RHEL-08-030390
++    - audit_rules_kernel_module_loading_delete
++
++    # RHEL-08-030400
++    - audit_rules_privileged_commands_crontab
++
++    # RHEL-08-030410
++    - audit_rules_privileged_commands_chsh
++
++    # RHEL-08-030420
++    - audit_rules_unsuccessful_file_modification_truncate
++
++    # RHEL-08-030430
++    - audit_rules_unsuccessful_file_modification_openat
++
++    # RHEL-08-030440
++    - audit_rules_unsuccessful_file_modification_open
++
++    # RHEL-08-030450
++    - audit_rules_unsuccessful_file_modification_open_by_handle_at
++
++    # RHEL-08-030460
++    - audit_rules_unsuccessful_file_modification_ftruncate
++
++    # RHEL-08-030470
++    - audit_rules_unsuccessful_file_modification_creat
++
++    # RHEL-08-030480
++    - audit_rules_dac_modification_chown
++
++    # RHEL-08-030490
++    - audit_rules_dac_modification_chmod
++
++    # RHEL-08-030500
++    - audit_rules_dac_modification_lchown
++
++    # RHEL-08-030510
++    - audit_rules_dac_modification_fchownat
++
++    # RHEL-08-030520
++    - audit_rules_dac_modification_fchown
++
++    # RHEL-08-030530
++    - audit_rules_dac_modification_fchmodat
++
++    # RHEL-08-030540
++    - audit_rules_dac_modification_fchmod
++
++    # RHEL-08-030550
++    - audit_rules_privileged_commands_sudo
++
++    # RHEL-08-030560
++    - audit_rules_privileged_commands_usermod
++
++    # RHEL-08-030570
++    - audit_rules_execution_chacl
++
++    # RHEL-08-030580
++    - audit_rules_privileged_commands_kmod
++
++    # RHEL-08-030590
++    # This one needs to be updated to use /var/log/faillock, but first RHEL-08-020017 should be
++    # implemented as it is the one that configures a different path for the events of failing locks
++    # - audit_rules_login_events_faillock
++
++    # RHEL-08-030600
++    - audit_rules_login_events_lastlog
++
++    # RHEL-08-030601
++    - grub2_audit_argument
++
++    # RHEL-08-030602
++    - grub2_audit_backlog_limit_argument
++
++    # RHEL-08-030603
++    - configure_usbguard_auditbackend
++
++    # RHEL-08-030610
++    - file_permissions_etc_audit_auditd
++    - file_permissions_etc_audit_rulesd
++
++    # RHEL-08-030620
++
++    # RHEL-08-030630
++
++    # RHEL-08-030640
++
++    # RHEL-08-030650
++    - aide_check_audit_tools
++
++    # RHEL-08-030660
++    - auditd_audispd_configure_sufficiently_large_partition
++
++    # RHEL-08-030670
++    - package_rsyslog_installed
++
++    # RHEL-08-030680
++    - package_rsyslog-gnutls_installed
++
++    # RHEL-08-030690
++    - rsyslog_remote_loghost
++
++    # RHEL-08-030700
++    - auditd_overflow_action
++
++    # RHEL-08-030710
++    - rsyslog_encrypt_offload_defaultnetstreamdriver
++    - rsyslog_encrypt_offload_actionsendstreamdrivermode
++
++    # RHEL-08-030720
++    - rsyslog_encrypt_offload_actionsendstreamdriverauthmode
++
++    # RHEL-08-030730
++    - auditd_data_retention_space_left_percentage
++
++    # RHEL-08-030731
++    - auditd_data_retention_space_left_action
++
++    # RHEL-08-030740
++    # remediation fails because default configuration file contains pool instead of server keyword
++    - chronyd_or_ntpd_set_maxpoll
++
++    # RHEL-08-030741
++    - chronyd_client_only
++
++    # RHEL-08-030742
++    - chronyd_no_chronyc_network
++
++    # RHEL-08-040000
++    - package_telnet-server_removed
++
++    # RHEL-08-040001
++    - package_abrt_removed
++    - package_abrt-addon-ccpp_removed
++    - package_abrt-addon-kerneloops_removed
++    - package_abrt-addon-python_removed
++    - package_abrt-cli_removed
++    - package_abrt-plugin-logger_removed
++    - package_abrt-plugin-rhtsupport_removed
++    - package_abrt-plugin-sosreport_removed
++
++    # RHEL-08-040002
++    - package_sendmail_removed
++
++    # RHEL-08-040003
++    ### NOTE: Will be removed in V1R2, merged into RHEL-08-040370
++
++    # RHEL-08-040004
++    - grub2_pti_argument
++
++    # RHEL-08-040010
++    - package_rsh-server_removed
++
++    # RHEL-08-040020
++
++    # RHEL-08-040021
++    - kernel_module_atm_disabled
++
++    # RHEL-08-040022
++    - kernel_module_can_disabled
++
++    # RHEL-08-040023
++    - kernel_module_sctp_disabled
++
++    # RHEL-08-040024
++    - kernel_module_tipc_disabled
++
++    # RHEL-08-040025
++    - kernel_module_cramfs_disabled
++
++    # RHEL-08-040026
++    - kernel_module_firewire-core_disabled
++
++    # RHEL-08-040030
++    - configure_firewalld_ports
++
++    # RHEL-08-040060
++    ### NOTE: Will be removed in V1R2
++
++    # RHEL-08-040070
++    - service_autofs_disabled
++
++    # RHEL-08-040080
++    - kernel_module_usb-storage_disabled
++
++    # RHEL-08-040090
++
++    # RHEL-08-040100
++    - package_firewalld_installed
++
++    # RHEL-08-040101
++    - service_firewalld_enabled
++
++    # RHEL-08-040110
++    - wireless_disable_interfaces
++
++    # RHEL-08-040111
++    - kernel_module_bluetooth_disabled
++
++    # RHEL-08-040120
++    - mount_option_dev_shm_nodev
++
++    # RHEL-08-040121
++    - mount_option_dev_shm_nosuid
++
++    # RHEL-08-040122
++    - mount_option_dev_shm_noexec
++
++    # RHEL-08-040123
++    - mount_option_tmp_nodev
++
++    # RHEL-08-040124
++    - mount_option_tmp_nosuid
++
++    # RHEL-08-040125
++    - mount_option_tmp_noexec
++
++    # RHEL-08-040126
++    - mount_option_var_log_nodev
++
++    # RHEL-08-040127
++    - mount_option_var_log_nosuid
++
++    # RHEL-08-040128
++    - mount_option_var_log_noexec
++
++    # RHEL-08-040129
++    - mount_option_var_log_audit_nodev
++
++    # RHEL-08-040130
++    - mount_option_var_log_audit_nosuid
++
++    # RHEL-08-040131
++    - mount_option_var_log_audit_noexec
++
++    # RHEL-08-040132
++    - mount_option_var_tmp_nodev
++
++    # RHEL-08-040133
++    - mount_option_var_tmp_nosuid
++
++    # RHEL-08-040134
++    - mount_option_var_tmp_noexec
++
++    # RHEL-08-040135
++    - package_fapolicyd_installed
++
++    # RHEL-08-040136
++    - service_fapolicyd_enabled
++
++    # RHEL-08-040139
++    - package_usbguard_installed
++
++    # RHEL-08-040140
++    - usbguard_generate_policy
++
++    # RHEL-08-040141
++    - service_usbguard_enabled
++
++    # RHEL-08-040150
++
++    # RHEL-08-040159
++    - package_openssh-server_installed
++
++    # RHEL-08-040160
++    - service_sshd_enabled
++
++    # RHEL-08-040161
++    - sshd_rekey_limit
++
++    # RHEL-08-040170
++    - disable_ctrlaltdel_reboot
++
++    # RHEL-08-040171
++    - dconf_gnome_disable_ctrlaltdel_reboot
++
++    # RHEL-08-040172
++    - disable_ctrlaltdel_burstaction
++
++    # RHEL-08-040180
++    - service_debug-shell_disabled
++
++    # RHEL-08-040190
++    - package_tftp-server_removed
++
++    # RHEL-08-040200
++    - accounts_no_uid_except_zero
++
++    # RHEL-08-040209
++    - sysctl_net_ipv4_conf_default_accept_redirects
++
++    # RHEL-08-040210
++    - sysctl_net_ipv6_conf_default_accept_redirects
++
++    # RHEL-08-040220
++    - sysctl_net_ipv4_conf_all_send_redirects
++
++    # RHEL-08-040230
++    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
++
++    # RHEL-08-040239
++    - sysctl_net_ipv4_conf_all_accept_source_route
++
++    # RHEL-08-040240
++    - sysctl_net_ipv6_conf_all_accept_source_route
++
++    # RHEL-08-040249
++    - sysctl_net_ipv4_conf_default_accept_source_route
++
++    # RHEL-08-040250
++    - sysctl_net_ipv6_conf_default_accept_source_route
++
++    # RHEL-08-040260
++    - sysctl_net_ipv4_ip_forward
++
++    # RHEL-08-040261
++    - sysctl_net_ipv6_conf_all_accept_ra
++
++    # RHEL-08-040262
++    - sysctl_net_ipv6_conf_default_accept_ra
++
++    # RHEL-08-040270
++    - sysctl_net_ipv4_conf_default_send_redirects
++
++    # RHEL-08-040279
++    - sysctl_net_ipv4_conf_all_accept_redirects
++
++    # RHEL-08-040280
++    - sysctl_net_ipv6_conf_all_accept_redirects
++
++    # RHEL-08-040281
++    - sysctl_kernel_unprivileged_bpf_disabled
++
++    # RHEL-08-040282
++    - sysctl_kernel_yama_ptrace_scope
++
++    # RHEL-08-040283
++    - sysctl_kernel_kptr_restrict
++
++    # RHEL-08-040284
++    - sysctl_user_max_user_namespaces
++
++    # RHEL-08-040285
++    - sysctl_net_ipv4_conf_all_rp_filter
++
++    # RHEL-08-040286
++    - sysctl_net_core_bpf_jit_harden
++
++    # RHEL-08-040290
++    # /etc/postfix/main.cf does not exist on default installation resulting in error during remediation
++    # there needs to be a new platform check to identify when postfix is installed or not
++    # - postfix_prevent_unrestricted_relay
++
++    # RHEL-08-040300
++    - aide_verify_ext_attributes
++
++    # RHEL-08-040310
++    - aide_verify_acls
++
++    # RHEL-08-040320
++    - xwindows_remove_packages
++
++    # RHEL-08-040330
++    - network_sniffer_disabled
++
++    # RHEL-08-040340
++    - sshd_disable_x11_forwarding
++
++    # RHEL-08-040341
++    - sshd_x11_use_localhost
++
++    # RHEL-08-040350
++    - tftpd_uses_secure_mode
++
++    # RHEL-08-040360
++    - package_vsftpd_removed
++
++    # RHEL-08-040370
++    - package_gssproxy_removed
++
++    # RHEL-08-040380
++    - package_iprutils_removed
++
++    # RHEL-08-040390
++    - package_tuned_removed
+diff --git a/products/almalinux8/profiles/stig_gui.profile b/products/almalinux8/profiles/stig_gui.profile
+new file mode 100644
+index 00000000..e5d85108
+--- /dev/null
++++ b/products/almalinux8/profiles/stig_gui.profile
+@@ -0,0 +1,26 @@
++documentation_complete: true
++
++metadata:
++    version: V1R3
++    SMEs:
++        - ggbecker
++
++reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
++
++title: 'DISA STIG with GUI for AlmaLinux 8'
++
++description: |-
++    This profile contains configuration checks that align to the
++    DISA STIG with GUI for AlmaLinux 8 V1R3.
++
++    Warning: The installation and use of a Graphical User Interface (GUI)
++    increases your attack vector and decreases your overall security posture. If
++    your Information Systems Security Officer (ISSO) lacks a documented operational
++    requirement for a graphical user interface, please consider using the
++    standard DISA STIG for AlmaLinux 8 profile.
++
++extends: stig
++
++selections:
++    # RHEL-08-040320
++    - '!xwindows_remove_packages'
+diff --git a/products/almalinux8/transforms/cci2html.xsl b/products/almalinux8/transforms/cci2html.xsl
+new file mode 100644
+index 00000000..f5e327b3
+--- /dev/null
++++ b/products/almalinux8/transforms/cci2html.xsl
+@@ -0,0 +1,6 @@
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/constants.xslt b/products/almalinux8/transforms/constants.xslt
+new file mode 100644
+index 00000000..7a98cad6
+--- /dev/null
++++ b/products/almalinux8/transforms/constants.xslt
+@@ -0,0 +1,21 @@
++
++
++
++
++AlmaLinux 8
++AL8
++AL_8_STIG
++almalinux8
++
++empty
++AL-8
++
++
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/shorthand2xccdf.xslt b/products/almalinux8/transforms/shorthand2xccdf.xslt
+new file mode 100644
+index 00000000..4b191e90
+--- /dev/null
++++ b/products/almalinux8/transforms/shorthand2xccdf.xslt
+@@ -0,0 +1,8 @@
++
++
++
++
++
++unknown
++
++
+diff --git a/products/almalinux8/transforms/table-add-srgitems.xslt b/products/almalinux8/transforms/table-add-srgitems.xslt
+new file mode 100644
+index 00000000..2e92d670
+--- /dev/null
++++ b/products/almalinux8/transforms/table-add-srgitems.xslt
+@@ -0,0 +1,7 @@
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/table-sortbyref.xslt b/products/almalinux8/transforms/table-sortbyref.xslt
+new file mode 100644
+index 00000000..bb57e7f5
+--- /dev/null
++++ b/products/almalinux8/transforms/table-sortbyref.xslt
+@@ -0,0 +1,6 @@
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/table-srgmap.xslt b/products/almalinux8/transforms/table-srgmap.xslt
+new file mode 100644
+index 00000000..5798a489
+--- /dev/null
++++ b/products/almalinux8/transforms/table-srgmap.xslt
+@@ -0,0 +1,11 @@
++
++
++
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/table-style.xslt b/products/almalinux8/transforms/table-style.xslt
+new file mode 100644
+index 00000000..8b6caeab
+--- /dev/null
++++ b/products/almalinux8/transforms/table-style.xslt
+@@ -0,0 +1,5 @@
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
+new file mode 100644
+index 00000000..4789419b
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
+@@ -0,0 +1,8 @@
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2stigformat.xslt b/products/almalinux8/transforms/xccdf2stigformat.xslt
+new file mode 100644
+index 00000000..a4e7d736
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2stigformat.xslt
+@@ -0,0 +1,7 @@
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-byref.xslt b/products/almalinux8/transforms/xccdf2table-byref.xslt
+new file mode 100644
+index 00000000..1cdb679c
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-byref.xslt
+@@ -0,0 +1,9 @@
++
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-cce.xslt b/products/almalinux8/transforms/xccdf2table-cce.xslt
+new file mode 100644
+index 00000000..f156a669
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-cce.xslt
+@@ -0,0 +1,9 @@
++
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-profileanssirefs.xslt b/products/almalinux8/transforms/xccdf2table-profileanssirefs.xslt
+new file mode 100644
+index 00000000..6fff5e71
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-profileanssirefs.xslt
+@@ -0,0 +1,8 @@
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
+new file mode 100644
+index 00000000..30419e92
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
+@@ -0,0 +1,9 @@
++
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-profilecisrefs.xslt b/products/almalinux8/transforms/xccdf2table-profilecisrefs.xslt
+new file mode 100644
+index 00000000..07d32124
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-profilecisrefs.xslt
+@@ -0,0 +1,9 @@
++
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt b/products/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt
+new file mode 100644
+index 00000000..15efdd5f
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt
+@@ -0,0 +1,8 @@
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-profilenistrefs.xslt b/products/almalinux8/transforms/xccdf2table-profilenistrefs.xslt
+new file mode 100644
+index 00000000..ea9f8b0d
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-profilenistrefs.xslt
+@@ -0,0 +1,8 @@
++
++
++
++
++
++
++
++
+diff --git a/products/almalinux8/transforms/xccdf2table-stig.xslt b/products/almalinux8/transforms/xccdf2table-stig.xslt
+new file mode 100644
+index 00000000..a71d8364
+--- /dev/null
++++ b/products/almalinux8/transforms/xccdf2table-stig.xslt
+@@ -0,0 +1,9 @@
++
++
++
++
++
++
++
++
++
+diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml
+index 7e2f41cd..1a9d9072 100644
+--- a/shared/checks/oval/install_mcafee_hbss.xml
++++ b/shared/checks/oval/install_mcafee_hbss.xml
+@@ -10,6 +10,7 @@
+ 	multi_platform_ol
+ 	multi_platform_rhcos
+ 	multi_platform_rhel
++  multi_platform_almalinux
+ 	multi_platform_rhv
+ 	multi_platform_sle
+ 	multi_platform_ubuntu
+diff --git a/shared/checks/oval/installed_OS_is_almalinux8.xml b/shared/checks/oval/installed_OS_is_almalinux8.xml
+new file mode 100644
+index 00000000..91af880d
+--- /dev/null
++++ b/shared/checks/oval/installed_OS_is_almalinux8.xml
+@@ -0,0 +1,36 @@
++
++  
++    
++      AlmaLinux 8
++      
++        multi_platform_all
++      
++      
++
++      The operating system installed on the system is
++      AlmaLinux 8
++    
++    
++      
++      
++          
++      
++    
++  
++
++  
++    
++    
++  
++  
++    ^8.*$
++  
++  
++    almalinux-release
++  
++
++
+diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+index 41847663..0b470d64 100644
+--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
++++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+@@ -10,6 +10,7 @@
+ 	multi_platform_ol
+ 	multi_platform_rhcos
+ 	multi_platform_rhel
++  multi_platform_almalinux
+ 	multi_platform_rhv
+ 	multi_platform_sle
+ 	multi_platform_ubuntu
+diff --git a/shared/references/disa-stig-almalinux8-v1r3-xccdf-manual.xml b/shared/references/disa-stig-almalinux8-v1r3-xccdf-manual.xml
+new file mode 120000
+index 00000000..57dae81b
+--- /dev/null
++++ b/shared/references/disa-stig-almalinux8-v1r3-xccdf-manual.xml
+@@ -0,0 +1 @@
++disa-stig-rhel8-v1r3-xccdf-manual.xml
+\ No newline at end of file
+diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template
+index f8478db7..7d4d984f 100644
+--- a/shared/templates/accounts_password/ansible.template
++++ b/shared/templates/accounts_password/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template
+index 64d1be69..7bbb1772 100644
+--- a/shared/templates/accounts_password/bash.template
++++ b/shared/templates/accounts_password/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
+index 2c006b45..af197a30 100644
+--- a/shared/templates/audit_rules_dac_modification/ansible.template
++++ b/shared/templates/audit_rules_dac_modification/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template
+index b2de8d35..34a34bc3 100644
+--- a/shared/templates/audit_rules_dac_modification/bash.template
++++ b/shared/templates/audit_rules_dac_modification/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template
+index 4709a61c..12c27613 100644
+--- a/shared/templates/audit_rules_file_deletion_events/ansible.template
++++ b/shared/templates/audit_rules_file_deletion_events/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template
+index b5b4c46a..8083e2fb 100644
+--- a/shared/templates/audit_rules_file_deletion_events/bash.template
++++ b/shared/templates/audit_rules_file_deletion_events/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template
+index 4b32771c..4de3c0d4 100644
+--- a/shared/templates/audit_rules_login_events/ansible.template
++++ b/shared/templates/audit_rules_login_events/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template
+index 69e8be9c..7df49b30 100644
+--- a/shared/templates/audit_rules_login_events/bash.template
++++ b/shared/templates/audit_rules_login_events/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template
+index fcd2bda3..de182133 100644
+--- a/shared/templates/audit_rules_path_syscall/ansible.template
++++ b/shared/templates/audit_rules_path_syscall/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template
+index 676f6c37..71d2b52f 100644
+--- a/shared/templates/audit_rules_path_syscall/bash.template
++++ b/shared/templates/audit_rules_path_syscall/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template
+index e9ef0849..390ba631 100644
+--- a/shared/templates/audit_rules_privileged_commands/ansible.template
++++ b/shared/templates/audit_rules_privileged_commands/ansible.template
+@@ -1,7 +1,7 @@
+ {{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}}
+   {{%- set perm_x=" -F perm=x" %}}
+ {{%- endif %}}
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template
+index 5af362df..f376cbf3 100644
+--- a/shared/templates/audit_rules_privileged_commands/bash.template
++++ b/shared/templates/audit_rules_privileged_commands/bash.template
+@@ -1,7 +1,7 @@
+ {{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}}
+   {{%- set perm_x=" -F perm=x" %}}
+ {{%- endif %}}
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
+index 6cf90e11..49808bea 100644
+--- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
++++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
+index 4adaa86f..e300c0d4 100644
+--- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
++++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ 
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template
+index ea9738ec..eba27777 100644
+--- a/shared/templates/audit_rules_usergroup_modification/ansible.template
++++ b/shared/templates/audit_rules_usergroup_modification/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template
+index 21524172..965c3f3f 100644
+--- a/shared/templates/audit_rules_usergroup_modification/bash.template
++++ b/shared/templates/audit_rules_usergroup_modification/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # Include source function library.
+ . /usr/share/scap-security-guide/remediation_functions
+ 
+diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template
+index b0fef2d9..43346d3d 100644
+--- a/shared/templates/grub2_bootloader_argument/ansible.template
++++ b/shared/templates/grub2_bootloader_argument/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = true
+ # strategy = restrict
+ # complexity = medium
+diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template
+index cecd1f99..42dd311c 100644
+--- a/shared/templates/grub2_bootloader_argument/bash.template
++++ b/shared/templates/grub2_bootloader_argument/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+ 
+ {{% if product in ["rhel7", "ol7"] or 'ubuntu' in product %}}
+ {{% if '/' in ARG_NAME %}}
+diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template
+index 2526baf7..7962d86b 100644
+--- a/shared/templates/kernel_module_disabled/ansible.template
++++ b/shared/templates/kernel_module_disabled/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template
+index a0998bb9..f433e00d 100644
+--- a/shared/templates/kernel_module_disabled/bash.template
++++ b/shared/templates/kernel_module_disabled/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template
+index fdcb4ee3..0d1d8dc2 100644
+--- a/shared/templates/mount/anaconda.template
++++ b/shared/templates/mount/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template
+index 083b0ef0..14f7018a 100644
+--- a/shared/templates/mount_option/anaconda.template
++++ b/shared/templates/mount_option/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template
+index 8665fb91..07cd9e3a 100644
+--- a/shared/templates/mount_option_removable_partitions/anaconda.template
++++ b/shared/templates/mount_option_removable_partitions/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template
+index 0ac55f51..dd0bcdde 100644
+--- a/shared/templates/package_installed/anaconda.template
++++ b/shared/templates/package_installed/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template
+index 473feef5..ef56a56a 100644
+--- a/shared/templates/package_installed/bash.template
++++ b/shared/templates/package_installed/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template
+index 489f9bb0..0120d927 100644
+--- a/shared/templates/package_removed/anaconda.template
++++ b/shared/templates/package_removed/anaconda.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template
+index 38d7c7c3..0ae3e60b 100644
+--- a/shared/templates/sebool/ansible.template
++++ b/shared/templates/sebool/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+@@ -13,7 +13,7 @@
+ {{% else %}}
+ - (xccdf-var var_{{{ SEBOOLID }}})
+ 
+-{{% if product == "rhel8" %}}
++{{% if product == "rhel8" or product == "almalinux8" %}}
+ - name: Ensure python3-libsemanage installed
+   package:
+     name: python3-libsemanage
+diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template
+index e9aab9d9..b01beace 100644
+--- a/shared/templates/sebool/bash.template
++++ b/shared/templates/sebool/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template
+index b9bf1b5b..79783edb 100644
+--- a/shared/templates/service_disabled/bash.template
++++ b/shared/templates/service_disabled/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template
+index 1ab45652..724e7b77 100644
+--- a/shared/templates/service_disabled/kubernetes.template
++++ b/shared/templates/service_disabled/kubernetes.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template
+index 5571989a..8d3ea035 100644
+--- a/shared/templates/service_enabled/bash.template
++++ b/shared/templates/service_enabled/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template
+index a762794a..bd3f2d9c 100644
+--- a/shared/templates/sysctl/bash.template
++++ b/shared/templates/sysctl/bash.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template
+index 336775e4..6411d1b9 100644
+--- a/shared/templates/zipl_bls_entries_option/ansible.template
++++ b/shared/templates/zipl_bls_entries_option/ansible.template
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # reboot = true
+ # strategy = configure
+ # complexity = medium
+diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template
+index 25cd7432..a415f2a3 100644
+--- a/shared/templates/zipl_bls_entries_option/bash.template
++++ b/shared/templates/zipl_bls_entries_option/bash.template
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ 
+ # Correct BLS option using grubby, which is a thin wrapper around BLS operations
+ grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
+diff --git a/ssg/constants.py b/ssg/constants.py
+index e2d30772..6138b9a4 100644
+--- a/ssg/constants.py
++++ b/ssg/constants.py
+@@ -6,6 +6,7 @@ import os
+ import time
+ 
+ product_directories = [
++    'almalinux8',
+     'chromium',
+     'debian9', 'debian10',
+     'example',
+@@ -153,6 +154,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
+ }
+ 
+ FULL_NAME_TO_PRODUCT_MAPPING = {
++    "AlmaLinux 8": "almalinux8",
+     "Chromium": "chromium",
+     "Debian 9": "debian9",
+     "Debian 10": "debian10",
+@@ -194,10 +196,11 @@ REF_PREFIX_MAP = {
+     "stigid": "DISA-STIG",
+ }
+ 
+-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
++MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
+                        "wrlinux", "opensuse", "sle", "ol", "ocp", "rhcos", "example"]
+ 
+ MULTI_PLATFORM_MAPPING = {
++    "multi_platform_almalinux": ["almalinux8"],
+     "multi_platform_debian": ["debian9", "debian10"],
+     "multi_platform_example": ["example"],
+     "multi_platform_fedora": ["fedora"],
+@@ -376,6 +379,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
+     'ol': 'Oracle Linux',
+     'ocp': 'Red Hat OpenShift Container Platform',
+     'rhcos': 'Red Hat Enterprise Linux CoreOS',
++    'almalinux': 'AlmaLinux',
+ }
+ 
+ 
+diff --git a/tests/shared/grub2.sh b/tests/shared/grub2.sh
+index bce7683a..9d34864f 100644
+--- a/tests/shared/grub2.sh
++++ b/tests/shared/grub2.sh
+@@ -4,7 +4,7 @@ function set_grub_uefi_root {
+ 	if grep NAME /etc/os-release | grep -iq fedora; then
+ 		GRUB_CFG_ROOT=/boot/efi/EFI/fedora
+ 	else
+-		GRUB_CFG_ROOT=/boot/efi/EFI/redhat
++		GRUB_CFG_ROOT=/boot/efi/EFI/almalinux
+ 	fi
+ }
+ 
+diff --git a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
+index b0be0b4b..ef41579b 100644
+--- a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
++++ b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
+@@ -20,7 +20,7 @@ platforms:
+   - machine
+ # TODO: Make Rule get this from group, so it can be saved here
+ # platforms: null
+-prodtype: rhel7,rhel8,fedora,ol7,ol8
++prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8
+ rationale: Only root should be able to modify important boot parameters.
+ references: {cis: 1.4.1, cis-csc: '12,13,14,15,16,18,3,5', cjis: 5.5.2.2, cobit5: 'APO01.06,DSS05.04,DSS05.07,DSS06.02',
+   cui: 3.4.5, disa: 'CCI-000225', hipaa: '164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)',
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
+index ff0b30f0..0116294f 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
++++ b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
+index 2697e7af..c7d0f18d 100644
+--- a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
++++ b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
+@@ -14,7 +14,7 @@ ocil_clause: SELINUX is not set to enforcing
+ oval_external_content: null
+ platforms:
+   - machine
+-prodtype: rhel7,rhel8,fedora,ol7,ol8,rhv4
++prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8,rhv4
+ rationale: 'Setting the SELinux state to enforcing ensures SELinux is able to confine
+ 
+   potentially compromised processes to the security policy, which is designed to
+diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
+index 7513b37e..3dd14360 100755
+--- a/utils/ansible_playbook_to_role.py
++++ b/utils/ansible_playbook_to_role.py
+@@ -57,6 +57,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
+ PRODUCT_WHITELIST = set([
+     "rhel7",
+     "rhel8",
++    "almalinux8",
+ ])
+ 
+ PROFILE_WHITELIST = set([
diff --git a/SPECS/scap-security-guide.spec b/SPECS/scap-security-guide.spec
index 5db91ce..69c7740 100644
--- a/SPECS/scap-security-guide.spec
+++ b/SPECS/scap-security-guide.spec
@@ -6,7 +6,7 @@
 
 Name:		scap-security-guide
 Version:	0.1.60
-Release:	7%{?dist}
+Release:	7%{?dist}.alma
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 Group:		Applications/System
@@ -14,6 +14,8 @@ URL:		https://github.com/ComplianceAsCode/content/
 Source0:	https://github.com/ComplianceAsCode/content/releases/download/v%{version}/scap-security-guide-%{version}.tar.bz2
 # Include tarball with last released rhel6 content
 Source1:	%{_static_rhel6_content}.tar.bz2
+# Patch allows only OSPP, PCI-DSS, E8 and STIG profiles in RHEL8 datastream
+# Untill ANSSI High profile is shipped we drop the ks too
 
 BuildArch:	noarch
 
@@ -65,6 +67,8 @@ Patch43:		scap-security-guide-0.1.61-fix_bug_in_delta_tailering_script-PR_8245.p
 Patch44:		scap-security-guide-0.1.61-fix_enable_fips_mode-PR_8255.patch
 Patch45:		scap-security-guide-0.1.61-delta_tailoring_fix-PR_8262.patch
 Patch46:		scap-security-guide-0.1.61-resize-anssi-kickstart-partitions-PR_8261.patch
+# AlmaLinux patches
+Patch1001:		0001-Add-AlmaLinux-8-support.patch
 
 BuildRequires:	libxslt
 BuildRequires:	expat
@@ -101,7 +105,6 @@ The %{name}-doc package contains HTML formatted documents containing
 hardening guidances that have been generated from XCCDF benchmarks
 present in %{name} package.
 
-%if ( %{defined rhel} && (! %{defined centos}) )
 %package	rule-playbooks
 Summary:	Ansible playbooks per each rule.
 Group:		System Environment/Base
@@ -109,7 +112,6 @@ Requires:	%{name} = %{version}-%{release}
 
 %description	rule-playbooks
 The %{name}-rule-playbooks package contains individual ansible playbooks per rule.
-%endif
 
 %prep
 %autosetup -p1 -b1
@@ -119,19 +121,14 @@ mkdir -p build
 cd build
 %cmake \
 -DSSG_PRODUCT_DEFAULT:BOOLEAN=FALSE \
--DSSG_PRODUCT_RHEL7:BOOLEAN=TRUE \
--DSSG_PRODUCT_RHEL8:BOOLEAN=TRUE \
+-DSSG_PRODUCT_RHEL7:BOOLEAN=FALSE \
+-DSSG_PRODUCT_RHEL8:BOOLEAN=FALSE \
+-DSSG_PRODUCT_ALMALINUX8:BOOLEAN=TRUE \
 -DSSG_PRODUCT_FIREFOX:BOOLEAN=TRUE \
 -DSSG_PRODUCT_JRE:BOOLEAN=TRUE \
-%if %{defined centos}
--DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=ON \
-%else
 -DSSG_CENTOS_DERIVATIVES_ENABLED:BOOL=OFF \
-%endif
 -DSSG_SCIENTIFIC_LINUX_DERIVATIVES_ENABLED:BOOL=OFF \
-%if ( %{defined rhel} && (! %{defined centos}) )
 -DSSG_ANSIBLE_PLAYBOOKS_PER_RULE_ENABLED:BOOL=ON \
-%endif
 ../
 %cmake_build
 
@@ -139,10 +136,11 @@ cd build
 cd build
 %cmake_install
 
+# Disabled on AlmaLinux
 # Manually install pre-built rhel6 content
-cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot}
-cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name}
-cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name}
+# cp -r %{_builddir}/%{_static_rhel6_content}/usr %{buildroot}
+# cp -r %{_builddir}/%{_static_rhel6_content}/tables %{buildroot}%{_docdir}/%{name}
+# cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name}
 
 %files
 %{_datadir}/xml/scap/ssg/content
@@ -154,21 +152,20 @@ cp -r %{_builddir}/%{_static_rhel6_content}/guides %{buildroot}%{_docdir}/%{name
 %doc %{_docdir}/%{name}/LICENSE
 %doc %{_docdir}/%{name}/README.md
 %doc %{_docdir}/%{name}/Contributors.md
-%if ( %{defined rhel} && (! %{defined centos}) )
 %exclude %{_datadir}/%{name}/ansible/rule_playbooks
-%endif
 
 %files doc
 %doc %{_docdir}/%{name}/guides/*.html
 %doc %{_docdir}/%{name}/tables/*.html
 
-%if ( %{defined rhel} && (! %{defined centos}) )
 %files rule-playbooks
 %defattr(-,root,root,-)
 %{_datadir}/%{name}/ansible/rule_playbooks
-%endif
 
 %changelog
+* Fri Apr 01 2022 Eduard Abdullin  - 0.1.60-7.alma
+- AlmaLinux changes
+
 * Thu Feb 24 2022 Watson Sato  - 0.1.60-7
 - Resize ANSSI kickstart partitions to accommodate GUI installs (RHBZ#2058033)