From aff539506086a1b243c7f28a66189d204d5e6048 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Mon, 30 Oct 2023 15:13:07 +0000 Subject: [PATCH] Update AlmaLinux patch --- SOURCES/0001-Add-AlmaLinux-8-support.patch | 6429 +++++++++++--------- 1 file changed, 3593 insertions(+), 2836 deletions(-) diff --git a/SOURCES/0001-Add-AlmaLinux-8-support.patch b/SOURCES/0001-Add-AlmaLinux-8-support.patch index 86b69e9..388566b 100644 --- a/SOURCES/0001-Add-AlmaLinux-8-support.patch +++ b/SOURCES/0001-Add-AlmaLinux-8-support.patch @@ -1,42 +1,35 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index ab11e31f5..66f6d60b9 100644 +index 52d841098..9507f9864 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -69,6 +69,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui +@@ -71,6 +71,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui # unless explicitly asked for. option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +option(SSG_PRODUCT_ALMALINUX8 "If enabled, the AlmaLinux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) + option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) - option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -@@ -267,6 +268,7 @@ message(STATUS " ") +@@ -283,6 +284,7 @@ message(STATUS " ") message(STATUS "Products:") message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}") message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}") +message(STATUS "AlmaLinux 8: ${SSG_PRODUCT_ALMALINUX8}") message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") + message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}") message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") - message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") -@@ -333,13 +335,15 @@ endif() - if (SSG_PRODUCT_ALINUX3) +@@ -349,6 +351,9 @@ endif() + if(SSG_PRODUCT_ALINUX3) add_subdirectory("products/alinux3" "alinux3") endif() -+if (SSG_PRODUCT_ALMALINUX8) ++if(SSG_PRODUCT_ALMALINUX8) + add_subdirectory("products/almalinux8" "almalinux8") +endif() - if (SSG_PRODUCT_ANOLIS8) + if(SSG_PRODUCT_ANOLIS8) add_subdirectory("products/anolis8" "anolis8") endif() - if (SSG_PRODUCT_CHROMIUM) - add_subdirectory("products/chromium" "chromium") - endif() -- - if (SSG_PRODUCT_DEBIAN10) - add_subdirectory("products/debian10" "debian10") - endif() diff --git a/build_product b/build_product -index fc793cbe7..bc7ab2ac8 100755 +index ba8fb5d68..530afe68d 100755 --- a/build_product +++ b/build_product @@ -307,6 +307,7 @@ set_explict_build_targets() { @@ -45,36 +38,48 @@ index fc793cbe7..bc7ab2ac8 100755 ALINUX3 + ALMALINUX8 ANOLIS8 + ANOLIS23 CHROMIUM - DEBIAN10 diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake -index 6ca61cb10..adc73a09a 100644 +index 62909dbf2..d85193dcf 100644 --- a/cmake/SSGCommon.cmake +++ b/cmake/SSGCommon.cmake -@@ -751,7 +751,7 @@ macro(ssg_build_product PRODUCT) +@@ -831,7 +831,7 @@ macro(ssg_build_product PRODUCT) add_dependencies(html-stats ${PRODUCT}-html-stats) add_dependencies(html-profile-stats ${PRODUCT}-html-profile-stats) -- if (SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "rhel(7|8)") -+ if (SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "almalinux8") +- if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "rhel(7|8)") ++ if(SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "almalinux8") ssg_build_disa_delta(${PRODUCT} "stig") add_dependencies(${PRODUCT} generate-ssg-delta-${PRODUCT}-stig) endif() +diff --git a/components/rpm.yml b/components/rpm.yml +index 2b00bd908..4fc431b04 100644 +--- a/components/rpm.yml ++++ b/components/rpm.yml +@@ -9,6 +9,7 @@ rules: + - dnf-automatic_apply_updates + - dnf-automatic_security_updates_only + - ensure_GPG_keys_are_configured ++- ensure_almalinux_gpgkey_installed + - ensure_fedora_gpgkey_installed + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages diff --git a/controls/anssi.yml b/controls/anssi.yml -index 9e631d1de..2961e1526 100644 +index 35e111d11..6f813c160 100644 --- a/controls/anssi.yml +++ b/controls/anssi.yml -@@ -297,7 +297,7 @@ controls: +@@ -1155,7 +1155,7 @@ controls: - ensure_gpgcheck_never_disabled - ensure_gpgcheck_globally_activated - ensure_gpgcheck_local_packages - - ensure_redhat_gpgkey_installed + - ensure_almalinux_gpgkey_installed - ensure_oracle_gpgkey_installed - - ensure_suse_gpgkey_installed + - id: R60 diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml -index efc53d03f..254c5f0e4 100644 +index afa162a66..4584a123a 100644 --- a/controls/cis_rhel8.yml +++ b/controls/cis_rhel8.yml @@ -349,7 +349,7 @@ controls: @@ -87,10 +92,10 @@ index efc53d03f..254c5f0e4 100644 - id: 1.2.3 title: Ensure gpgcheck is globally activated (Automated) diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml -index 30f7e8d18..1ff31a0c7 100644 +index b97ce59ea..0fbb5ffe3 100644 --- a/controls/cis_rhel9.yml +++ b/controls/cis_rhel9.yml -@@ -304,7 +304,7 @@ controls: +@@ -306,7 +306,7 @@ controls: - l1_workstation status: manual related_rules: @@ -100,16 +105,18 @@ index 30f7e8d18..1ff31a0c7 100644 - id: 1.2.2 title: Ensure gpgcheck is globally activated (Automated) diff --git a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml -index ba143b86b..903a00ac5 100644 +index 6d494547b..71d2df788 100644 --- a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml +++ b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml -@@ -13,7 +13,7 @@ controls: +@@ -12,9 +12,7 @@ controls: + - ensure_gpgcheck_globally_activated - ensure_gpgcheck_local_packages - ensure_gpgcheck_never_disabled - {{% if 'rhel' in product %}} +- {{% if 'rhel' in product %}} - - ensure_redhat_gpgkey_installed +- {{% endif %}} + - ensure_almalinux_gpgkey_installed - {{% endif %}} + - ensure_oracle_gpgkey_installed status: automated diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml @@ -160,15 +167,39 @@ index 0db51bd1b..b7cf62ece 100644 title: 'Restrict Information Published by Avahi' +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml +index e88bbf4ef..a49c65b2e 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi-autoipd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15 + + title: 'Uninstall avahi-autoipd Server Package' + +diff --git a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml +index ae6e5f38f..9a72ea715 100644 +--- a/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml ++++ b/linux_os/guide/services/avahi/disable_avahi_group/package_avahi_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 + + title: 'Uninstall avahi Server Package' + diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml -index 6d5ebf540..05970eafa 100644 +index 9994d5921..5f5523d1d 100644 --- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Disable Avahi Server Software' @@ -206,14 +237,14 @@ index b5a0e7174..0b6a33ff6 100644 title: 'Install the psacct package' diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml -index 38557afea..7f96c4cd3 100644 +index 5ac0b0ee9..434932977 100644 --- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,uos20 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,uos20 +-prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,uos20 ++prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,uos20 title: 'Disable Automatic Bug Reporting Tool (abrtd)' @@ -368,15 +399,15 @@ index 591897122..ec402d363 100644 title: 'Enable Process Accounting (psacct)' diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml -index c71ce1b23..89a39a7c1 100644 +index 62bebd735..eb6e1efc8 100644 --- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml @@ -1,7 +1,7 @@ documentation_complete: true # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,uos20 +-prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,uos20 title: 'Disable Apache Qpid (qpidd)' @@ -393,14 +424,14 @@ index 604f053c0..be4a9ca10 100644 title: 'Disable Quota Netlink (quota_nld)' diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml -index 7ca16e386..1a896bc13 100644 +index 3a9b0cd98..d5bd83bf0 100644 --- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,uos20 +-prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,uos20 title: 'Disable Network Router Discovery Daemon (rdisc)' @@ -465,326 +496,326 @@ index 932061531..0ac567a3d 100644 title: 'Disable anacron Service' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml -index b56d06eae..ed3d360ec 100644 +index 77b163e60..b8b845a80 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml -index 909b41757..426653836 100644 +index ff0443ac5..45007afd6 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml -index 16c756978..cd5a1c8af 100644 +index 63dd951d7..479e9df7a 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml -index 2840534a5..c52cfa416 100644 +index 6d4493560..cbe4eba4d 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml -index c9e039124..565e90315 100644 +index 687b84698..5acfc2574 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml -index 277c9c9d9..ebb887560 100644 +index b980bc125..841109a6e 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns Crontab' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml -index c941caa5c..4c7e19288 100644 +index c2d050d27..f3a64820d 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Owner on cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml -index d0a6675fa..0f18f4bcf 100644 +index 6024de5c6..b4c1da9e1 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Owner on cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml -index 65b3ba05a..eecd6f911 100644 +index 46320b462..f020455c2 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Owner on cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml -index f72fb065e..2ed480296 100644 +index 18afaf1da..e6088935b 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Owner on cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml -index 80175dcca..7012c71b7 100644 +index d76c2031c..8005bf3a3 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Owner on cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml -index 3df7aba3f..908b6acef 100644 +index b9c4bcce4..d2e5b6862 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Owner on crontab' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml -index e15a2f68b..6d8e81070 100644 +index bdc53cc7c..1b7f39525 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml -index ce3f09ada..69cfe8c2b 100644 +index 24b4cf5e5..0733a954b 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml -index fc59dfe62..b2ead4699 100644 +index 6e0da2bac..787942544 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml -index 1c78762ca..c98499508 100644 +index 5f5e5f6ec..bd8dd3930 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml -index 476a3125f..9defb4c81 100644 +index c4ea83653..089202790 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml -index 9d344b64b..2caa8ee03 100644 +index e29f65023..c8c9f13f9 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on crontab' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml -index 51e2d97b1..4b728ad78 100644 +index 169db9bc0..ba14b6a92 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204 title: 'Ensure that /etc/at.deny does not exist' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml -index 132288177..e9452eac9 100644 +index ff1fb5c57..8871a30ab 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204 title: 'Ensure that /etc/cron.deny does not exist' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml -index 6a1eff2d2..69e3e3968 100644 +index dfa5e7fc6..34518a56a 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns /etc/at.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml -index a74bf116b..4cb408f2e 100644 +index 66b4a228b..762d3ef75 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns /etc/cron.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml -index ed08e6442..4da838ae5 100644 +index 843e6af80..117f4a4a5 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify User Who Owns /etc/cron.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml -index da7a2286e..b7bbc4916 100644 +index d0e6dfd0c..7bfe84cc4 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on /etc/at.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml -index 42275f213..6a6f8b778 100644 +index 2b5f5e207..8a0ee1821 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on /etc/cron.allow file' diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml -index 91f458db0..0c72c1314 100644 +index 53b236464..e7113fab9 100644 --- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 -+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,uos20 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,uos20 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,uos20 title: 'Disable At Service (atd)' diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml -index ec390e36c..4d73d6d4a 100644 +index b2f6cddb1..397eae7ed 100644 --- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Enable cron Service' @@ -849,50 +880,50 @@ index 6c9c0b02b..bda84dff8 100644 title: 'Disable DHCP Client in ifcfg' diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml -index 9fd433b7c..dd24372ff 100644 +index cd80412b3..047485912 100644 --- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall DHCP Server Package' diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml -index 356f23677..af3333626 100644 +index 0b54e6c74..8ce6c9efc 100644 --- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable DHCP Service' diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml -index eed8c2545..0ebd8cc7a 100644 +index 392785165..7872555cc 100644 --- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 -+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204,uos20 title: 'Uninstall bind Package' diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml -index ce858b1d8..1beccd391 100644 +index 87843736d..5825bf707 100644 --- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable named Service' @@ -933,7 +964,7 @@ index 05aa23441..8c4416440 100644 title: 'Disable Zone Transfers from the Nameserver' diff --git a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml -index 52c640e85..4875f4042 100644 +index c2de306f6..d6af16a9b 100644 --- a/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml +++ b/linux_os/guide/services/fapolicyd/fapolicy_default_deny/rule.yml @@ -1,6 +1,6 @@ @@ -1014,7 +1045,7 @@ index 57e01f723..f1efa8bba 100644 ocil_clause: 'the service is not enabled' diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml -index 1995163a1..9bb06ebdd 100644 +index f88eea4f0..52da81382 100644 --- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml @@ -1,6 +1,6 @@ @@ -1025,7 +1056,7 @@ index 1995163a1..9bb06ebdd 100644 title: 'Uninstall vsftpd Package' -@@ -40,7 +40,7 @@ references: +@@ -41,7 +41,7 @@ references: stigid@ol7: OL07-00-040690 stigid@ol8: OL08-00-040360 stigid@rhel7: RHEL-07-040690 @@ -1035,14 +1066,14 @@ index 1995163a1..9bb06ebdd 100644 stigid@sle15: SLES-15-010030 diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml -index bd77bb3f1..bb251d133 100644 +index dc79102fd..87f348bad 100644 --- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable vsftpd Service' @@ -1119,29 +1150,41 @@ index 6aa51e736..289415f17 100644 title: 'Install vsftpd Package' diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml -index 7462b9c7f..0fc804eda 100644 +index 044177ba3..f063d8cbe 100644 --- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall httpd Package' diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml -index d71d6003f..55c6beaab 100644 +index c650de2a3..1f7442551 100644 --- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sel12,sle15 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sel12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sel12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sel12,sle15 title: 'Disable httpd Service' +diff --git a/linux_os/guide/services/http/disabling_nginx/package_nginx_removed/rule.yml b/linux_os/guide/services/http/disabling_nginx/package_nginx_removed/rule.yml +index 171b5262d..eb0826aec 100644 +--- a/linux_os/guide/services/http/disabling_nginx/package_nginx_removed/rule.yml ++++ b/linux_os/guide/services/http/disabling_nginx/package_nginx_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9,ubuntu2004,ubuntu2204 ++prodtype: fedora,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204 + + title: 'Uninstall nginx Package' + diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml index bb71b36f9..38cbb050d 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml @@ -1874,27 +1917,39 @@ index d88e1120b..5744fe457 100644 title: 'Enable the SSL flag in /etc/dovecot.conf' +diff --git a/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml +index 9d039807d..1ee966ca3 100644 +--- a/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml ++++ b/linux_os/guide/services/imap/disabling_cyrus-imapd/package_cyrus-imapd_removed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: fedora,rhel8,rhel9,ubuntu2004,ubuntu2204 ++prodtype: fedora,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204 + + title: 'Uninstall cyrus-imapd Package' + diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml -index 27457df04..7180d59dd 100644 +index 87b82fee6..83729c9e4 100644 --- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall dovecot Package' diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml -index b5abe51d5..e5aac4e0a 100644 +index 5968c1a2f..6918a9e23 100644 --- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable Dovecot Service' @@ -2001,41 +2056,76 @@ index e05e43a9f..9ea470b87 100644 title: 'Configure Certificate Directives for LDAP Use of TLS' diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml -index 8244e0504..3f669b769 100644 +index 2ec31a290..309750ccc 100644 --- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml -@@ -1,6 +1,6 @@ +@@ -8,7 +8,7 @@ + documentation_complete: true --prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 title: 'Ensure LDAP client is not installed' diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml -index 5cc0bd10d..ecdfae110 100644 +index bf75fffce..cac047f38 100644 --- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml -@@ -1,6 +1,6 @@ +@@ -11,7 +11,7 @@ + documentation_complete: true --prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 ++prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,ubuntu2204 title: 'Uninstall openldap-servers Package' diff --git a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml -index 8501b6286..531539010 100644 +index c94722d9e..287338250 100644 --- a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +++ b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 -+prodtype: alinux2,alinux3,anolis8,rhel8,almalinux8,rhel9 +-prodtype: alinux2,alinux3,anolis23,anolis8,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis23,anolis8,rhel8,almalinux8,rhel9 title: 'Disable LDAP Server (slapd)' +diff --git a/linux_os/guide/services/mail/has_nonlocal_mta/rule.yml b/linux_os/guide/services/mail/has_nonlocal_mta/rule.yml +index 565693471..1c9917262 100644 +--- a/linux_os/guide/services/mail/has_nonlocal_mta/rule.yml ++++ b/linux_os/guide/services/mail/has_nonlocal_mta/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204 ++prodtype: rhel7,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204 + + title: 'Ensure Mail Transfer Agent is not Listening on any non-loopback Address' + +diff --git a/linux_os/guide/services/mail/package_mailx_installed/rule.yml b/linux_os/guide/services/mail/package_mailx_installed/rule.yml +index fcdc7f07b..398e475b2 100644 +--- a/linux_os/guide/services/mail/package_mailx_installed/rule.yml ++++ b/linux_os/guide/services/mail/package_mailx_installed/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle12,sle15 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15 + + title: 'The mailx Package Is Installed' + +@@ -27,7 +27,7 @@ references: + stigid@ol7: OL07-00-020028 + stigid@ol8: OL08-00-010358 + stigid@rhel7: RHEL-07-020028 +- stigid@rhel8: RHEL-08-010358 ++ stigid@almalinux8: RHEL-08-010358 + stigid@sle12: SLES-12-010498 + stigid@sle15: SLES-15-010418 + diff --git a/linux_os/guide/services/mail/package_postfix_installed/rule.yml b/linux_os/guide/services/mail/package_postfix_installed/rule.yml index a2b8325d2..1b7a24e1f 100644 --- a/linux_os/guide/services/mail/package_postfix_installed/rule.yml @@ -2114,7 +2204,7 @@ index c5e7ae18c..1ab2a0a40 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh -index 93a9e5878..5768cb749 100644 +index befe1acf3..e36b1fd3e 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh @@ -1,4 +1,4 @@ @@ -2124,14 +2214,14 @@ index 93a9e5878..5768cb749 100644 {{{ bash_instantiate_variables("var_postfix_inet_interfaces") }}} diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml -index 1c94cefa7..7f42093e5 100644 +index 6366a2d1a..3f5c8b483 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204 +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Disable Postfix Network Listening' @@ -2169,14 +2259,14 @@ index 379999e33..f6820af4f 100644 ocil_clause: 'the "smtpd_client_restrictions" parameter contains any entries other than "permit_mynetworks" and "reject"' diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml -index 8120beda0..19595cd1d 100644 +index 40e23a91d..714b90457 100644 --- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204 -+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204 +-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Enable Postfix Service' @@ -2205,14 +2295,14 @@ index 2524bf798..e398c3121 100644 title: 'Disable Network File System Lock Service (nfslock)' diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml -index 0b6c8d464..c72d048d9 100644 +index a85028384..bbf0b2741 100644 --- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable rpcbind Service' @@ -2301,14 +2391,14 @@ index 73a0d70b6..36a53e464 100644 title: 'Specify UID and GID for Anonymous NFS Connections' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml -index 91f73abe9..01b7eac0c 100644 +index 083e7b30e..934468386 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable Network File System (nfs)' @@ -2325,14 +2415,14 @@ index c7d1c7a2b..b61ccdfdd 100644 title: 'Disable Secure RPC Server Service (rpcsvcgssd)' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml -index 9a95382a6..c864e7015 100644 +index a48edf779..045343f82 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,rhel7,rhel8,rhel9 -+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9 title: 'Mount Remote Filesystems with Kerberos Security' @@ -2448,7 +2538,7 @@ index c5983cbe8..0f39d0ff8 100644 title: 'Use Root-Squashing on All Exports' diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml -index 2e7632b7e..dec0c5f42 100644 +index 3de7c8db0..95b36f0a6 100644 --- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml @@ -1,6 +1,6 @@ @@ -2470,7 +2560,7 @@ index 524cdc7d0..2678708d2 100644 {{{ bash_replace_or_append(chrony_conf_path, '^port', '0', '%s %s') }}} diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml -index a97cf1a9f..f285ebb44 100644 +index c435df983..b80ffbf7b 100644 --- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml @@ -1,5 +1,5 @@ @@ -2512,7 +2602,7 @@ index 25b768688..a1e46bc12 100644 {{{ bash_replace_or_append(chrony_conf_path, '^cmdport', '0', '%s %s') }}} diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml -index a97cf1a9f..f285ebb44 100644 +index c435df983..b80ffbf7b 100644 --- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml @@ -1,5 +1,5 @@ @@ -2543,28 +2633,8 @@ index 782106734..2e304b52e 100644 ocil_clause: 'the "cmdport" option is not set to "0", is commented out, or is missing' -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml -index e571e6ee2..fa9118753 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel -+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux - # reboot = false - # strategy = restrict - # complexity = low -diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh -index f1bb759d9..a3d4dde5b 100644 ---- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh -+++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu - - {{{ bash_instantiate_variables("var_time_service_set_maxpoll") }}} - diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml -index a97cf1a9f..f285ebb44 100644 +index c435df983..b80ffbf7b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml @@ -1,5 +1,5 @@ @@ -2606,7 +2676,7 @@ index 6b76902a1..3925ca7b9 100644 {{{ bash_instantiate_variables("var_multiple_time_servers") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml -index a97cf1a9f..f285ebb44 100644 +index c435df983..b80ffbf7b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml @@ -1,5 +1,5 @@ @@ -2617,7 +2687,7 @@ index a97cf1a9f..f285ebb44 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml -index 03c694987..5dafa25d8 100644 +index f6a0da73f..df056993c 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml @@ -1,6 +1,6 @@ @@ -2639,7 +2709,7 @@ index 6bf4f9aae..fea88a083 100644 {{{ bash_instantiate_variables("var_multiple_time_servers") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml -index a97cf1a9f..f285ebb44 100644 +index c435df983..b80ffbf7b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml @@ -1,5 +1,5 @@ @@ -2650,7 +2720,7 @@ index a97cf1a9f..f285ebb44 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml -index 5e882bd16..a80ddb872 100644 +index c74221c05..bea6b54d6 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml @@ -1,6 +1,6 @@ @@ -2703,7 +2773,7 @@ index e1d712f25..325ed08c1 100644 {{%- endif %}} diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml -index 0f3dfd4a2..306dec361 100644 +index a1f8c234b..3c2f71739 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml @@ -1,11 +1,11 @@ @@ -2787,7 +2857,7 @@ index 69908e41f..0c506bca3 100644 diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml -index baffcb0e1..79cae0e53 100644 +index 0b386f6bc..20ec745c8 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml @@ -23,7 +23,7 @@ references: @@ -2951,7 +3021,7 @@ index 5f0ad2c6e..7c6175efb 100644 echo "server " > {{{ chrony_conf_path }}} diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml -index b9add5207..ac7b4cec9 100644 +index 739ab24b8..fadb459bf 100644 --- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml +++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml @@ -1,4 +1,4 @@ @@ -2971,26 +3041,26 @@ index f8a77aeee..33166cac2 100644 # strategy = enable # complexity = low diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml -index 3c3898fb0..373182011 100644 +index 8b7f66876..e756f45f5 100644 --- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15 ++prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 title: 'Enable the NTP Daemon' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml -index a602354c3..f3a302990 100644 +index 4bef92d96..b388bd537 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall xinetd Package' @@ -3008,26 +3078,26 @@ index 06ffe16cb..95d2c87ec 100644 title: 'Disable xinetd Service' diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml -index 9be95ffed..7e899d3b9 100644 +index c5f90c495..cad45cb27 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Remove NIS Client' diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml -index 6ab9cdac3..d6a96d70d 100644 +index b057fc5a8..9a498570a 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Uninstall ypserv Package' @@ -3044,53 +3114,43 @@ index ce41faf92..b2a4c7c4c 100644 title: 'Disable ypbind Service' diff --git a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml -index 4f414d3af..2daa6163f 100644 +index b302496d1..232671690 100644 --- a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel8,rhel9 -+prodtype: alinux2,alinux3,anolis8,rhel8,almalinux8,rhel9 +-prodtype: alinux2,alinux3,anolis23,anolis8,rhel8,rhel9 ++prodtype: alinux2,alinux3,anolis23,anolis8,rhel8,almalinux8,rhel9 title: 'Disable ypserv Service' diff --git a/linux_os/guide/services/obsolete/package_rsync_removed/rule.yml b/linux_os/guide/services/obsolete/package_rsync_removed/rule.yml -index d3139b999..75f03c459 100644 +index b7beb612c..2236ac031 100644 --- a/linux_os/guide/services/obsolete/package_rsync_removed/rule.yml +++ b/linux_os/guide/services/obsolete/package_rsync_removed/rule.yml @@ -6,7 +6,7 @@ documentation_complete: true --prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall rsync Package' -diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh -index 3a98b0947..bd5b8127e 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh -+++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol - - # Identify local mounts - MOUNT_LIST=$(df --local | awk '{ print $6 }') diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml -index 822b02f50..7fa4aeb9c 100644 +index 7ba8c1008..03df9fc97 100644 --- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Remove Host-Based Authentication Files' -@@ -33,7 +33,7 @@ references: +@@ -30,7 +30,7 @@ references: stigid@ol7: OL07-00-040550 stigid@ol8: OL08-00-010460 stigid@rhel7: RHEL-07-040550 @@ -3100,7 +3160,7 @@ index 822b02f50..7fa4aeb9c 100644 stigid@sle15: SLES-15-040030 diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml -index 6af0b5732..713381d73 100644 +index 9c6fc297c..7db8e8320 100644 --- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml @@ -1,4 +1,4 @@ @@ -3119,25 +3179,15 @@ index e64838b15..baaa07631 100644 find /root -xdev -type f -name ".rhosts" -exec rm -f {} \; find /home -maxdepth 2 -xdev -type f -name ".rhosts" -exec rm -f {} \; -diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh -index b7c88b077..a9c7c4e31 100644 ---- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh -+++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol -+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol - - # Identify local mounts - MOUNT_LIST=$(df --local | awk '{ print $6 }') diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml -index 43da70e0f..c05b0a93c 100644 +index 8eb7f2db5..8ad951a1a 100644 --- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Remove User Host-Based Authentication Files' @@ -3151,14 +3201,14 @@ index 43da70e0f..c05b0a93c 100644 stigid@sle15: SLES-15-040020 diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml -index b2e659932..b0caa23e3 100644 +index ccfe39dee..60b881114 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall rsh-server Package' @@ -3172,14 +3222,14 @@ index b2e659932..b0caa23e3 100644 {{{ complete_ocil_entry_package(package="rsh-server") }}} diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml -index e343810ac..d71fff5d3 100644 +index 45e79f6de..18a1e2cc2 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall rsh Package' @@ -3221,54 +3271,54 @@ index fa3fbd472..0af455948 100644 title: 'Disable rsh Service' diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml -index 315af3908..85341a15e 100644 +index 976fdaaec..01c2f61b2 100644 --- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Ensure rsyncd service is disabled' diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml -index 8ca257b6f..d7a907ce9 100644 +index 0331db92e..1cbe94b4c 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Uninstall talk-server Package' diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml -index ea67a07fe..9527c3e4b 100644 +index 14317060b..8d9b49ceb 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall talk Package' diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml -index 2780aafb9..6957bf8ce 100644 +index 080785dd8..5bc855e65 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Uninstall telnet-server Package' -@@ -52,7 +52,7 @@ references: +@@ -54,7 +54,7 @@ references: stigid@ol7: OL07-00-021710 stigid@ol8: OL08-00-040000 stigid@rhel7: RHEL-07-021710 @@ -3278,14 +3328,14 @@ index 2780aafb9..6957bf8ce 100644 stigid@sle15: SLES-15-010180 diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml -index b1c974e80..3e418beff 100644 +index 2571d5072..83c855863 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Remove telnet Clients' @@ -3302,18 +3352,18 @@ index a38c0cc48..1205b52bb 100644 title: 'Disable telnet Service' diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml -index f9328616a..75d5a86a2 100644 +index 9268c850c..a1c0b26ee 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 -+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Uninstall tftp-server Package' -@@ -40,7 +40,7 @@ references: +@@ -41,7 +41,7 @@ references: stigid@ol7: OL07-00-040700 stigid@ol8: OL08-00-040190 stigid@rhel7: RHEL-07-040700 @@ -3323,14 +3373,14 @@ index f9328616a..75d5a86a2 100644 {{{ complete_ocil_entry_package(package="tftp-server") }}} diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml -index ac1bafde0..aae1b00cd 100644 +index 35e0a2f93..adecc4f84 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Remove tftp Daemon' @@ -3346,35 +3396,15 @@ index 56889e4a6..136a095f0 100644 title: 'Disable tftp Service' -diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml -index ac39e46a6..dc82d6507 100644 ---- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml -+++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml -@@ -1,4 +1,4 @@ --# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 -+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 - # reboot = false - # complexity = low - # strategy = configure -diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh -index 1560f0c1e..43a88b1bf 100644 ---- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh -+++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh -@@ -1,4 +1,4 @@ --# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 -+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 - - {{{ bash_instantiate_variables ("var_tftpd_secure_directory") }}} - diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml -index dd0bd7983..757ed6c1e 100644 +index 9dd7a8bdd..c04aa9bb5 100644 --- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml @@ -1,13 +1,13 @@ documentation_complete: true --prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Ensure tftp Daemon Uses Secure Mode' @@ -3463,38 +3493,38 @@ index df44086ff..505489ac1 100644 title: 'Uninstall CUPS Package' diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml -index 1c9a75bc5..acb6c6223 100644 +index a32b94c36..0078426f4 100644 --- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml +++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Disable the CUPS Service' diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml -index c0d33e434..23cef9be2 100644 +index c2cc9410c..5f594bb49 100644 --- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall squid Package' diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml -index 9321e667b..fcbb8717a 100644 +index 2ca96be83..0efd63467 100644 --- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable Squid' @@ -3511,7 +3541,7 @@ index 7c01c09b4..89f28d22e 100644 title: 'Remove the FreeRadius Server Package' diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml -index 9993786dc..88041fd82 100644 +index 4e39496fc..d5f95bc94 100644 --- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml @@ -1,6 +1,6 @@ @@ -3523,14 +3553,14 @@ index 9993786dc..88041fd82 100644 title: 'Enable the Hardware RNG Entropy Gatherer Service' diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml -index 4c37ae2f7..53ecf1017 100644 +index 40f9fa887..0fb36eb1e 100644 --- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,rhel7,rhel8,rhel9 -+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9 title: 'Uninstall quagga Package' @@ -3615,31 +3645,31 @@ index 0cf80fb63..d9978cea7 100644 title: 'Disable Root Access to SMB Shares' diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml -index 1f75e60ce..56b8080d0 100644 +index 1b633c648..6173c3981 100644 --- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Uninstall Samba Package' diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml -index 76303fa12..c16638e40 100644 +index 0370bdb36..abcc1609f 100644 --- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable Samba' diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml -index 271f1f27e..2eadb3218 100644 +index 3f8d8cf5c..1a68caab8 100644 --- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml @@ -1,6 +1,6 @@ @@ -3651,14 +3681,14 @@ index 271f1f27e..2eadb3218 100644 title: 'Uninstall net-snmp Package' diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml -index be039de1f..b489cfe5c 100644 +index 47810df3f..bada9a5ab 100644 --- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,debian10,debian11,rhel7,rhel8,rhel9,sle12,sle15 -+prodtype: alinux2,alinux3,anolis8,debian10,debian11,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 +-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,rhel7,rhel8,rhel9,sle12,sle15 ++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable snmpd Service' @@ -3729,46 +3759,188 @@ index 309efb9aa..d8c7643df 100644 title: 'Configure SNMP Service to Use Only SNMPv3 or Newer' diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml -index e393c6c2c..69645e333 100644 +index 2262fb3b8..35c861e72 100644 --- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Group Who Owns SSH Server config file' +diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh +index cd5171c1b..6301578ba 100644 +--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh ++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + if ! grep -q ssh_keys /etc/group; then + groupadd ssh_keys +diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh +index 840370623..c64f052be 100644 +--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh ++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/incorrect_groupowner.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_group="cac_testgroup" + groupadd $test_group +diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh +index 4964fe4a1..f5fd88dd3 100644 +--- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh ++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/multiple_keys.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_group="cac_testgroup" + groupadd $test_group +diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh +index 8028e0466..36ebda0b3 100644 +--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh ++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/correct_groupowner.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub) + chgrp root "$FAKE_KEY" +diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh +index 56c713f3d..505f3adfb 100644 +--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh ++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/incorrect_groupowner.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_group="cac_testgroup" + groupadd $test_group +diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh +index 7cffa2c97..9c0f3a28b 100644 +--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh ++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/missing_file_test.pass.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + rm -f /etc/ssh/*.pub +diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh +index b6bef987d..799d5044b 100644 +--- a/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh ++++ b/linux_os/guide/services/ssh/file_groupownership_sshd_pub_key/tests/multiple_keys.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_group="cac_testgroup" + groupadd $test_group diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml -index fa43ddc59..c05d15e3a 100644 +index 8785509dc..05ca4d2fb 100644 --- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Owner on SSH Server config file' +diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh +index b36e8a3d7..494455df2 100644 +--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh ++++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/correct_owner.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key) + chown root "$FAKE_KEY" +diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh +index 30da398eb..4ee3a3c1f 100644 +--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh ++++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/incorrect_owner.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_user="cac_testuser" + useradd $test_user +diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh +index 59f414be3..484da1eec 100644 +--- a/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh ++++ b/linux_os/guide/services/ssh/file_ownership_sshd_private_key/tests/multiple_keys.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_user="cac_testuser" + useradd $test_user +diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh +index adc985a1a..489f65995 100644 +--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh ++++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/correct_owner.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX.pub) + chown root "$FAKE_KEY" +diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh +index 4fa528fe3..bbc3c6147 100644 +--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh ++++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/incorrect_owner.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_user="cac_testuser" + useradd $test_user +diff --git a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh +index 16878dc1d..6c3983a9d 100644 +--- a/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh ++++ b/linux_os/guide/services/ssh/file_ownership_sshd_pub_key/tests/multiple_keys.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + + test_user="cac_testuser" + useradd $test_user diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml -index 3d00dec4b..0d1ba1620 100644 +index a69ba302e..0d18107c7 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,alinux3,anolis8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 ++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 title: 'Verify Permissions on SSH Server config file' diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml -index a788cbfbf..64b431417 100644 +index db40366db..c272a6cf1 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml -@@ -57,7 +57,7 @@ references: +@@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-040420 stigid@ol8: OL08-00-010490 stigid@rhel7: RHEL-07-040420 @@ -3811,10 +3983,10 @@ index 48ecfbcac..c5a05db8b 100644 FAKE_KEY=$(mktemp -p /etc/ssh/ XXXX_key) chown root:ssh_keys "$FAKE_KEY" diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml -index fc1d64b91..c08e8d3f9 100644 +index 00d4222c8..d5da97ceb 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml -@@ -42,7 +42,7 @@ references: +@@ -43,7 +43,7 @@ references: stigid@ol7: OL07-00-040410 stigid@ol8: OL08-00-010480 stigid@rhel7: RHEL-07-040410 @@ -3861,14 +4033,14 @@ index 984773361..e088ea707 100644 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml -index 158df38e1..f9a51aa7c 100644 +index 5d7fd206b..409ecabe0 100644 --- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Enable the OpenSSH Service' @@ -3957,6 +4129,27 @@ index 53728a2b3..6021e093e 100644 title: 'SSH client uses strong entropy to seed (Bash-like shells)' +diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml +index 70d9bc7cc..590365cce 100644 +--- a/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_client/ssh_keys_passphrase_protected/rule.yml +@@ -1,6 +1,6 @@ + documentation_complete: true + +-prodtype: ol9,rhel8,rhel9 ++prodtype: ol9,rhel8,almalinux8,rhel9 + + title: 'Verify the SSH Private Key Files Have a Passcode' + +@@ -24,7 +24,7 @@ identifiers: + + references: + srg: SRG-OS-000067-GPOS-00035 +- stigid@rhel8: RHEL-08-010100 ++ stigid@almalinux8: RHEL-08-010100 + + ocil_clause: 'no ssh private key is accessible without a passcode' + diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml index 5a97f74df..104b27f3f 100644 --- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml @@ -3969,14 +4162,14 @@ index 5a97f74df..104b27f3f 100644 kind: MachineConfig spec: diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml -index 7446a6237..79fb20432 100644 +index fb6956152..f4c76c7a2 100644 --- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 -+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 +-prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4 ++prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Enable SSH Server firewalld Firewall Exception' @@ -4021,10 +4214,10 @@ index 7c01208c4..8e6c9a53a 100644 {{{ bash_instantiate_variables("var_sshd_disable_compression") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml -index 21129b0e8..285b4ae6f 100644 +index 6d4760f4b..fac972e1a 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml -@@ -58,7 +58,7 @@ references: +@@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-010300 stigid@ol8: OL08-00-020330 stigid@rhel7: RHEL-07-010300 @@ -4034,7 +4227,7 @@ index 21129b0e8..285b4ae6f 100644 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml -index 60a2133f5..fcad3e02f 100644 +index 84e5d497f..63794190a 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml @@ -43,7 +43,7 @@ references: @@ -4043,11 +4236,11 @@ index 60a2133f5..fcad3e02f 100644 stigid@rhel7: RHEL-07-040430 - stigid@rhel8: RHEL-08-010522 + stigid@almalinux8: RHEL-08-010522 - vmmsrg: SRG-OS-000480-VMM-002000 {{{ complete_ocil_entry_sshd_option(default="yes", option="GSSAPIAuthentication", value="no") }}} + diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml -index 74e47d13a..21bae6ff4 100644 +index 05de4709b..247057b8e 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml @@ -44,7 +44,7 @@ references: @@ -4056,9 +4249,9 @@ index 74e47d13a..21bae6ff4 100644 stigid@rhel7: RHEL-07-040440 - stigid@rhel8: RHEL-08-010521 + stigid@almalinux8: RHEL-08-010521 - vmmsrg: SRG-OS-000480-VMM-002000 {{{ complete_ocil_entry_sshd_option(default="yes", option="KerberosAuthentication", value="no") }}} + diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml index 228a1166a..6ba91af43 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml @@ -4080,10 +4273,10 @@ index 5a1ec5cf7..d240b4711 100644 {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^RhostsRSAAuthentication', 'no', '%s %s') }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml -index f3f3020b3..95b3b9ea4 100644 +index b5ff1dad5..7c415483e 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml -@@ -54,7 +54,7 @@ references: +@@ -56,7 +56,7 @@ references: stigid@ol7: OL07-00-040370 stigid@ol8: OL08-00-010550 stigid@rhel7: RHEL-07-040370 @@ -4091,7 +4284,7 @@ index f3f3020b3..95b3b9ea4 100644 + stigid@almalinux8: RHEL-08-010550 stigid@sle12: SLES-12-030140 stigid@sle15: SLES-15-020040 - vmmsrg: SRG-OS-000480-VMM-002000 + diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml index 0bb62b7c9..abd0e26ca 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml @@ -4106,10 +4299,10 @@ index 0bb62b7c9..abd0e26ca 100644 stigid@sle15: SLES-15-040230 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml -index 5c6d5c80a..48fe05bf2 100644 +index 32174a5e8..fd2a31f60 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml -@@ -48,7 +48,7 @@ references: +@@ -49,7 +49,7 @@ references: stigid@ol7: OL07-00-040710 stigid@ol8: OL08-00-040340 stigid@rhel7: RHEL-07-040710 @@ -4119,10 +4312,10 @@ index 5c6d5c80a..48fe05bf2 100644 stigid@ubuntu2004: UBTU-20-010048 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml -index 1c4acb931..a65b524ce 100644 +index 11a371a73..27717b830 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml -@@ -52,7 +52,7 @@ references: +@@ -53,7 +53,7 @@ references: stigid@ol7: OL07-00-010460 stigid@ol8: OL08-00-010830 stigid@rhel7: RHEL-07-010460 @@ -4132,7 +4325,7 @@ index 1c4acb931..a65b524ce 100644 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml -index 7c1c1591e..b17dc34f9 100644 +index 322890154..de933b808 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml @@ -43,7 +43,7 @@ references: @@ -4143,12 +4336,12 @@ index 7c1c1591e..b17dc34f9 100644 + stigid@almalinux8: RHEL-08-010500 stigid@sle12: SLES-12-030230 stigid@sle15: SLES-15-040260 - vmmsrg: SRG-OS-000480-VMM-002000 + diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml -index 43e59e3ea..ba0acff7d 100644 +index 595170d70..88ce6bec7 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml -@@ -49,7 +49,7 @@ references: +@@ -47,7 +47,7 @@ references: stigid@ol7: OL07-00-040170 stigid@ol8: OL08-00-010040 stigid@rhel7: RHEL-07-040170 @@ -4156,7 +4349,7 @@ index 43e59e3ea..ba0acff7d 100644 + stigid@almalinux8: RHEL-08-010040 stigid@sle12: SLES-12-030050 stigid@sle15: SLES-15-010040 - vmmsrg: SRG-OS-000023-VMM-000060,SRG-OS-000024-VMM-000070 + diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml index 685504061..7ff5fd566 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml @@ -4204,10 +4397,10 @@ index 5b54ab892..4213bc152 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml -index abfed89d1..da0f2bd40 100644 +index 350284276..cd52923fd 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml -@@ -64,7 +64,7 @@ references: +@@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-040320 stigid@ol8: OL08-00-010201 stigid@rhel7: RHEL-07-040320 @@ -4217,12 +4410,12 @@ index abfed89d1..da0f2bd40 100644 stigid@sle15: SLES-15-010280 stigid@ubuntu2004: UBTU-20-010037 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml -index b280e21eb..8e1c18100 100644 +index c47506b42..0b8f7bd7f 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml @@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu +-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu # reboot = false # strategy = restrict # complexity = low @@ -4237,18 +4430,18 @@ index 3cfe760fb..cba9bf0c4 100644 {{{ bash_instantiate_variables("var_sshd_set_keepalive") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml -index 443356682..2c453eea7 100644 +index 7ef1b837f..c431970da 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/rule.yml -@@ -57,7 +57,7 @@ references: +@@ -58,7 +58,7 @@ references: pcidss: Req-8.1.8 + pcidss4: "8.2.8" srg: SRG-OS-000163-GPOS-00072,SRG-OS-000279-GPOS-00109 - stigid@ol7: OL07-00-040340 - stigid@rhel8: RHEL-08-010200 + stigid@almalinux8: RHEL-08-010200 stigid@sle12: SLES-12-030191 + stigid@sle15: SLES-15-010320 stigid@ubuntu2004: UBTU-20-010036 - vmmsrg: SRG-OS-000480-VMM-002000 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml index a7a2ed3d6..f4ba85ff9 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml @@ -4291,26 +4484,135 @@ index fcdb800c2..77c3e82da 100644 #!/bin/bash SSHD_CONFIG="/etc/ssh/sshd_config" diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml -index 9b5ceb388..5f15749f5 100644 +index a1cff08ea..94c1863c0 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004 title: 'Use Only FIPS 140-2 Validated Ciphers' +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml +index a467993d6..1d24c8731 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/rule.yml +@@ -16,7 +16,7 @@ + + documentation_complete: true + +-prodtype: ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004 ++prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004 + + title: 'Use Only FIPS 140-2 Validated Key Exchange Algorithms' + +@@ -49,7 +49,7 @@ references: + stigid@ol7: OL07-00-040712 + stigid@ol8: OL08-00-040342 + stigid@rhel7: RHEL-07-040712 +- stigid@rhel8: RHEL-08-040342 ++ stigid@almalinux8: RHEL-08-040342 + stigid@sle12: SLES-12-030270 + stigid@sle15: SLES-15-040450 + stigid@ubuntu2004: UBTU-20-010045 +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh +index d9775be43..8abd5c4ee 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + source common.sh + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh +index 5e7246205..6de325120 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + source common.sh + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh +index 11e8fe96d..00b69cd2c 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + source common.sh + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh +index a2528cb30..0c8dcf1ba 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + source common.sh + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh +index 3fd2901a9..2e3d34fef 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/default_fips.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8 ++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8 + + source common.sh + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh +index 63213b5d1..7d20761ba 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh +@@ -1,4 +1,4 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + source common.sh +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh +index 59dee5b9e..b0f66c148 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + source common.sh + +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh +index 0e12d5a2a..d825167a3 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + source common.sh + diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml -index 6eaea80d8..8cb79f3a0 100644 +index 2ddb6f7ab..e27d212ab 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: alinux2,ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004,ubuntu2204 -+prodtype: alinux2,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004,ubuntu2204 +-prodtype: alinux2,ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004 ++prodtype: alinux2,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004 title: 'Use Only FIPS 140-2 Validated MACs' @@ -4371,15 +4673,15 @@ index 5a98fc0eb..846cdd444 100644 sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml -index 69f4b7c74..f4544cb69 100644 +index f1e9853d6..edd9ebea8 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml @@ -2,7 +2,7 @@ documentation_complete: true # TODO: The plan is not to need this for RHEL>=8.4 # TODO: Compliant setting is SSH_USE_STRONG_RNG set to 32 or more --prodtype: ol8,rhel8,rhel9 -+prodtype: ol8,rhel8,almalinux8,rhel9 +-prodtype: fedora,ol8,rhel8,rhel9 ++prodtype: fedora,ol8,rhel8,almalinux8,rhel9 title: 'SSH server uses strong entropy to seed' @@ -4393,14 +4695,14 @@ index 69f4b7c74..f4544cb69 100644 ocil: |- To determine whether the SSH service is configured to use strong entropy seed, diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml -index 8aac236b7..f481f8a53 100644 +index 3a58720dd..5d2d9837a 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true --prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,ubuntu2004,ubuntu2204 -+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,ubuntu2004,ubuntu2204 +-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,ubuntu2004 ++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,ubuntu2004 title: 'Prevent remote hosts from connecting to the proxy display' @@ -4557,7 +4859,7 @@ index 44878eb57..473279288 100644 title: 'Configure SSSD LDAP Backend to Use TLS For All Transactions' diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml -index 0e2eefedf..5d4c828e0 100644 +index c93d7a59d..a6dff6f85 100644 --- a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml @@ -1,4 +1,4 @@ @@ -4567,7 +4869,7 @@ index 0e2eefedf..5d4c828e0 100644 # strategy = configure # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh -index c3ad7e882..dcee45546 100644 +index ea3c0946c..08e66dade 100644 --- a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh @@ -1,4 +1,4 @@ @@ -4619,17 +4921,17 @@ index ed8b1c4e1..bd14c9954 100644 warnings: - general: |- diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh -index d233bc61d..9e2c7d3bf 100644 +index 09e863e4a..ba1f546e9 100644 --- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol - SSSD_CONF="/etc/sssd/sssd.conf" - SSSD_CONF_DIR="/etc/sssd/conf.d/*.conf" + + diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml -index 984ee37a0..dcc310307 100644 +index 5af99bf8a..d557d3183 100644 --- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml @@ -1,6 +1,6 @@ @@ -4654,12 +4956,12 @@ index f82c9e386..e57bdf163 100644 ansible.builtin.stat: path: /usr/bin/authselect diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh -index 487b11b6b..e88f2c7a4 100644 +index b51312601..21ec5106e 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/bash/shared.sh -@@ -6,7 +6,7 @@ +@@ -13,7 +13,7 @@ umask u=rw,go= - {{{ bash_ensure_ini_config("/etc/sssd/sssd.conf", "pam", "pam_cert_auth", "True") }}} + umask $OLD_UMASK -{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] %}} +{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] %}} @@ -4689,7 +4991,7 @@ index c2ae4d39a..010ff0410 100644 comment="tests the presence of try_cert_auth or require_cert_auth in /etc/pam.d/smartcard-auth" id="test_sssd_enable_smartcards_allow_missing_name_smartcard_auth" version="2"> diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml -index eb3a99fb0..2420470bd 100644 +index 6ed233a70..30001883e 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml @@ -1,6 +1,6 @@ @@ -4709,15 +5011,15 @@ index eb3a99fb0..2420470bd 100644 Add or update "pam_sss.so" line in auth section of "/etc/pam.d/system-auth" file to include "try_cert_auth" or "require_cert_auth" option, like in the following example: 
-@@ -51,7 +51,7 @@ references:
-     pcidss: Req-8.3
+@@ -52,7 +52,7 @@ references:
+     pcidss4: "8.4"
      srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055
      stigid@ol8: OL08-00-020250
 -    stigid@rhel8: RHEL-08-020250
 +    stigid@almalinux8: RHEL-08-020250
-     vmmsrg: SRG-OS-000107-VMM-000530
  
  ocil_clause: 'smart cards are not enabled in SSSD'
+ 
 @@ -62,7 +62,7 @@ ocil: |-
      If configured properly, output should be
      
pam_cert_auth = True

@@ -4821,10 +5123,18 @@ index 43e19d382..2848e2072 100644
  SSSD_FILE="/etc/sssd/sssd.conf"
  rm -f $SSSD_FILE
 diff --git a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
-index 4733dae80..aedf9c9b4 100644
+index d71208630..55ec767b9 100644
 --- a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
 +++ b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
-@@ -36,7 +36,7 @@ references:
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: ol8,ol9,rhel8,rhel9
++prodtype: ol8,ol9,rhel8,almalinux8,rhel9
+ 
+ title: 'SSSD Has a Correct Trust Anchor'
+ 
+@@ -37,7 +37,7 @@ references:
    nist: IA-5 (2) (a)
    srg: SRG-OS-000066-GPOS-00034,SRG-OS-000384-GPOS-00167
    stigid@ol8: OL08-00-010090
@@ -4844,7 +5154,7 @@ index 7cfba003b..fb36bb099 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
-index d749de10e..9ee217470 100644
+index e7d5d3916..ed768f876 100644
 --- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
 +++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -4854,7 +5164,7 @@ index d749de10e..9ee217470 100644
  {{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}}
  
 diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
-index ae98eb6ea..ef2e1802f 100644
+index 5439e1bdc..5aa7f78c6 100644
 --- a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
 +++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
 @@ -1,6 +1,6 @@
@@ -4876,7 +5186,7 @@ index ebdf0136b..73916d8d1 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh
-index a7c8bedc0..f255d3dd9 100644
+index 890254c8e..2b6103e93 100644
 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh
 +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -4908,7 +5218,7 @@ index 9741e2e56..6bcb1102d 100644
    comment="tests the value of cache_credentials setting in the /etc/sssd/sssd.conf file"
    id="test_sssd_cache_credentials" version="1">
 diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
-index 34d0ea06b..9db295312 100644
+index 15ef6aa83..39e6999df 100644
 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
 +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
 @@ -1,12 +1,12 @@
@@ -4935,7 +5245,7 @@ index 34d0ea06b..9db295312 100644
      stigid@sle12: SLES-12-010680
      stigid@sle15: SLES-15-010500
      stigid@ubuntu2004: UBTU-20-010441
-@@ -56,7 +56,7 @@ references:
+@@ -55,7 +55,7 @@ references:
  ocil_clause: 'it does not exist or is not configured properly'
  
  ocil: |-
@@ -4957,7 +5267,7 @@ index b2d1fe155..93d7ed93e 100644
  
  echo -e "[pam]\noffline_credentials_expiration = 2" >> $SSSD_CONF
 diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
-index ffb443d70..4444d8afd 100644
+index 3da9609d7..06586bd8a 100644
 --- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
 +++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -4989,7 +5299,7 @@ index 599683567..8fa06fa65 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
-index 21e0b485b..9658e047e 100644
+index f066ef1bd..01254fa6f 100644
 --- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
 +++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -5020,7 +5330,7 @@ index 331627492..72a361b30 100644
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
  {{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}}
 diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
-index 28780fb33..5ba53cf53 100644
+index c20527bf1..65a1c2862 100644
 --- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
 +++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
 @@ -1,6 +1,6 @@
@@ -5033,7 +5343,7 @@ index 28780fb33..5ba53cf53 100644
  
 @@ -27,7 +27,7 @@ references:
      ospp: FMT_SMF_EXT.1
-     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000471-GPOS-00215
+     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000471-GPOS-00215,SRG-APP-000141-CTR-000315
      stigid@ol8: OL08-00-030603
 -    stigid@rhel8: RHEL-08-030603
 +    stigid@almalinux8: RHEL-08-030603
@@ -5052,7 +5362,7 @@ index 9f18591b3..b49d5217a 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
-index 5b903676c..983dbebd8 100644
+index 47a65aeb6..13629af9a 100644
 --- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
 +++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -5063,7 +5373,7 @@ index 5b903676c..983dbebd8 100644
  
  title: 'Install usbguard Package'
  
-@@ -50,7 +50,7 @@ references:
+@@ -51,7 +51,7 @@ references:
      nist: CM-8(3),IA-3
      srg: SRG-OS-000378-GPOS-00163
      stigid@ol8: OL08-00-040139
@@ -5084,7 +5394,7 @@ index e9c55dfb0..9be805c13 100644
  kind: MachineConfig
  metadata:
 diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
-index 6bae6e0fa..bc4225a64 100644
+index e382a886f..4db8be23b 100644
 --- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
 +++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -5095,7 +5405,7 @@ index 6bae6e0fa..bc4225a64 100644
  
  title: 'Enable the USBGuard Service'
  
-@@ -28,7 +28,7 @@ references:
+@@ -27,7 +27,7 @@ references:
      ospp: FMT_SMF_EXT.1
      srg: SRG-OS-000378-GPOS-00163
      stigid@ol8: OL08-00-040141
@@ -5152,7 +5462,7 @@ index a5ff52550..324a058b1 100644
  title: 'Authorize USB hubs in USBGuard daemon'
  
 diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
-index aa7a3aa3f..099e3f475 100644
+index cca593262..5ac5c0678 100644
 --- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
 +++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -5172,7 +5482,7 @@ index 88d55f160..f2f336700 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
-index 9e2e0102b..156f699b8 100644
+index 40d4e8fb3..afaea296c 100644
 --- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
 +++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
 @@ -1,6 +1,6 @@
@@ -5183,7 +5493,7 @@ index 9e2e0102b..156f699b8 100644
  
  title: 'Generate USBGuard Policy'
  
-@@ -28,7 +28,7 @@ references:
+@@ -27,7 +27,7 @@ references:
      ospp: FMT_SMF_EXT.1
      srg: SRG-OS-000378-GPOS-00163
      stigid@ol8: OL08-00-040140
@@ -5193,7 +5503,7 @@ index 9e2e0102b..156f699b8 100644
  ocil_clause: 'there is no evidence that unauthorized peripherals are being blocked before establishing a connection'
  
 diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
-index 360c61a3d..2714404d6 100644
+index 170f89fc0..3b6324569 100644
 --- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
 +++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
 @@ -1,6 +1,6 @@
@@ -5235,25 +5545,15 @@ index 607ed945c..ce7c05668 100644
  
  ocil_clause: 'xorg related packages are not removed and run level is not correctly configured'
  
-diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml
-index 7c3ef5570..fbf7bcece 100644
---- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml
-+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
-+# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol
- # reboot = true
- # strategy = restrict
- # complexity = low
 diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
-index 2e32d3e90..61eee84a3 100644
+index ab3b7ccd5..9778a5356 100644
 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
 +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Disable X Windows Startup By Setting Default Target'
  
@@ -5307,7 +5607,7 @@ index 83f849522..c7be9f867 100644
  
  ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
-index 4f6d64fd7..3c980eea0 100644
+index 1dea09b2f..cbc23c694 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -5317,7 +5617,7 @@ index 4f6d64fd7..3c980eea0 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
-index cdfd9b994..b577881c9 100644
+index 63ceaaf88..e50ada3e4 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -5327,18 +5627,18 @@ index cdfd9b994..b577881c9 100644
  {{{ bash_instantiate_variables("login_banner_text") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
-index 7585823b6..87565c306 100644
+index dbae8dd3a..b00910f32 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Modify the System Login Banner'
  
-@@ -118,7 +118,7 @@ references:
+@@ -120,7 +120,7 @@ references:
      stigid@ol7: OL07-00-010050
      stigid@ol8: OL08-00-010060
      stigid@rhel7: RHEL-07-010050
@@ -5346,21 +5646,21 @@ index 7585823b6..87565c306 100644
 +    stigid@almalinux8: RHEL-08-010060
      stigid@sle12: SLES-12-010030
      stigid@sle15: SLES-15-010020
-     vmmsrg: SRG-OS-000023-VMM-000060,SRG-OS-000024-VMM-000070
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
-index 19c03e6db..ca41e241d 100644
+index 2e79e27b8..bd31b5569 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue_net/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Modify the System Login Banner for Remote Connections'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
-index d804a28c5..d2a1f1bc4 100644
+index 5735d2035..0ca7771ef 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -5370,132 +5670,132 @@ index d804a28c5..d2a1f1bc4 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
-index 1d9f92517..08b999cf4 100644
+index 4d77e8336..4ed727fc5 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
  
- {{{ bash_instantiate_variables("login_banner_text") }}}
+ {{{ bash_instantiate_variables("motd_banner_text") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
-index 08fbad430..abb71f5fc 100644
+index d501fe120..8c2d00b8f 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Modify the System Message of the Day Banner'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
-index 5e6d02fcf..6bd1b9101 100644
+index 48c86a69c..6eb269aa8 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify Group Ownership of System Login Banner'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
-index f11e5b47d..ad9257782 100644
+index 92f7874d8..c3e9dc2c3 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue_net/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify Group Ownership of System Login Banner for Remote Connections'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
-index 2e796ee3f..e7926710d 100644
+index 7b22f900c..663262459 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify Group Ownership of Message of the Day Banner'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
-index 70b4f392c..fe0b22229 100644
+index 634b03ae6..10ccf9ff9 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify ownership of System Login Banner'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
-index 1deff5952..bb67f3ca2 100644
+index cff8e3963..2ce35edc6 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue_net/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify ownership of System Login Banner for Remote Connections'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
-index 16011b194..43e538f37 100644
+index 47c662016..61a4b12b4 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify ownership of Message of the Day Banner'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
-index 9968c5cbf..6525ee5fb 100644
+index f80843991..34cbd275f 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify permissions on System Login Banner'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
-index dd4bbeb9f..48eb9b3b7 100644
+index cb8d9db77..9752bdfcc 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue_net/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify permissions on System Login Banner for Remote Connections'
  
 diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
-index 339274bcf..057321b93 100644
+index 57ff52250..0068c8061 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify permissions on Message of the Day Banner'
  
@@ -5510,7 +5810,7 @@ index 5814a30bd..aa4aa4c5c 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
-index 600cca3b1..92c5a3d2a 100644
+index b21996ff4..c31c0e9cd 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -5521,7 +5821,7 @@ index 600cca3b1..92c5a3d2a 100644
  
  title: 'Enable GNOME3 Login Warning Banner'
  
-@@ -60,7 +60,7 @@ references:
+@@ -61,7 +61,7 @@ references:
      stigid@ol7: OL07-00-010030
      stigid@ol8: OL08-00-010049
      stigid@rhel7: RHEL-07-010030
@@ -5541,7 +5841,7 @@ index 86aff54f9..b295782b0 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
-index 513cdba67..8f1ef9c76 100644
+index 649db8e37..d76ad09f8 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
 @@ -1,6 +1,6 @@
@@ -5552,7 +5852,7 @@ index 513cdba67..8f1ef9c76 100644
  
  title: 'Set the GNOME3 Login Warning Banner Text'
  
-@@ -64,7 +64,7 @@ references:
+@@ -65,7 +65,7 @@ references:
      stigid@ol7: OL07-00-010040
      stigid@ol8: OL08-00-010050
      stigid@rhel7: RHEL-07-010040
@@ -5605,8 +5905,21 @@ index a9def9bfb..e1627ffc6 100644
  # profiles = xccdf_org.ssgproject.content_profile_stig
  # packages = dconf,gdm
  
+diff --git a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
+index 2c5fbef58..9630f761d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/disallow_bypass_password_sudo/rule.yml
+@@ -30,7 +30,7 @@ references:
+     stigid@ol7: OL07-00-010344
+     stigid@ol8: OL08-00-010385
+     stigid@rhel7: RHEL-07-010344
+-    stigid@rhel8: RHEL-08-010385
++    stigid@almalinux8: RHEL-08-010385
+     stigid@sle12: SLES-12-010114
+     stigid@sle15: SLES-15-020104
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
-index c5b62c257..66d3473b3 100644
+index 215b978f2..37a8704dc 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -5626,10 +5939,10 @@ index cde0bd136..786aa4402 100644
  {{% if product in ["sle12", "sle15"] or "ubuntu" in product %}}
  {{{ bash_ensure_pam_module_configuration('/etc/pam.d/login', 'session', 'required', 'pam_lastlog.so', 'showfailed', '', 'BOF') }}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
-index ba4de2aba..eb9ad93f8 100644
+index 81cdfc202..18bf109a4 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
-@@ -49,7 +49,7 @@ references:
+@@ -50,7 +50,7 @@ references:
      stigid@ol7: OL07-00-040530
      stigid@ol8: OL08-00-020340
      stigid@rhel7: RHEL-07-040530
@@ -5743,7 +6056,7 @@ index 9c752e052..c38f0caf3 100644
      echo "session    required     pam_namespace.so" >> "/etc/pam.d/login"
  fi
 diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml
-index 776847ee6..fc09a25bc 100644
+index 33265c902..4ee287f56 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml
 @@ -1,6 +1,6 @@
@@ -5755,18 +6068,18 @@ index 776847ee6..fc09a25bc 100644
  title: Set Up a Private Namespace in PAM Configuration
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
-index d34f78c56..b27a39b28 100644
+index 74448292b..724c5233c 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: rhel8,rhel9
-+prodtype: rhel8,almalinux8,rhel9
+-prodtype: alinux2,alinux3,ol9,rhel8,rhel9
++prodtype: alinux2,alinux3,ol9,rhel8,almalinux8,rhel9
  
  title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.'
  
-@@ -21,7 +21,7 @@ references:
+@@ -23,7 +23,7 @@ references:
      disa: CCI-000044
      nist: AC-7 (a)
      srg: SRG-OS-000021-GPOS-00005
@@ -5776,14 +6089,14 @@ index d34f78c56..b27a39b28 100644
  ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/password-auth" file with the "preauth" line listed before pam_unix.so'
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
-index a2e72e0de..1ff3c75e9 100644
+index 912cd8c16..8dd9abaec 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: rhel8,rhel9
-+prodtype: rhel8,almalinux8,rhel9
+-prodtype: ol9,rhel8,rhel9
++prodtype: ol9,rhel8,almalinux8,rhel9
  
  title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.'
  
@@ -5797,14 +6110,14 @@ index a2e72e0de..1ff3c75e9 100644
  ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/system-auth" file with the "preauth" line listed before pam_unix.so'
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
-index 4ef1e17f9..29b210c58 100644
+index 61e58c8a0..e825db817 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol8,ol9,rhel8,rhel9
-+prodtype: ol8,ol9,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol8,ol9,rhel8,rhel9
++prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9
  
  title: 'An SELinux Context must be configured for the pam_faillock.so records directory'
  
@@ -5883,26 +6196,26 @@ index 365006509..2a10d041b 100644
  {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
-index d2b220ef9..deb0c6e4b 100644
+index 6aaf7bf37..20417b085 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
  
  title: 'Limit Password Reuse: password-auth'
  
-@@ -64,7 +64,7 @@ references:
+@@ -63,7 +63,7 @@ references:
      stigid@ol7: OL07-00-010270
      stigid@ol8: OL08-00-020220
      stigid@rhel7: RHEL-07-010270
 -    stigid@rhel8: RHEL-08-020220
 +    stigid@almalinux8: RHEL-08-020220
-     vmmsrg: SRG-OS-000077-VMM-000440
  
  ocil_clause: |-
+     the pam_pwhistory.so module is not used, the "remember" module option is not set in
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
 index bef6bbcea..8263dd4a0 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_conflict_settings.fail.sh
@@ -6032,26 +6345,26 @@ index a55f86dc3..5506f8c40 100644
  {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
-index 97f05f5a3..e36b485a9 100644
+index aeb999b8d..a489e5837 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
  
  title: 'Limit Password Reuse: system-auth'
  
-@@ -64,7 +64,7 @@ references:
+@@ -63,7 +63,7 @@ references:
      stigid@ol7: OL07-00-010270
      stigid@ol8: OL08-00-020221
      stigid@rhel7: RHEL-07-010270
 -    stigid@rhel8: RHEL-08-020221
 +    stigid@almalinux8: RHEL-08-020221
-     vmmsrg: SRG-OS-000077-VMM-000440
  
  ocil_clause: |-
+     the pam_pwhistory.so module is not used, the "remember" module option is not set in
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
 index fe238b41b..84c181749 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_conflict_settings.fail.sh
@@ -6181,7 +6494,7 @@ index c830c07aa..3548b0341 100644
  {{% if product in [ "sle12", "sle15" ] %}}
  {{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/common-password' -%}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
-index 6f5f90fe0..7e538071f 100644
+index f3e6931ac..564d32e7d 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
 @@ -1,6 +1,6 @@
@@ -6371,12 +6684,12 @@ index e1eb0a970..79ba23b4a 100644
  source common.sh
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
-index fed1dea10..0c6a8c9be 100644
+index 8ab749d4f..00c16754b 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
  # reboot = false
  # strategy = restrict
  # complexity = low
@@ -6391,26 +6704,26 @@ index 449d912d0..22f5dc375 100644
  {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
-index 06f9cd2de..19cac1ab3 100644
+index 0fa9fac37..d84c75fa3 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2204
  
  title: 'Lock Accounts After Failed Password Attempts'
  
-@@ -52,7 +52,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-010320
      stigid@ol8: OL08-00-020010
      stigid@rhel7: RHEL-07-010320
 -    stigid@rhel8: RHEL-08-020011
 +    stigid@almalinux8: RHEL-08-020011
-     vmmsrg: SRG-OS-000021-VMM-000050
  
  platform: package[pam]
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
 index b3232cc93..ec32d65f7 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
@@ -6495,34 +6808,34 @@ index 595b85192..392d025a0 100644
  
  authselect select sssd --force
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
-index 18f1a23f6..41d87be94 100644
+index 2a6868f38..70448df97 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
-index bf4938721..8c845063c 100644
+index 09d8aeee0..72b3aeacb 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
  
  {{{ bash_pam_faillock_enable() }}}
  {{{ bash_pam_faillock_parameter_value("even_deny_root", "") }}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
-index 2c28f825f..1146001fd 100644
+index 94892c9d0..e1434194f 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
  
  title: 'Configure the root Account for Failed Password Attempts'
  
@@ -6530,8 +6843,8 @@ index 2c28f825f..1146001fd 100644
      stigid@ol7: OL07-00-010330
      stigid@ol8: OL08-00-020022
      stigid@rhel7: RHEL-07-010330
--    stigid@rhel8: RHEL-08-020022
-+    stigid@almalinux8: RHEL-08-020022
+-    stigid@rhel8: RHEL-08-020023
++    stigid@almalinux8: RHEL-08-020023
  
  ocil_clause: 'the "even_deny_root" option is not set, is missing or commented out'
  
@@ -6595,7 +6908,7 @@ index 7c702d669..06c0d31e2 100644
  
  authselect select sssd --force
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
-index c87107985..927160f58 100644
+index 28753f735..66c8fba20 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_dir/rule.yml
 @@ -1,6 +1,6 @@
@@ -6606,7 +6919,7 @@ index c87107985..927160f58 100644
  
  title: 'Lock Accounts Must Persist'
  
-@@ -32,7 +32,7 @@ references:
+@@ -34,7 +34,7 @@ references:
      nist: AC-7(b),AC-7(a),AC-7.1(ii)
      srg: SRG-OS-000021-GPOS-00005,SRG-OS-000329-GPOS-00128
      stigid@ol8: OL08-00-020016
@@ -6752,7 +7065,7 @@ index a49ddf559..41dc70b88 100644
  {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_fail_interval") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
-index 7bcb4a51d..759863106 100644
+index 6a3f5b169..86f7e2586 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
 @@ -1,6 +1,6 @@
@@ -6763,15 +7076,15 @@ index 7bcb4a51d..759863106 100644
  
  title: 'Set Interval For Counting Failed Password Attempts'
  
-@@ -39,7 +39,7 @@ references:
+@@ -54,7 +54,7 @@ references:
      stigid@ol7: OL07-00-010320
      stigid@ol8: OL08-00-020012
      stigid@rhel7: RHEL-07-010320
--    stigid@rhel8: RHEL-08-020012
-+    stigid@almalinux8: RHEL-08-020012
-     vmmsrg: SRG-OS-000021-VMM-000050
+-    stigid@rhel8: RHEL-08-020012,RHEL-08-020013
++    stigid@almalinux8: RHEL-08-020012,RHEL-08-020013
  
  platform: package[pam]
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
 index b3232cc93..ec32d65f7 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
@@ -6913,46 +7226,46 @@ index 514b2bb37..79374ea78 100644
  source common.sh
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
-index 32bf2c480..63d101b61 100644
+index 230ff5eaa..c53da64d0 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
-index 1587abf1d..e2f8c52a1 100644
+index 3a32aad36..d1f4a0327 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
-index 3f198e746..a60a00808 100644
+index f55ff2cef..0da874e36 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2204
  
  title: 'Set Lockout Time for Failed Password Attempts'
  
-@@ -52,7 +52,7 @@ references:
+@@ -66,7 +66,7 @@ references:
      stigid@ol7: OL07-00-010320
      stigid@ol8: OL08-00-020014
      stigid@rhel7: RHEL-07-010320
--    stigid@rhel8: RHEL-08-020016
-+    stigid@almalinux8: RHEL-08-020016
-     vmmsrg: SRG-OS-000329-VMM-001180
+-    stigid@rhel8: RHEL-08-020015
++    stigid@almalinux8: RHEL-08-020015
  
  platform: package[pam]
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
 index b3232cc93..ec32d65f7 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
@@ -7037,47 +7350,47 @@ index a57645eb1..a7e7b8e9c 100644
  
  authselect select sssd --force
 diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
-index 573b2b1a8..3e0b6c81f 100644
+index 48798893e..b0ff2ee76 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
-+prodtype: rhel7,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204
+-prodtype: rhel7,rhel8,rhel9,ubuntu2004
++prodtype: rhel7,rhel8,almalinux8,rhel9,ubuntu2004
  
  title: 'Install pam_pwquality Package'
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
-index 88b8c7ca9..9963c1cd4 100644
+index e67cd8835..5f41b7545 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
  
  title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters'
  
-@@ -55,7 +55,7 @@ references:
+@@ -54,7 +54,7 @@ references:
      stigid@ol7: OL07-00-010140
      stigid@ol8: OL08-00-020130
      stigid@rhel7: RHEL-07-010140
 -    stigid@rhel8: RHEL-08-020130
 +    stigid@almalinux8: RHEL-08-020130
      stigid@ubuntu2004: UBTU-20-010052
-     vmmsrg: SRG-OS-000071-VMM-000380
  
+ ocil_clause: 'the value of "dcredit" is a positive number or is commented out'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
-index d7e13fb53..baf975dab 100644
+index d41ca6c26..e8fd633f2 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol8,ol9,rhel8,rhel9,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204
+-prodtype: fedora,ol8,ol9,rhel8,rhel9,ubuntu2004
++prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9,ubuntu2004
  
  title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words'
  
@@ -7091,14 +7404,14 @@ index d7e13fb53..baf975dab 100644
  
  ocil_clause: '"dictcheck" does not have a value other than "0", or is commented out'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
-index 545079b59..df200633c 100644
+index e7fdf2e8b..6213aef70 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
  
  title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters'
  
@@ -7109,8 +7422,8 @@ index 545079b59..df200633c 100644
 -    stigid@rhel8: RHEL-08-020170
 +    stigid@almalinux8: RHEL-08-020170
      stigid@ubuntu2004: UBTU-20-010053
-     vmmsrg: SRG-OS-000072-VMM-000390
  
+ ocil_clause: 'the value of "difok" is set to less than "{{{ xccdf_value("var_password_pam_difok") }}}", or is commented out'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml
 index d94ecedae..24f256189 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml
@@ -7124,38 +7437,38 @@ index d94ecedae..24f256189 100644
  title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only'
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
-index 5b2a62342..2633424d4 100644
+index 198475c87..9d6850d6e 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,rhel8,rhel9
-+prodtype: fedora,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol9,rhel8,rhel9
++prodtype: fedora,ol9,rhel8,almalinux8,rhel9
  
  title: 'Ensure PAM Enforces Password Requirements - Enforce for root User'
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
-index cdd2ed505..aae2559c0 100644
+index 5799a7b12..50614b26e 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
  
  title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters'
  
-@@ -55,7 +55,7 @@ references:
+@@ -54,7 +54,7 @@ references:
      stigid@ol7: OL07-00-010130
      stigid@ol8: OL08-00-020120
      stigid@rhel7: RHEL-07-010130
 -    stigid@rhel8: RHEL-08-020120
 +    stigid@almalinux8: RHEL-08-020120
      stigid@ubuntu2004: UBTU-20-010051
-     vmmsrg: SRG-OS-000070-VMM-000370
  
+ ocil_clause: 'the value of "lcredit" is a positive number or is commented out'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
 index 5f812e16f..9a0aa8e56 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
@@ -7199,18 +7512,18 @@ index 8984b63d9..a9ab2459f 100644
  ocil_clause: the value of "maxrepeat" is set to more than "{{{ xccdf_value("var_password_pam_maxrepeat") }}}" or is commented out
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
-index 45a8dfa01..f9d559340 100644
+index 64f091504..f81702ede 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
  
  title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories'
  
-@@ -62,7 +62,7 @@ references:
+@@ -63,7 +63,7 @@ references:
      stigid@ol7: OL07-00-010170
      stigid@ol8: OL08-00-020160
      stigid@rhel7: RHEL-07-010170
@@ -7220,47 +7533,47 @@ index 45a8dfa01..f9d559340 100644
  ocil_clause: the value of "minclass" is set to less than "{{{ xccdf_value("var_password_pam_minclass") }}}" or is commented out
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
-index bdd681de5..045e2daa8 100644
+index f75a68077..dfeee97e9 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
  
  title: 'Ensure PAM Enforces Password Requirements - Minimum Length'
  
-@@ -56,7 +56,7 @@ references:
+@@ -58,7 +58,7 @@ references:
      stigid@ol7: OL07-00-010280
      stigid@ol8: OL08-00-020230
      stigid@rhel7: RHEL-07-010280
 -    stigid@rhel8: RHEL-08-020230
 +    stigid@almalinux8: RHEL-08-020230
      stigid@ubuntu2004: UBTU-20-010054
-     vmmsrg: SRG-OS-000072-VMM-000390,SRG-OS-000078-VMM-000450
  
+ ocil_clause: 'the command does not return a "minlen" value of "{{{ xccdf_value("var_password_pam_minlen") }}}" or greater, does not return a line, or the line is commented out'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
-index e90fe9fe9..15bbf67a7 100644
+index 632aa24dc..f16e84c19 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
  
  title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters'
  
-@@ -56,7 +56,7 @@ references:
+@@ -54,7 +54,7 @@ references:
      stigid@ol7: OL07-00-010150
      stigid@ol8: OL08-00-020280
      stigid@rhel7: RHEL-07-010150
 -    stigid@rhel8: RHEL-08-020280
 +    stigid@almalinux8: RHEL-08-020280
      stigid@ubuntu2004: UBTU-20-010055
-     vmmsrg: SRG-OS-000266-VMM-000940
  
+ ocil_clause: 'value of "ocredit" is a positive number or is commented out'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
 index 06f7962fd..dc6eea20d 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
@@ -7472,18 +7785,18 @@ index 36e9a27b9..fe1b603ab 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
-index 113701f5e..a32167f14 100644
+index 73f5ec7a6..ac48e4549 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session'
  
-@@ -54,7 +54,7 @@ references:
+@@ -55,7 +55,7 @@ references:
      stigid@ol7: OL07-00-010119
      stigid@ol8: OL08-00-020104
      stigid@rhel7: RHEL-07-010119
@@ -7564,26 +7877,26 @@ index ea2eb57fe..033bbbceb 100644
  
  source common.sh
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
-index c4a5e5b0c..a86c97009 100644
+index 6c631ea37..8ea3fafd0 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
  
  title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters'
  
-@@ -52,7 +52,7 @@ references:
+@@ -51,7 +51,7 @@ references:
      stigid@ol7: OL07-00-010120
      stigid@ol8: OL08-00-020110
      stigid@rhel7: RHEL-07-010120
 -    stigid@rhel8: RHEL-08-020110
 +    stigid@almalinux8: RHEL-08-020110
      stigid@ubuntu2004: UBTU-20-010050
-     vmmsrg: SRG-OS-000069-VMM-000360
  
+ ocil_clause: 'the value of "ucredit" is a positive number or is commented out'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
 index b3e32aa31..547d137b1 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
@@ -7605,7 +7918,7 @@ index 115273566..bd94d707c 100644
  LIBUSER_CONF="/etc/libuser.conf"
  CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
-index c4aba679e..9af24d111 100644
+index cadfa1905..54a8226af 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
 @@ -1,6 +1,6 @@
@@ -7627,28 +7940,28 @@ index 8dedf993c..51c76b11a 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
-index fb856a113..a440dba9f 100644
+index dcb9dd0af..98d2bbec9 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
-index df3ba0466..096eb85fe 100644
+index e58180a1b..4a49aac63 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Set Password Hashing Algorithm in /etc/login.defs'
  
-@@ -45,7 +45,7 @@ references:
+@@ -51,7 +51,7 @@ references:
      stigid@ol7: OL07-00-010210
      stigid@ol8: OL08-00-010110
      stigid@rhel7: RHEL-07-010210
@@ -7677,7 +7990,7 @@ index 55f43ef98..2b993b52b 100644
  
  {{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'sufficient', 'pam_unix.so', 'sha512', '', '') }}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
-index dd8ba2c42..4ec786460 100644
+index 8d7b14d4e..4e5691989 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
 @@ -1,6 +1,6 @@
@@ -7688,15 +8001,15 @@ index dd8ba2c42..4ec786460 100644
  
  title: "Set PAM''s Password Hashing Algorithm - password-auth"
  
-@@ -61,7 +61,7 @@ references:
+@@ -62,7 +62,7 @@ references:
      stigid@ol7: OL07-00-010200
      stigid@ol8: OL08-00-010160
      stigid@rhel7: RHEL-07-010200
 -    stigid@rhel8: RHEL-08-010160
 +    stigid@almalinux8: RHEL-08-010160
-     vmmsrg: SRG-OS-000480-VMM-002000
  
  ocil_clause: 'it does not'
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
 index 17a57e1e1..69875871e 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
@@ -7746,18 +8059,18 @@ index f72c7bde2..096a6a6a1 100644
  authselect create-profile hardening -b sssd
  CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
-index 04854daa0..fc3aabfd2 100644
+index 7a6a7f403..6baeb9bad 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: "Set PAM''s Password Hashing Algorithm"
  
-@@ -73,7 +73,7 @@ references:
+@@ -75,7 +75,7 @@ references:
      stigid@ol7: OL07-00-010200
      stigid@ol8: OL08-00-010159
      stigid@rhel7: RHEL-07-010200
@@ -7765,7 +8078,7 @@ index 04854daa0..fc3aabfd2 100644
 +    stigid@almalinux8: RHEL-08-010159
      stigid@sle12: SLES-12-010230
      stigid@sle15: SLES-15-020170
-     vmmsrg: SRG-OS-000480-VMM-002000
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
 index 74ea0c265..13bf2f931 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
@@ -7815,7 +8128,7 @@ index d4b163f24..521579a20 100644
  authselect create-profile hardening -b sssd
  CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
-index de303199d..3497c1831 100644
+index 9a490a8be..628b7b75c 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
 @@ -1,6 +1,6 @@
@@ -7826,7 +8139,7 @@ index de303199d..3497c1831 100644
  
  title: 'Set Password Hashing Rounds in /etc/login.defs'
  
-@@ -35,7 +35,7 @@ references:
+@@ -36,7 +36,7 @@ references:
      nist@sle12: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
      srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
      stigid@ol8: OL08-00-010130
@@ -7835,26 +8148,6 @@ index de303199d..3497c1831 100644
      stigid@sle12: SLES-12-010240
      stigid@sle15: SLES-15-020190
  
-diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
-index 991422f96..4a33fc093 100644
---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_sle
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_sle
- # reboot = false
- # strategy = disable
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh
-index 23edb3c90..daae24630 100644
---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
- 
- 
- {{{ bash_replace_or_append('/etc/systemd/system.conf', '^CtrlAltDelBurstAction=', 'none', '%s=%s') }}}
 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
 index 3045574e5..7ce6bb466 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
@@ -7887,25 +8180,6 @@ index 9c18a0c26..69674f26d 100644
      stigid@sle15: SLES-15-040062
      stigid@ubuntu2004: UBTU-20-010460
  
-diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml
-index 8fb9a02cd..9f0a2ffdb 100644
---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_sle
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_sle
- # reboot = false
- # strategy = disable
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh
-index d919b9490..cdc902c52 100644
---- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh
-@@ -1,3 +1,3 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
- systemctl disable --now ctrl-alt-del.target
- systemctl mask --now ctrl-alt-del.target
 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
 index 517c83c6e..041e9a29c 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
@@ -7918,7 +8192,7 @@ index 517c83c6e..041e9a29c 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
-index d0479d8e5..ffe8ba09f 100644
+index cdb3cbf45..a2b66440a 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
 @@ -1,6 +1,6 @@
@@ -7972,7 +8246,7 @@ index cf5da2ae1..329a994f2 100644
  title: 'Verify that Interactive Boot is Disabled'
  
 diff --git a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
-index 5fb6d2262..44f4822d1 100644
+index 00e31fc21..0e6c55b91 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/logind_session_timeout/rule.yml
 @@ -1,6 +1,6 @@
@@ -7983,26 +8257,35 @@ index 5fb6d2262..44f4822d1 100644
  
  title: "Configure Logind to terminate idle sessions after certain time of inactivity"
  
+@@ -40,7 +40,7 @@ references:
+     ospp: FMT_SMF_EXT.1.1
+     pcidss: Req-8.1.8
+     srg: SRG-OS-000163-GPOS-00072
+-    stigid@rhel8: RHEL-08-020035
++    stigid@almalinux8: RHEL-08-020035
+ 
+ ocil_clause: "the option is not configured"
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
-index 133df4a25..63f6f46b4 100644
+index a3490a60d..b0c3f31d6 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
-@@ -9,7 +9,7 @@
+@@ -18,7 +18,7 @@
        create: yes
        dest: /usr/lib/systemd/system/emergency.service
        regexp: "^#?ExecStart="
--      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9","sle12", "sle15"] -%}}
-+      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9","sle12", "sle15"] -%}}
+-      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] -%}}
++      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9"] -%}}
        line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency"
        {{%- else -%}}
        line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
-index 410d611cf..e52239f4d 100644
+index 2a65ef992..319be43db 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
-@@ -2,7 +2,7 @@
- 
+@@ -7,7 +7,7 @@ service_dropin_file="${service_dropin_cfg_dir}/10-oscap.conf"
  service_file="/usr/lib/systemd/system/emergency.service"
+ {{% endif %}}
  
 -{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
 +{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
@@ -8010,10 +8293,10 @@ index 410d611cf..e52239f4d 100644
  {{%- else -%}}
  sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
-index a9c7188b6..923b31599 100644
+index fadfa300c..a045dbf33 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
-@@ -12,7 +12,7 @@
+@@ -24,7 +24,7 @@
    
    
      /usr/lib/systemd/system/emergency.service
@@ -8032,14 +8315,14 @@ index a9c7188b6..923b31599 100644
      {{%- else -%}}
      ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
-index e3b3c1876..4d3a6f4be 100644
+index 534b5a093..40d5e8e5e 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Require Authentication for Emergency Systemd Target'
  
@@ -8061,7 +8344,7 @@ index e3b3c1876..4d3a6f4be 100644
          ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
          
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency

      {{%- else -%}}
-@@ -86,7 +86,7 @@ fixtext: |-
+@@ -84,7 +84,7 @@ fixtext: |-
      Configure {{{ full_name }}} to require authentication for system emergency mode.
  
      Add or edit the following line in "/usr/lib/systemd/system/emergency.service":
@@ -8093,7 +8376,7 @@ index d9fdc678f..a4f6ea6a9 100644
  service_file="/usr/lib/systemd/system/emergency.service"
  sulogin="/bin/bash"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
-index 272fa2855..933d94e11 100644
+index 225a73f0b..4e40c7c34 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
 @@ -9,7 +9,7 @@
@@ -8141,14 +8424,14 @@ index 62fd1a76a..bb8a6b6a7 100644
      {{%- else -%}}
      ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
-index 6e4791236..9482f5384 100644
+index bd617f3e8..b3000e97c 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Require Authentication for Single User Mode'
  
@@ -8170,7 +8453,7 @@ index 6e4791236..9482f5384 100644
          ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
          
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue

      {{%- elif product in ["rhel7"] -%}}
-@@ -95,7 +95,7 @@ fixtext: |-
+@@ -93,7 +93,7 @@ fixtext: |-
      Configure {{{ full_name }}} to require authentication in single user mode.
  
      Add or update the following line in "/usr/lib/systemd/system/rescue.service":
@@ -8201,8 +8484,18 @@ index 63b9b08b5..15abe6cec 100644
  
  service_file="/usr/lib/systemd/system/rescue.service"
  sulogin="/bin/bash"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
+index 8a64b5ea8..1e81d2e92 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+ # reboot = false
+ # strategy = configure
+ # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
-index 2aa4e7fb9..f51fb868a 100644
+index 2b2bf8871..e98278c83 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
 @@ -1,6 +1,6 @@
@@ -8214,7 +8507,7 @@ index 2aa4e7fb9..f51fb868a 100644
  title: 'Support session locking with tmux'
  
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
-index bd7dbe984..f351ce62a 100644
+index f33344719..09c69b4e5 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -8224,21 +8517,21 @@ index bd7dbe984..f351ce62a 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
-index 9ffe9066a..2ee2b5a13 100644
+index e2eae90a4..1d413daa1 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_tmux/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: rhel8
-+prodtype: rhel8,almalinux8
+-prodtype: ol8,rhel8
++prodtype: ol8,rhel8,almalinux8
  
  title: 'Support session locking with tmux (not enforcing)'
  
-@@ -26,7 +26,7 @@ identifiers:
- references:
+@@ -27,7 +27,7 @@ references:
      disa: CCI-000056,CCI-000058
      srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
+     stigid@ol8: OL08-00-020041
 -    stigid@rhel8: RHEL-08-020041
 +    stigid@almalinux8: RHEL-08-020041
  
@@ -8255,7 +8548,7 @@ index dc63eb653..dc6931307 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
-index d67b6369c..a56d3222d 100644
+index de8fab7e5..34f6d943d 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
 @@ -1,6 +1,6 @@
@@ -8276,7 +8569,7 @@ index d67b6369c..a56d3222d 100644
  ocil_clause: '"lock-after-time" is not set to "900" or less in the global tmux configuration file to enforce session lock after inactivity'
  
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
-index b24d68379..3eec931e8 100644
+index 80856b34d..dd4ec7bdd 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
 @@ -1,6 +1,6 @@
@@ -8293,9 +8586,9 @@ index b24d68379..3eec931e8 100644
      stigid@ol8: OL08-00-020040
 -    stigid@rhel8: RHEL-08-020040
 +    stigid@almalinux8: RHEL-08-020040
-     vmmsrg: SRG-OS-000028-VMM-000090,SRG-OS-000030-VMM-000110
  
  ocil_clause: 'the "lock-command" is not set in the global settings to call "vlock"'
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
 index ddfb97fa4..5213cdee6 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
@@ -8349,79 +8642,79 @@ index acd297d55..d8dc1cd00 100644
  
  echo 'set -g lock-command locker' >> '/etc/tmux.conf'
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
-index 9b6775d4e..eafff9d0a 100644
+index 584d57810..34e0511a3 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,rhel8
-+prodtype: fedora,rhel8,almalinux8
+-prodtype: fedora,ol8,rhel8
++prodtype: fedora,ol8,rhel8,almalinux8
  
  title: 'Configure the tmux lock session key binding'
  
-@@ -25,7 +25,7 @@ identifiers:
- references:
+@@ -26,7 +26,7 @@ references:
      disa: CCI-000056
      srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
+     stigid@ol8: OL08-00-020040
 -    stigid@rhel8: RHEL-08-020040
 +    stigid@almalinux8: RHEL-08-020040
  
- ocil_clause: 'the "lock-session" is not bound to the X key'
+ ocil_clause: 'the "lock-session" is not bound to a specific key'
  
+diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
+index 9977bec01..501e4bd18 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/alternative_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+ 
+ echo 'bind W lock-session' >> '/etc/tmux.conf'
+ chmod 0644 "/etc/tmux.conf"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
-index 69f3ed47d..778378486 100644
+index 6bfc77c2e..5d4b3f329 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/correct.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
  
  echo 'bind X lock-session' >> '/etc/tmux.conf'
  chmod 0644 "/etc/tmux.conf"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
-index a63f352e9..06cb330f3 100644
+index 38bf0f874..696a2bba2 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/file_empty.fail.sh
 @@ -1,4 +1,4 @@
  #!/bin/bash
--# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
  
  echo > '/etc/tmux.conf'
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
-index d8a498ea5..23e71a5ed 100644
+index d3836153e..113f74ee0 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/line_commented.fail.sh
 @@ -1,4 +1,4 @@
  #!/bin/bash
--# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
  
  echo '# bind X lock-session' >> '/etc/tmux.conf'
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
-index 72ff907a5..c6e16dd1e 100644
+index 32f662e4e..0d4acb21a 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_permissions.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
+-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
++# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
  
  echo 'bind X lock-session' >> '/etc/tmux.conf'
  chmod 0600 "/etc/tmux.conf"
-diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_value.fail.sh
-index 19ab103cc..17ee1765f 100644
---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_value.fail.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_keybinding/tests/wrong_value.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
- 
- echo 'bind W lock-session' >> '/etc/tmux.conf'
- chmod 0644 "/etc/tmux.conf"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
 index 6b2d6cd5e..c20712c9f 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
@@ -8434,7 +8727,7 @@ index 6b2d6cd5e..c20712c9f 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
-index 52cc12fc6..9a581ccdd 100644
+index ec8fee18b..e742b5ab1 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
 @@ -1,6 +1,6 @@
@@ -8455,7 +8748,7 @@ index 52cc12fc6..9a581ccdd 100644
  ocil_clause: 'tmux is listed in /etc/shells'
  
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
-index 006b51790..08faa6e14 100644
+index 14207a44c..241e41b2e 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -8472,21 +8765,11 @@ index 006b51790..08faa6e14 100644
      stigid@ol8: OL08-00-020039
 -    stigid@rhel8: RHEL-08-020039
 +    stigid@almalinux8: RHEL-08-020039
-     vmmsrg: SRG-OS-000030-VMM-000110
  
  ocil_clause: 'the package is not installed'
-diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml
-index 748bff82e..1760268eb 100644
---- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = configure
- # complexity = low
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
-index c19e339e1..acdc2d8b8 100644
+index a1e6ae87e..c3124e675 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
 @@ -1,6 +1,6 @@
@@ -8508,7 +8791,7 @@ index f79727a03..49f74f418 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml
-index 2889de05c..ea3af8b80 100644
+index 27d1884f2..155937b47 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml
 @@ -1,6 +1,6 @@
@@ -8520,19 +8803,19 @@ index 2889de05c..ea3af8b80 100644
  title: 'Force opensc To Use Defined Smart Card Driver'
  
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
-index 635bb240c..b3861de07 100644
+index a75f509a3..247ff649e 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
 @@ -12,7 +12,7 @@
  
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
  
  title: 'Install Smart Card Packages For Multifactor Authentication'
  
-@@ -54,7 +54,7 @@ references:
+@@ -55,7 +55,7 @@ references:
      stigid@ol7: OL07-00-041001
      stigid@ol8: OL08-00-010390
      stigid@rhel7: RHEL-07-041001
@@ -8542,14 +8825,14 @@ index 635bb240c..b3861de07 100644
      stigid@sle15: SLES-15-010460
      stigid@ubuntu2004: UBTU-20-010063
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
-index 05ee175c6..34dcb5f76 100644
+index 56570f5c6..c4038f71d 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
  
  title: 'Install the opensc Package For Multifactor Authentication'
  
@@ -8560,10 +8843,10 @@ index 05ee175c6..34dcb5f76 100644
 -    stigid@rhel8: RHEL-08-010410
 +    stigid@almalinux8: RHEL-08-010410
      stigid@ubuntu2004: UBTU-20-010064
-     vmmsrg: SRG-OS-000376-VMM-001520
  
+ ocil_clause: 'the package is not installed'
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
-index e0f2f1e0a..511ba92eb 100644
+index f3b1ef07a..3b0c7465a 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -8575,7 +8858,7 @@ index e0f2f1e0a..511ba92eb 100644
  title: 'Install the pcsc-lite package'
  
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
-index 51d0c3183..5db8bead3 100644
+index dcad70a82..fae91fb8a 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -8587,7 +8870,7 @@ index 51d0c3183..5db8bead3 100644
  title: 'Enable the pcscd Service'
  
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
-index 58299265d..2535b3460 100644
+index 18231e23a..c986f5c73 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -8597,15 +8880,15 @@ index 58299265d..2535b3460 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
-index 2744af588..0f5c92bea 100644
+index d321bc5a4..1ee8fabf6 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
 @@ -1,4 +1,4 @@
 -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle
 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle
  
- # Install required packages
- if ! rpm --quiet -q pam_pkcs11; then yum -y -d 1 install pam_pkcs11; fi
+ {{{ bash_package_install("pam_pkcs11") }}}
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
 index c2afecc19..652fbedb7 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
@@ -8651,7 +8934,7 @@ index ff493491e..082c8e61a 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
-index f232eb7e2..59a58f321 100644
+index aad6ad4b6..4000aa983 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -8692,18 +8975,18 @@ index f299285d4..52e841b61 100644
  {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
-index 55d39e5b6..49297243e 100644
+index da2a2d367..09d8ca9ba 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Set Account Expiration Following Inactivity'
  
-@@ -58,7 +58,7 @@ references:
+@@ -59,7 +59,7 @@ references:
      stigid@ol7: OL07-00-010310
      stigid@ol8: OL08-00-020260
      stigid@rhel7: RHEL-07-010310
@@ -8713,7 +8996,7 @@ index 55d39e5b6..49297243e 100644
      stigid@sle15: SLES-15-020050
      stigid@ubuntu2004: UBTU-20-010409
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml
-index 0c207a85b..56db9cc5a 100644
+index 826119eaf..77ac5cde1 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml
 @@ -1,6 +1,6 @@
@@ -8724,50 +9007,50 @@ index 0c207a85b..56db9cc5a 100644
  
  title: 'Assign Expiration Date to Emergency Accounts'
  
-@@ -45,7 +45,7 @@ references:
-     stigid@ol7: OL07-00-010271
+@@ -44,7 +44,7 @@ references:
+     srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002
      stigid@ol8: OL08-00-020270
      stigid@rhel7: RHEL-07-010271
 -    stigid@rhel8: RHEL-08-020270
 +    stigid@almalinux8: RHEL-08-020270
-     vmmsrg: SRG-OS-000002-VMM-000020,SRG-OS-000123-VMM-000620
  
  ocil_clause: 'any emergency accounts have no expiration date set or do not expire within 72 hours'
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
-index 676d43037..e28337970 100644
+index 90045204c..9cd11dff4 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
  
  title: 'Assign Expiration Date to Temporary Accounts'
  
-@@ -44,7 +44,7 @@ references:
-     nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
-     srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002
+@@ -46,7 +46,7 @@ references:
+     stigid@ol7: OL07-00-010271
      stigid@ol8: OL08-00-020000
+     stigid@rhel7: RHEL-07-010271
 -    stigid@rhel8: RHEL-08-020000
 +    stigid@almalinux8: RHEL-08-020000
      stigid@sle12: SLES-12-010360
      stigid@sle15: SLES-15-020000
      stigid@ubuntu2004: UBTU-20-010000
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
-index dc9ee170c..71f54452f 100644
+index 487bfd63a..695575edb 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure All Accounts on the System Have Unique User IDs'
  
-@@ -30,7 +30,7 @@ references:
-     nist@sle12: IA-2,IA-2.1,IA-8,IA-8.1
+@@ -33,7 +33,7 @@ references:
+     pcidss4: "8.2.1"
      srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020
      stigid@ol8: OL08-00-020240
 -    stigid@rhel8: RHEL-08-020240
@@ -8808,26 +9091,26 @@ index aa147fdce..bb8288f5b 100644
  
  var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$"
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
-index f523c432b..f03e32401 100644
+index 1ba8ed152..c46b2b3ab 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure All Groups on the System Have Unique Group ID'
  
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
-index d40145808..e1b0980d1 100644
+index 48fbb771f..59b777df1 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,sle12,sle15,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure All Groups on the System Have Unique Group Names'
  
@@ -8842,10 +9125,10 @@ index bed135a4d..1df8f3a2c 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
-index 256d6f78a..561654606 100644
+index c9eacf55c..4a18589d1 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
-@@ -58,7 +58,7 @@ references:
+@@ -60,7 +60,7 @@ references:
      stigid@ol7: OL07-00-010250
      stigid@ol8: OL08-00-020200
      stigid@rhel7: RHEL-07-010250
@@ -8865,10 +9148,10 @@ index 0c81c0ee5..29f31c654 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
-index 7707829e8..a2b87600e 100644
+index 541ad9eef..0ed9d1cea 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
-@@ -57,7 +57,7 @@ references:
+@@ -58,7 +58,7 @@ references:
      stigid@ol7: OL07-00-010230
      stigid@ol8: OL08-00-020190
      stigid@rhel7: RHEL-07-010230
@@ -8897,6 +9180,19 @@ index 23710faba..7f1f5642d 100644
  
  {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}}
  
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
+index d0365266a..297ddb411 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml
+@@ -47,7 +47,7 @@ references:
+     nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
+     srg: SRG-OS-000078-GPOS-00046
+     stigid@ol8: OL08-00-020231
+-    stigid@rhel8: RHEL-08-020231
++    stigid@almalinux8: RHEL-08-020231
+ 
+ ocil_clause: 'it is not set to the required value'
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
 index cb388dd9b..58223531f 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
@@ -8961,7 +9257,7 @@ index 3772aee13..4dfc4668b 100644
  
  sed -i "/^PASS_MIN_LEN.*/d" /etc/login.defs
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
-index 0af6018b4..bcbcdffb7 100644
+index e387ed756..bcf05096d 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -8971,7 +9267,7 @@ index 0af6018b4..bcbcdffb7 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
-index d8149ebbc..cc52efeba 100644
+index 8ff7cba19..14ece5d17 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -8981,18 +9277,18 @@ index d8149ebbc..cc52efeba 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
-index 93fd76aac..39dc76a2b 100644
+index d56b4e8c0..80f916e3e 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Set Existing Passwords Maximum Age'
  
-@@ -39,7 +39,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      stigid@ol7: OL07-00-010260
      stigid@ol8: OL08-00-020210
      stigid@rhel7: RHEL-07-010260
@@ -9000,30 +9296,20 @@ index 93fd76aac..39dc76a2b 100644
 +    stigid@almalinux8: RHEL-08-020210
      stigid@sle12: SLES-12-010290
      stigid@sle15: SLES-15-020230
-     vmmsrg: SRG-OS-000076-VMM-000430
-diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh
-index 7b4f2c3e0..ab46f84f9 100644
---- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
- # reboot = false
- # strategy = restrict
- # complexity = low
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
-index a133b6e69..545df9ad0 100644
+index 5e1fe03a2..95daefc79 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Set Existing Passwords Minimum Age'
  
-@@ -40,7 +40,7 @@ references:
+@@ -42,7 +42,7 @@ references:
      stigid@ol7: OL07-00-010240
      stigid@ol8: OL08-00-020180
      stigid@rhel7: RHEL-07-010240
@@ -9031,7 +9317,19 @@ index a133b6e69..545df9ad0 100644
 +    stigid@almalinux8: RHEL-08-020180
      stigid@sle12: SLES-12-010270
      stigid@sle15: SLES-15-020210
-     vmmsrg: SRG-OS-000075-VMM000420
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
+index d99bded94..a8e00b7f8 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_warn_age_existing/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,sle12,sle15
++prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ title: "Set Existing Passwords Warning Age"
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
 index 4994ff315..e8469b8e9 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
@@ -9042,6 +9340,18 @@ index 4994ff315..e8469b8e9 100644
  # reboot = false
  # strategy = restrict
  # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
+index f0bf9d696..44e1218e2 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_set_post_pw_existing/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,sle12,sle15
++prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ title: 'Set existing passwords a period of inactivity before they been locked'
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
 index 25ec7a969..a67ca158a 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
@@ -9084,7 +9394,7 @@ index a40010714..d244fc548 100644
  {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
-index 2fa454aba..0b63af1f8 100644
+index f29320755..3c472496e 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
 @@ -1,6 +1,6 @@
@@ -9176,7 +9486,7 @@ index 8316e495a..bf8a4c240 100644
  {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
-index 970241983..a9eaff70e 100644
+index c2c92fd71..61412cbf5 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
 @@ -1,6 +1,6 @@
@@ -9279,10 +9589,10 @@ index ad3133b1f..eac1b843a 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
-index 6286a5532..d44452fc4 100644
+index d00d78454..a0f7fbc46 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
-@@ -52,7 +52,7 @@ references:
+@@ -55,7 +55,7 @@ references:
      stigid@ol7: OL07-00-010290
      stigid@ol8: OL08-00-020331
      stigid@rhel7: RHEL-07-010290
@@ -9327,6 +9637,31 @@ index 9dc5d7677..a16c83995 100644
  
  SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
  
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+index fce24fc7f..f21b748aa 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords_etc_shadow/rule.yml
+@@ -42,7 +42,7 @@ references:
+     stigid@ol7: OL07-00-010291
+     stigid@ol8: OL08-00-010121
+     stigid@rhel7: RHEL-07-010291
+-    stigid@rhel8: RHEL-08-010121
++    stigid@almalinux8: RHEL-08-010121
+     stigid@sle12: SLES-12-010221
+     stigid@sle15: SLES-15-020181
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
+index c101f11ca..fd58885bf 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_forward_files/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: alinux2,alinux3,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
++prodtype: alinux2,alinux3,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
+ 
+ title: 'Verify No .forward Files Exist'
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml
 index acf0496e1..7f1fb69db 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml
@@ -9394,10 +9729,10 @@ index 468158339..d5c485088 100644
  title: 'Ensure there are no legacy + NIS entries in /etc/shadow'
  
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
-index 95991b273..937e71365 100644
+index 4d8c72582..5ef8ddbd2 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
-@@ -56,7 +56,7 @@ references:
+@@ -57,7 +57,7 @@ references:
      stigid@ol7: OL07-00-020310
      stigid@ol8: OL08-00-040200
      stigid@rhel7: RHEL-07-020310
@@ -9406,6 +9741,18 @@ index 95991b273..937e71365 100644
      stigid@sle12: SLES-12-010650
      stigid@sle15: SLES-15-020100
  
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
+index 04a2f562d..fdf851582 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/ensure_pam_wheel_group_empty/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+ 
+ title: 'Ensure the Group Used by pam_wheel Module Exists on System and is Empty'
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
 index 8f87bf06e..6bed5ef5a 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
@@ -9430,14 +9777,14 @@ index b5bfababf..6742eeb2f 100644
  title: 'Restrict Web Browser Use for Administrative Accounts'
  
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
-index 24d698396..71a0b5ce9 100644
+index 6a819ccd5..4648a00cb 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure that System Accounts Do Not Run a Shell Upon Login'
  
@@ -9474,7 +9821,7 @@ index 945940087..c71e3c698 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
-index ce0eb9e09..ccaec7a24 100644
+index e7f5c730c..8f06c6cfa 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -9494,38 +9841,31 @@ index cf672ee28..ea4326138 100644
  # uncomment the option if commented
    sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
-index a8b964a26..3cfae3200 100644
+index 3320b393c..0f0ac42e8 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Enforce usage of pam_wheel for su authentication'
  
-diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml
-index c616d02f8..2d6d5201f 100644
---- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,Oracle Linux 7,Oracle Linux 8,multi_platform_sle,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,Oracle Linux 7,Oracle Linux 8,multi_platform_sle,multi_platform_fedora
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh
-index 6aacc6efe..ad8e05fdc 100644
---- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh
-@@ -1,3 +1,3 @@
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,Oracle Linux 7,Oracle Linux 8,multi_platform_sle,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,Oracle Linux 7,Oracle Linux 8,multi_platform_sle,multi_platform_fedora
+diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
+index d425057a3..1af3dd088 100644
+--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_group_for_su/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+ 
+ title: 'Enforce Usage of pam_wheel with Group Parameter for su Authentication'
  
- {{{ set_config_file("/etc/login.defs", "CREATE_HOME", "yes", create=true, insert_after="", insert_before="^\s*CREATE_HOME", insensitive=true) }}}
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
-index d4b0fac40..6cbbfaac5 100644
+index 9a8332e38..332226bc4 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
 @@ -1,6 +1,6 @@
@@ -9566,7 +9906,7 @@ index 23e6f0dd5..6055798dd 100644
  {{{ bash_instantiate_variables("var_accounts_fail_delay") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
-index 2f749b959..91eb5dc62 100644
+index d224b894f..9b7fe8783 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
 @@ -32,7 +32,7 @@ references:
@@ -9599,7 +9939,7 @@ index 0005b2ccb..0329d6cdf 100644
  {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
-index 8b9d8824b..4d0badc9d 100644
+index 238a4c35b..b16df5c35 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
 @@ -39,7 +39,7 @@ references:
@@ -9631,30 +9971,20 @@ index bb4f52f3a..af6adefb0 100644
  # reboot = false
  # strategy = restrict
  # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
-index a44509922..ba1e4ed7e 100644
---- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
-index 335bb5dbe..7a8713867 100644
+index e91ae0493..e70a00538 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Set Interactive Session Timeout'
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml
-index b3bcf84aa..f8b37dc38 100644
+index abf32c964..8739306db 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml
 @@ -1,6 +1,6 @@
@@ -9663,21 +9993,21 @@ index b3bcf84aa..f8b37dc38 100644
 -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
- title: 'User Initialization Files Must Be Group-Owned By The Primary User'
+ title: 'User Initialization Files Must Be Group-Owned By The Primary Group'
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
-index 09117cedf..d4637d40d 100644
+index e56be2792..ba1b95c3d 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
  
  title: 'User Initialization Files Must Not Run World-Writable Programs'
  
-@@ -36,7 +36,7 @@ references:
+@@ -39,7 +39,7 @@ references:
      stigid@ol7: OL07-00-020730
      stigid@ol8: OL08-00-010660
      stigid@rhel7: RHEL-07-020730
@@ -9720,7 +10050,7 @@ index 56fc415f9..67c4f789f 100644
      stigid@sle15: SLES-15-040120
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
-index 64f21a988..211b4d8ce 100644
+index b90ef5d7d..65a5d132a 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
 @@ -1,6 +1,6 @@
@@ -9731,8 +10061,8 @@ index 64f21a988..211b4d8ce 100644
  
  title: 'All Interactive Users Must Have A Home Directory Defined'
  
-@@ -32,7 +32,7 @@ references:
-     stigid@ol7: OL07-00-020600
+@@ -31,7 +31,7 @@ references:
+     srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-010720
      stigid@rhel7: RHEL-07-020600
 -    stigid@rhel8: RHEL-08-010720
@@ -9741,18 +10071,18 @@ index 64f21a988..211b4d8ce 100644
      stigid@sle15: SLES-15-040070
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
-index 430b07e70..bd8a1d16a 100644
+index 6811bb1c2..33c103385 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'All Interactive Users Home Directories Must Exist'
  
-@@ -40,7 +40,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      stigid@ol7: OL07-00-020620
      stigid@ol8: OL08-00-010750
      stigid@rhel7: RHEL-07-020620
@@ -9762,7 +10092,7 @@ index 430b07e70..bd8a1d16a 100644
      stigid@sle15: SLES-15-040080
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
-index 106c654d4..3908dabbd 100644
+index fe1b69129..93186c630 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
 @@ -1,6 +1,6 @@
@@ -9771,7 +10101,7 @@ index 106c654d4..3908dabbd 100644
 -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15
  
- title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User'
+ title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary Group'
  
 @@ -33,7 +33,7 @@ references:
      stigid@ol7: OL07-00-020670
@@ -9815,19 +10145,31 @@ index 2a5151ab3..d9fe09150 100644
  
  ocil_clause: 'home directory files or folders have incorrect permissions'
  
+diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml
+index 68097bf11..6470f5083 100644
+--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml
++++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_netrc_file_permissions/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,sle12,sle15
++prodtype: rhel8,almalinux8,sle12,sle15
+ 
+ title: "Ensure users' .netrc Files are not group or world accessible"
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
-index 0e45130ca..96d5aea55 100644
+index 94c513327..ec885c92c 100644
 --- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: alinux3,anolis8,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
- title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User'
+ title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary Group'
  
-@@ -42,7 +42,7 @@ references:
+@@ -43,7 +43,7 @@ references:
      stigid@ol7: OL07-00-020650
      stigid@ol8: OL08-00-010740
      stigid@rhel7: RHEL-07-020650
@@ -9837,14 +10179,14 @@ index 0e45130ca..96d5aea55 100644
      stigid@sle15: SLES-15-040100
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
-index f76d6706d..aa6dd1e81 100644
+index b36df3739..9bccda308 100644
 --- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'All Interactive User Home Directories Must Be Owned By The Primary User'
  
@@ -9870,18 +10212,18 @@ index 5bfdd4a14..01e0373ac 100644
      stigid@sle15: SLES-15-040110
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
-index f124193f1..7f532563e 100644
+index bda4bfd36..51533aeee 100644
 --- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive'
  
-@@ -37,7 +37,7 @@ references:
+@@ -38,7 +38,7 @@ references:
      stigid@ol7: OL07-00-020630
      stigid@ol8: OL08-00-010730
      stigid@rhel7: RHEL-07-020630
@@ -9891,7 +10233,7 @@ index f124193f1..7f532563e 100644
      stigid@sle15: SLES-15-040090
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
-index 86a49dd9b..dacd49f2e 100644
+index 5bfb963a1..77807dbfb 100644
 --- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -9901,19 +10243,19 @@ index 86a49dd9b..dacd49f2e 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
-index ceed76c5a..ed9742d59 100644
+index 8293b72ad..738f7edc5 100644
 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure the Default Bash Umask is Set Correctly'
  
-@@ -53,7 +53,7 @@ references:
-     pcidss: Req-8.6.1
+@@ -54,7 +54,7 @@ references:
+     pcidss4: "8.6.1"
      srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-020353
 -    stigid@rhel8: RHEL-08-020353
@@ -9976,31 +10318,11 @@ index 04f6247a8..bd02cb830 100644
  
  sed -i '/umask/d' /etc/csh.cshrc
  echo "umask 077" >> /etc/csh.cshrc
-diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml
-index 678f568fa..be583d14b 100644
---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh
-index acb272c05..4582a801b 100644
---- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
- 
- {{{ bash_instantiate_variables("var_accounts_user_umask") }}}
- 
 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
-index 947cd7866..12b0058b5 100644
+index 91b4ff56c..bbcc85260 100644
 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
-@@ -46,7 +46,7 @@ references:
+@@ -47,7 +47,7 @@ references:
      stigid@ol7: OL07-00-020240
      stigid@ol8: OL08-00-020351
      stigid@rhel7: RHEL-07-020240
@@ -10010,11 +10332,11 @@ index 947cd7866..12b0058b5 100644
      stigid@sle15: SLES-15-040420
      stigid@ubuntu2004: UBTU-20-010016
 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
-index 65386b792..77ada3f09 100644
+index 410c6af61..97f563fb4 100644
 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
-@@ -44,7 +44,7 @@ references:
-     pcidss: Req-8.6.1
+@@ -49,7 +49,7 @@ references:
+     pcidss4: "8.6.1"
      srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-020353
 -    stigid@rhel8: RHEL-08-020353
@@ -10043,8 +10365,41 @@ index ded8284be..05143b353 100644
  
  ocil_clause: 'any local interactive user initialization files are found to have a umask statement that sets a value less restrictive than "077"'
  
+diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
+index ec75bf6d2..eb2aa2ea1 100644
+--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
++++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/correct_set-up.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
+diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
+index a545d9791..383a6ee76 100644
+--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
++++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/no_symlinks.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ touch /etc/pam.d/{password,system}-auth-{mycustomconfig,ac}
+diff --git a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
+index 82fb5d543..2dbee752d 100644
+--- a/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
++++ b/linux_os/guide/system/accounts/authconfig_config_files_symlinks/tests/symlinks_wrong_target.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # remediation = none
+ 
+ mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
 diff --git a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
-index 6a7324a7a..d979c6b04 100644
+index ef7e5cc46..cd071b475 100644
 --- a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -10054,7 +10409,7 @@ index 6a7324a7a..d979c6b04 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/enable_authselect/rule.yml b/linux_os/guide/system/accounts/enable_authselect/rule.yml
-index 2fd90cf19..c92e8a75c 100644
+index e60ba5955..e4a495224 100644
 --- a/linux_os/guide/system/accounts/enable_authselect/rule.yml
 +++ b/linux_os/guide/system/accounts/enable_authselect/rule.yml
 @@ -1,6 +1,6 @@
@@ -10096,10 +10451,10 @@ index 3bd07c62e..e328ca74c 100644
  
  rm -f /etc/pam.d/{fingerprint-auth,password-auth,postlogin,smartcard-auth,system-auth}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
-index 41aa5e429..7d0e189d9 100644
+index f1d8dbc14..51521b5f2 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
-@@ -61,7 +61,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030410
      stigid@ol8: OL08-00-030490
      stigid@rhel7: RHEL-07-030410
@@ -10109,10 +10464,10 @@ index 41aa5e429..7d0e189d9 100644
      stigid@sle15: SLES-15-030290
      stigid@ubuntu2004: UBTU-20-010152
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
-index d303a28fd..5867b2375 100644
+index 2896ec845..da023fee0 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
-@@ -61,7 +61,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030370
      stigid@ol8: OL08-00-030480
      stigid@rhel7: RHEL-07-030370
@@ -10122,10 +10477,10 @@ index d303a28fd..5867b2375 100644
      stigid@sle15: SLES-15-030250
      stigid@ubuntu2004: UBTU-20-010148
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
-index 0ed40f5a5..4e3c4ab21 100644
+index 45a66b8c4..88ee5960d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
-@@ -61,7 +61,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030410
      stigid@ol8: OL08-00-030490
      stigid@rhel7: RHEL-07-030410
@@ -10135,10 +10490,10 @@ index 0ed40f5a5..4e3c4ab21 100644
      stigid@sle15: SLES-15-030290
      stigid@ubuntu2004: UBTU-20-010153
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
-index 09d963664..0a65e9659 100644
+index d68b7b4af..84c98dab9 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
-@@ -61,7 +61,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030410
      stigid@ol8: OL08-00-030490
      stigid@rhel7: RHEL-07-030410
@@ -10148,10 +10503,10 @@ index 09d963664..0a65e9659 100644
      stigid@sle15: SLES-15-030290
      stigid@ubuntu2004: UBTU-20-010154
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
-index 36198137c..01762eb17 100644
+index 146f89e8b..d16e404af 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
-@@ -64,7 +64,7 @@ references:
+@@ -67,7 +67,7 @@ references:
      stigid@ol7: OL07-00-030370
      stigid@ol8: OL08-00-030480
      stigid@rhel7: RHEL-07-030370
@@ -10161,10 +10516,10 @@ index 36198137c..01762eb17 100644
      stigid@sle15: SLES-15-030250
      stigid@ubuntu2004: UBTU-20-010149
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
-index 8fcdae247..33039e7a6 100644
+index 464500cd6..608e56b5d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
-@@ -61,7 +61,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030370
      stigid@ol8: OL08-00-030480
      stigid@rhel7: RHEL-07-030370
@@ -10174,7 +10529,7 @@ index 8fcdae247..33039e7a6 100644
      stigid@sle15: SLES-15-030250
      stigid@ubuntu2004: UBTU-20-010150
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
-index 8376f7386..e21ae7456 100644
+index 1dc43e75f..95753544a 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
 @@ -11,13 +11,13 @@ description: |-
@@ -10209,7 +10564,7 @@ index 8376f7386..e21ae7456 100644
      
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod

  {{%- endif %}}
  
-@@ -78,7 +78,7 @@ references:
+@@ -81,7 +81,7 @@ references:
      stigid@ol7: OL07-00-030440
      stigid@ol8: OL08-00-030200
      stigid@rhel7: RHEL-07-030440
@@ -10219,7 +10574,7 @@ index 8376f7386..e21ae7456 100644
      stigid@sle15: SLES-15-030190
      stigid@ubuntu2004: UBTU-20-010147
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
-index 8aa2a0ca8..7b4a38f4c 100644
+index 261433ef9..c70c481ae 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
 @@ -9,24 +9,24 @@ description: |-
@@ -10251,7 +10606,7 @@ index 8aa2a0ca8..7b4a38f4c 100644
      
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod

  {{%- endif %}}
  
-@@ -73,7 +73,7 @@ references:
+@@ -76,7 +76,7 @@ references:
      stigid@ol7: OL07-00-030440
      stigid@ol8: OL08-00-030200
      stigid@rhel7: RHEL-07-030440
@@ -10261,10 +10616,10 @@ index 8aa2a0ca8..7b4a38f4c 100644
      stigid@sle15: SLES-15-030190
      stigid@ubuntu2004: UBTU-20-010144
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
-index f2eaf6a3a..cfd95440a 100644
+index 1ce741da4..ca79e504e 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
-@@ -61,7 +61,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030370
      stigid@ol8: OL08-00-030480
      stigid@rhel7: RHEL-07-030370
@@ -10274,7 +10629,7 @@ index f2eaf6a3a..cfd95440a 100644
      stigid@sle15: SLES-15-030250
      stigid@ubuntu2004: UBTU-20-010151
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
-index a7e1a9fba..3fa5ae011 100644
+index abe8228aa..39e331c33 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
 @@ -11,13 +11,13 @@ description: |-
@@ -10309,7 +10664,7 @@ index a7e1a9fba..3fa5ae011 100644
      
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod

  {{%- endif %}}
  
-@@ -78,7 +78,7 @@ references:
+@@ -81,7 +81,7 @@ references:
      stigid@ol7: OL07-00-030440
      stigid@ol8: OL08-00-030200
      stigid@rhel7: RHEL-07-030440
@@ -10319,7 +10674,7 @@ index a7e1a9fba..3fa5ae011 100644
      stigid@sle15: SLES-15-030190
      stigid@ubuntu2004: UBTU-20-010146
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
-index 7f52404cb..81e3c7920 100644
+index f855dd32b..ebc3b20f0 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
 @@ -9,24 +9,24 @@ description: |-
@@ -10351,7 +10706,7 @@ index 7f52404cb..81e3c7920 100644
      
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod

  {{%- endif %}}
  
-@@ -73,7 +73,7 @@ references:
+@@ -76,7 +76,7 @@ references:
      stigid@ol7: OL07-00-030440
      stigid@ol8: OL08-00-030200
      stigid@rhel7: RHEL-07-030440
@@ -10361,7 +10716,7 @@ index 7f52404cb..81e3c7920 100644
      stigid@sle15: SLES-15-030190
      stigid@ubuntu2004: UBTU-20-010143
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
-index cef263eea..894b6fd73 100644
+index 63d3490a4..8383983a9 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
 @@ -10,13 +10,13 @@ description: |-
@@ -10396,7 +10751,7 @@ index cef263eea..894b6fd73 100644
      
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod

  {{%- endif %}}
  
-@@ -77,7 +77,7 @@ references:
+@@ -80,7 +80,7 @@ references:
      stigid@ol7: OL07-00-030440
      stigid@ol8: OL08-00-030200
      stigid@rhel7: RHEL-07-030440
@@ -10406,7 +10761,7 @@ index cef263eea..894b6fd73 100644
      stigid@sle15: SLES-15-030190
      stigid@ubuntu2004: UBTU-20-010145
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
-index c27328bc2..51b252f5a 100644
+index ab4c0226e..ee2d6af5c 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
 @@ -9,24 +9,24 @@ description: |-
@@ -10438,7 +10793,7 @@ index c27328bc2..51b252f5a 100644
      
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod

  {{%- endif %}}
  
-@@ -73,7 +73,7 @@ references:
+@@ -76,7 +76,7 @@ references:
      stigid@ol7: OL07-00-030440
      stigid@ol8: OL08-00-030200
      stigid@rhel7: RHEL-07-030440
@@ -10448,18 +10803,18 @@ index c27328bc2..51b252f5a 100644
      stigid@sle15: SLES-15-030190
      stigid@ubuntu2004: UBTU-20-010142
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
-index acb382faa..dbb52188e 100644
+index 2a15e8610..4524cd6ba 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Any Attempts to Run chacl'
  
-@@ -40,7 +40,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
      srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210
      stigid@ol8: OL08-00-030570
@@ -10469,18 +10824,18 @@ index acb382faa..dbb52188e 100644
      stigid@sle15: SLES-15-030440
      stigid@ubuntu2004: UBTU-20-010168
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
-index 7a3a6ffd0..7e5f35e6d 100644
+index 8c1cec42e..8cd35c96c 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Any Attempts to Run setfacl'
  
-@@ -40,7 +40,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
      srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
      stigid@ol8: OL08-00-030330
@@ -10490,7 +10845,7 @@ index 7a3a6ffd0..7e5f35e6d 100644
      stigid@sle15: SLES-15-030430
      stigid@ubuntu2004: UBTU-20-010167
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
-index c43b0ca72..332b09db4 100644
+index 4f4194fe8..2cbc9643f 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
 @@ -1,10 +1,10 @@
@@ -10501,12 +10856,12 @@ index c43b0ca72..332b09db4 100644
  
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Any Attempts to Run chcon'
  
-@@ -63,7 +63,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030580
      stigid@ol8: OL08-00-030260
      stigid@rhel7: RHEL-07-030580
@@ -10516,7 +10871,7 @@ index c43b0ca72..332b09db4 100644
      stigid@sle15: SLES-15-030450
      stigid@ubuntu2004: UBTU-20-010165
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
-index 5b50548cb..2dc2acd59 100644
+index 786df6b45..11be153c6 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
 @@ -1,10 +1,10 @@
@@ -10533,7 +10888,7 @@ index 5b50548cb..2dc2acd59 100644
  title: 'Record Any Attempts to Run restorecon'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
-index cc1d64c57..fec22ace0 100644
+index 43a9ae184..e7d40e1be 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
 @@ -1,10 +1,10 @@
@@ -10555,11 +10910,11 @@ index cc1d64c57..fec22ace0 100644
      stigid@rhel7: RHEL-07-030560
 -    stigid@rhel8: RHEL-08-030313
 +    stigid@almalinux8: RHEL-08-030313
-     vmmsrg: SRG-OS-000463-VMM-001850
  
  {{{ ocil_fix_srg_privileged_command("semanage", "/usr/sbin/", "privileged-unix-update") }}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
-index 20b8aeaed..7ed8c5d92 100644
+index 359326710..3c4a2402d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
 @@ -1,10 +1,10 @@
@@ -10581,11 +10936,11 @@ index 20b8aeaed..7ed8c5d92 100644
      stigid@rhel7: RHEL-07-030590
 -    stigid@rhel8: RHEL-08-030314
 +    stigid@almalinux8: RHEL-08-030314
-     vmmsrg: SRG-OS-000463-VMM-001850
  
  {{{ ocil_fix_srg_privileged_command("setfiles", "/usr/sbin/", "privileged-unix-update") }}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
-index a86532dbf..f132b682b 100644
+index 810d62838..6d6c135e7 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
 @@ -1,10 +1,10 @@
@@ -10607,11 +10962,11 @@ index a86532dbf..f132b682b 100644
      stigid@rhel7: RHEL-07-030570
 -    stigid@rhel8: RHEL-08-030316
 +    stigid@almalinux8: RHEL-08-030316
-     vmmsrg: SRG-OS-000463-VMM-001850
  
  {{{ ocil_fix_srg_privileged_command("setsebool", "/usr/sbin/", "privileged") }}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
-index ef551f5f4..a9a4e47c4 100644
+index 54f8d69cf..b6b1436ff 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
 @@ -1,11 +1,11 @@
@@ -10639,82 +10994,82 @@ index 53e61fb25..e9a0edcde 100644
  # Perform the remediation for the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
-index 6366b9690..c909a6e98 100644
+index f3e0836c8..ce4e8c3ca 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
  
  title: 'Ensure auditd Collects File Deletion Events by User'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
-index 814cece2a..4bb22a4d1 100644
+index 5b6bb0424..825d5f3e0 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
-@@ -56,7 +56,7 @@ references:
+@@ -59,7 +59,7 @@ references:
      stigid@ol7: OL07-00-030910
      stigid@ol8: OL08-00-030361
      stigid@rhel7: RHEL-07-030910
 -    stigid@rhel8: RHEL-08-030361
 +    stigid@almalinux8: RHEL-08-030361
      stigid@ubuntu2004: UBTU-20-010269
-     vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
  
+ {{{ complete_ocil_entry_audit_syscall(syscall="rename") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
-index c0f71418b..d8ccc0ede 100644
+index fd2e5b77f..c2c200013 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
-@@ -56,7 +56,7 @@ references:
+@@ -58,7 +58,7 @@ references:
      stigid@ol7: OL07-00-030910
      stigid@ol8: OL08-00-030361
      stigid@rhel7: RHEL-07-030910
 -    stigid@rhel8: RHEL-08-030361
 +    stigid@almalinux8: RHEL-08-030361
      stigid@ubuntu2004: UBTU-20-010270
-     vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
  
+ {{{ complete_ocil_entry_audit_syscall(syscall="renameat") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
-index 948a03776..cb9506683 100644
+index 7c42d57ec..46e7e6fba 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
-@@ -50,7 +50,7 @@ references:
+@@ -52,7 +52,7 @@ references:
      stigid@ol7: OL07-00-030910
      stigid@ol8: OL08-00-030361
      stigid@rhel7: RHEL-07-030910
 -    stigid@rhel8: RHEL-08-030361
 +    stigid@almalinux8: RHEL-08-030361
-     vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
  
  {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
-index ff9334155..743156fb6 100644
+index 432d5dee7..569259a57 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
-@@ -56,7 +56,7 @@ references:
+@@ -58,7 +58,7 @@ references:
      stigid@ol7: OL07-00-030910
      stigid@ol8: OL08-00-030361
      stigid@rhel7: RHEL-07-030910
 -    stigid@rhel8: RHEL-08-030361
 +    stigid@almalinux8: RHEL-08-030361
      stigid@ubuntu2004: UBTU-20-010267
-     vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
  
+ {{{ complete_ocil_entry_audit_syscall(syscall="unlink") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
-index 49e67e336..78de241a3 100644
+index 2d9dfec6f..019c2319e 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
-@@ -56,7 +56,7 @@ references:
+@@ -58,7 +58,7 @@ references:
      stigid@ol7: OL07-00-030910
      stigid@ol8: OL08-00-030361
      stigid@rhel7: RHEL-07-030910
 -    stigid@rhel8: RHEL-08-030361
 +    stigid@almalinux8: RHEL-08-030361
      stigid@ubuntu2004: UBTU-20-010268
-     vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
  
+ {{{ complete_ocil_entry_audit_syscall(syscall="unlinkat") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml
 index d3b018633..2bb5eb1b5 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml
@@ -11074,19 +11429,19 @@ index 8a48783f6..b846f8113 100644
  # Perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
-index f4ad2ed39..feb9fe7f9 100644
+index 631c277ee..ebb67b09d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
-index cb0b6500f..0e2bbdceb 100644
+index c2530e143..e3e9aa40f 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
 @@ -1,6 +1,6 @@
@@ -11098,7 +11453,7 @@ index cb0b6500f..0e2bbdceb 100644
  title: 'Record Unsuccessful Permission Changes to Files - chmod'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
-index 45fc20288..33b6ec43f 100644
+index b5857ab4f..e70668598 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
 @@ -1,6 +1,6 @@
@@ -11110,18 +11465,18 @@ index 45fc20288..33b6ec43f 100644
  title: 'Record Unsuccessful Ownership Changes to Files - chown'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
-index 075566988..e1482ee18 100644
+index a3e663e12..fb2c46cbc 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Unsuccessful Access Attempts to Files - creat'
  
-@@ -66,7 +66,7 @@ references:
+@@ -69,7 +69,7 @@ references:
      stigid@ol7: OL07-00-030510
      stigid@ol8: OL08-00-030420
      stigid@rhel7: RHEL-07-030510
@@ -11131,7 +11486,7 @@ index 075566988..e1482ee18 100644
      stigid@sle15: SLES-15-030150
      stigid@ubuntu2004: UBTU-20-010158
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
-index e30a1d2f4..f2ccc6753 100644
+index 8edd48b30..9b1e2102c 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
 @@ -1,6 +1,6 @@
@@ -11143,7 +11498,7 @@ index e30a1d2f4..f2ccc6753 100644
  title: 'Record Unsuccessful Permission Changes to Files - fchmod'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
-index e3c7fa19c..2219d6c58 100644
+index d253410ea..cdd03f3fc 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
 @@ -1,6 +1,6 @@
@@ -11155,7 +11510,7 @@ index e3c7fa19c..2219d6c58 100644
  title: 'Record Unsuccessful Permission Changes to Files - fchmodat'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
-index 59da9d0a5..5cc873c32 100644
+index 58b032454..03126e0c8 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
 @@ -1,6 +1,6 @@
@@ -11167,7 +11522,7 @@ index 59da9d0a5..5cc873c32 100644
  title: 'Record Unsuccessful Ownership Changes to Files - fchown'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
-index 0fb28cfa9..804d6b579 100644
+index ef76fd58a..2bb7ceba4 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
 @@ -1,6 +1,6 @@
@@ -11179,7 +11534,7 @@ index 0fb28cfa9..804d6b579 100644
  title: 'Record Unsuccessful Ownership Changes to Files - fchownat'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
-index ec572f511..5017d9ede 100644
+index fa0448df4..6e6bf032c 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
 @@ -1,6 +1,6 @@
@@ -11191,7 +11546,7 @@ index ec572f511..5017d9ede 100644
  title: 'Record Unsuccessful Permission Changes to Files - fremovexattr'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
-index 66fc4c747..e93444330 100644
+index c0bf31449..b67b0bc18 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
 @@ -1,6 +1,6 @@
@@ -11203,18 +11558,18 @@ index 66fc4c747..e93444330 100644
  title: 'Record Unsuccessful Permission Changes to Files - fsetxattr'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
-index a12fe0c0a..fda4617a2 100644
+index d088d91bc..4d4df29fb 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Unsuccessful Access Attempts to Files - ftruncate'
  
-@@ -69,7 +69,7 @@ references:
+@@ -72,7 +72,7 @@ references:
      stigid@ol7: OL07-00-030510
      stigid@ol8: OL08-00-030420
      stigid@rhel7: RHEL-07-030510
@@ -11224,7 +11579,7 @@ index a12fe0c0a..fda4617a2 100644
      stigid@sle15: SLES-15-030150
      stigid@ubuntu2004: UBTU-20-010157
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
-index 4a5d13bb1..e72b9b22b 100644
+index 3ad9634f5..bc852edd9 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
 @@ -1,6 +1,6 @@
@@ -11236,7 +11591,7 @@ index 4a5d13bb1..e72b9b22b 100644
  title: 'Record Unsuccessful Ownership Changes to Files - lchown'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
-index 38e0558c0..9f75abf4f 100644
+index cdadbe887..18ccc2e04 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
 @@ -1,6 +1,6 @@
@@ -11248,7 +11603,7 @@ index 38e0558c0..9f75abf4f 100644
  title: 'Record Unsuccessful Permission Changes to Files - lremovexattr'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
-index b91a2e54b..d5fcca4d9 100644
+index 249c0169c..3e4a0e6e5 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
 @@ -1,6 +1,6 @@
@@ -11260,18 +11615,18 @@ index b91a2e54b..d5fcca4d9 100644
  title: 'Record Unsuccessful Permission Changes to Files - lsetxattr'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
-index dbcad7da9..8d1d1197f 100644
+index de8897a2c..8872f1d17 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Unsuccessful Access Attempts to Files - open'
  
-@@ -69,7 +69,7 @@ references:
+@@ -72,7 +72,7 @@ references:
      stigid@ol7: OL07-00-030510
      stigid@ol8: OL08-00-030420
      stigid@rhel7: RHEL-07-030510
@@ -11281,18 +11636,18 @@ index dbcad7da9..8d1d1197f 100644
      stigid@sle15: SLES-15-030150
      stigid@ubuntu2004: UBTU-20-010155
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
-index 34f9b308f..131df9ba3 100644
+index 7b303e092..7c7c92bd1 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at'
  
-@@ -61,7 +61,7 @@ references:
+@@ -62,7 +62,7 @@ references:
      stigid@ol7: OL07-00-030510
      stigid@ol8: OL08-00-030420
      stigid@rhel7: RHEL-07-030510
@@ -11311,7 +11666,7 @@ index c1352ae38..31de43746 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
-index 29cc51e5e..66a88468f 100644
+index ffc509c50..027518381 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
 @@ -1,6 +1,6 @@
@@ -11332,7 +11687,7 @@ index c1352ae38..31de43746 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
-index 1139d3d4c..12b5f9c15 100644
+index f179706b3..e5af4b9f4 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
 @@ -1,6 +1,6 @@
@@ -11353,7 +11708,7 @@ index c944fb9e6..b506644af 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
-index f6778ff2e..39a7315aa 100644
+index 8a24ab1aa..c00d4dc03 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
 @@ -1,6 +1,6 @@
@@ -11374,7 +11729,7 @@ index c1352ae38..31de43746 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
-index fc832a32d..2b4a41076 100644
+index 35ddbc326..673c4db4e 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
 @@ -1,6 +1,6 @@
@@ -11395,7 +11750,7 @@ index c1352ae38..31de43746 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
-index 77c90c55b..25300be01 100644
+index d4dc5611f..a5b894d29 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
 @@ -1,6 +1,6 @@
@@ -11416,7 +11771,7 @@ index c944fb9e6..b506644af 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
-index 1cf66b9e1..c695c8733 100644
+index 0da3156af..c3fe28933 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
 @@ -1,6 +1,6 @@
@@ -11428,18 +11783,18 @@ index 1cf66b9e1..c695c8733 100644
  title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
-index eb740982f..ec1c4035f 100644
+index c85d6d55c..a575b7f57 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Unsuccessful Access Attempts to Files - openat'
  
-@@ -69,7 +69,7 @@ references:
+@@ -72,7 +72,7 @@ references:
      stigid@ol7: OL07-00-030510
      stigid@ol8: OL08-00-030420
      stigid@rhel7: RHEL-07-030510
@@ -11458,7 +11813,7 @@ index c1352ae38..31de43746 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
-index e699454e5..abd30b697 100644
+index d3fb5e8c2..7ef030771 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
 @@ -1,6 +1,6 @@
@@ -11479,7 +11834,7 @@ index c1352ae38..31de43746 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
-index b9aa00b65..24ed7123c 100644
+index cd573dc71..44d3e951d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
 @@ -1,6 +1,6 @@
@@ -11500,7 +11855,7 @@ index c944fb9e6..b506644af 100644
  
  {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
-index 46851bf6a..45f7b4ef1 100644
+index 5a16683de..189fc7cce 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
 @@ -1,6 +1,6 @@
@@ -11512,7 +11867,7 @@ index 46851bf6a..45f7b4ef1 100644
  title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
-index 73941532d..97bb35cd8 100644
+index 7d0ef046a..6c88302a6 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
 @@ -1,6 +1,6 @@
@@ -11524,31 +11879,31 @@ index 73941532d..97bb35cd8 100644
  title: 'Record Unsuccessful Permission Changes to Files - removexattr'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
-index e99c78599..ff1bf926b 100644
+index ef40c036b..53766d4d8 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
-+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
  
  title: 'Record Unsuccessful Delete Attempts to Files - rename'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
-index 94091c132..fec7ba65c 100644
+index 5b52aec1a..78d8eaa84 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
-+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
  
  title: 'Record Unsuccessful Delete Attempts to Files - renameat'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
-index 3b6ce3839..cb900ac4d 100644
+index 094ab0e07..81d5ea3d6 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
 @@ -1,6 +1,6 @@
@@ -11560,18 +11915,18 @@ index 3b6ce3839..cb900ac4d 100644
  title: 'Record Unsuccessful Permission Changes to Files - setxattr'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
-index 043d5f70b..677d0971e 100644
+index b7e17951e..a623c2913 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Record Unsuccessful Access Attempts to Files - truncate'
  
-@@ -68,7 +68,7 @@ references:
+@@ -71,7 +71,7 @@ references:
      stigid@ol7: OL07-00-030510
      stigid@ol8: OL08-00-030420
      stigid@rhel7: RHEL-07-030510
@@ -11581,48 +11936,48 @@ index 043d5f70b..677d0971e 100644
      stigid@sle15: SLES-15-030150
      stigid@ubuntu2004: UBTU-20-010156
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
-index 96906848c..257a8a2ca 100644
+index 0d26a2f0d..ec74eb00e 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
-+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
  
  title: 'Record Unsuccessful Delete Attempts to Files - unlink'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
-index cc76dfeec..b1e23b086 100644
+index 38b174793..d4896530b 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
-+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
  
  title: 'Record Unsuccessful Delete Attempts to Files - unlinkat'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
-index 5c616a0dd..a498e4795 100644
+index 590a5ff6b..5ceb15d9b 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
  # reboot = true
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
-index 0cf4bd984..4d258bd41 100644
+index 18778fd6d..9ffe93fc1 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading'
  
@@ -11637,8 +11992,20 @@ index bdf3015c4..658327033 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
+index 81da90162..645e6b29a 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_create/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: alinux3,ol7,rhel7,rhel8,rhel9
++prodtype: alinux3,ol7,rhel7,rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure auditd Collects Information on Kernel Module Unloading - create_module'
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
-index 423f67054..af9b30c74 100644
+index 369b1efa7..6178f245a 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -11648,7 +12015,7 @@ index 423f67054..af9b30c74 100644
  # complexity = low
  # disruption = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
-index 51a610284..71df13a42 100644
+index 7c8e520c1..e5c1d9d93 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -11659,18 +12026,18 @@ index 51a610284..71df13a42 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
-index e71d5bd44..81985b3e0 100644
+index d7973aed9..d65e29d4e 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module'
  
-@@ -62,7 +62,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-030830
      stigid@ol8: OL08-00-030390
      stigid@rhel7: RHEL-07-030830
@@ -11691,7 +12058,7 @@ index ebf2a9cab..288d4f0ee 100644
  
  rm -f /etc/audit/rules.d/*
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
-index 586ba8187..731d773ec 100644
+index 104426d89..58d592d3b 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -11701,7 +12068,7 @@ index 586ba8187..731d773ec 100644
  # complexity = low
  # disruption = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
-index 90d7d43d5..818c3cade 100644
+index 639d76a21..7f4d463d6 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -11712,18 +12079,18 @@ index 90d7d43d5..818c3cade 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
-index fa08613fe..67e8c2c11 100644
+index 57bf26f06..402560066 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module'
  
-@@ -59,7 +59,7 @@ references:
+@@ -62,7 +62,7 @@ references:
      stigid@ol7: OL07-00-030820
      stigid@ol8: OL08-00-030360
      stigid@rhel7: RHEL-07-030820
@@ -11744,7 +12111,7 @@ index deb2217de..3db9d374e 100644
  
  rm -f /etc/audit/rules.d/*
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
-index 8765a6a7a..1dcb1e8e4 100644
+index c4915eac1..6fd747807 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -11754,7 +12121,7 @@ index 8765a6a7a..1dcb1e8e4 100644
  # complexity = low
  # disruption = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
-index 2fb9a7ff5..7cef862dc 100644
+index 083a612a0..3228b89b7 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -11765,18 +12132,18 @@ index 2fb9a7ff5..7cef862dc 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
-index 76c509df2..3e3095de1 100644
+index 4392f855f..58d41e8ae 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,debian10,debian11,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module'
  
-@@ -61,7 +61,7 @@ references:
+@@ -63,7 +63,7 @@ references:
      stigid@ol7: OL07-00-030820
      stigid@ol8: OL08-00-030360
      stigid@rhel7: RHEL-07-030820
@@ -11795,6 +12162,29 @@ index 7570ed06f..e9ff26fab 100644
 +# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
  # packages = audit
  
+ rm -f /etc/audit/rules.d/*
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml
+index ffb320b1a..fb709f42c 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,rhel9
++prodtype: rhel8,almalinux8,rhel9
+ 
+ title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - query_module'
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh
+index 009564309..0f9a7f6e6 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_query/tests/missing_auid_filter.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
+ # packages = audit
+ 
  rm -f /etc/audit/rules.d/*
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh
 index d58a5ee62..c6d928bbd 100644
@@ -11807,7 +12197,7 @@ index d58a5ee62..c6d928bbd 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml
-index 52196f41a..0f662a980 100644
+index bee62126a..26762fe5a 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml
 @@ -1,6 +1,6 @@
@@ -11832,7 +12222,7 @@ index 9c69bc099..d133b31d9 100644
  {{% else %}}
  {{% set faillock_path="/var/run/faillock" %}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
-index 2fa41de54..a571d79b4 100644
+index 4dcd32e2c..40220f9ed 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml
 @@ -1,6 +1,6 @@
@@ -11843,17 +12233,17 @@ index 2fa41de54..a571d79b4 100644
  
  title: 'Record Attempts to Alter Logon and Logout Events - faillock'
  
-@@ -56,7 +56,7 @@ references:
+@@ -59,7 +59,7 @@ references:
      stigid@ol7: OL07-00-030610
      stigid@ol8: OL08-00-030590
      stigid@rhel7: RHEL-07-030610
 -    stigid@rhel8: RHEL-08-030590
 +    stigid@almalinux8: RHEL-08-030590
-     vmmsrg: SRG-OS-000473-VMM-001930,SRG-OS-000470-VMM-001900
  
  ocil_clause: 'the command does not return a line, or the line is commented out'
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
-index c5723981d..345fafea1 100644
+index 45c08e4c4..03e03b80e 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml
 @@ -1,6 +1,6 @@
@@ -11864,7 +12254,7 @@ index c5723981d..345fafea1 100644
  
  title: 'Record Attempts to Alter Logon and Logout Events - lastlog'
  
-@@ -58,7 +58,7 @@ references:
+@@ -61,7 +61,7 @@ references:
      stigid@ol7: OL07-00-030620
      stigid@ol8: OL08-00-030600
      stigid@rhel7: RHEL-07-030620
@@ -11874,7 +12264,7 @@ index c5723981d..345fafea1 100644
      stigid@sle15: SLES-15-030480
      stigid@ubuntu2004: UBTU-20-010171
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
-index e41c80469..767d93a8f 100644
+index 96f6e645f..2529d50ee 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml
 @@ -1,6 +1,6 @@
@@ -11886,217 +12276,193 @@ index e41c80469..767d93a8f 100644
  title: 'Record Attempts to Alter Logon and Logout Events - tallylog'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
-index 15380184a..29ef1af23 100644
+index 8f306736e..c6273db3d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml
 @@ -1,4 +1,4 @@
 -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
  # reboot = false
- # strategy = restrict
+ # strategy = configure
  # complexity = low
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh
-index 3d7bcfa88..1df0dff7a 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- 
- # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
- {{{ bash_perform_audit_rules_privileged_commands_remediation("auditctl", auid) }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
-index e063fe444..edaaead85 100644
+index 8615165ec..002902145 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
-@@ -1,6 +1,6 @@
+@@ -1,5 +1,5 @@
  #!/bin/bash
  # packages = audit
- # remediation = bash
--# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
  sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
-index 9f901bc48..e77afffaf 100644
+index bc3f67c9c..a37ccd0bf 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules
- sed -i '/newgrp/d' /etc/audit/audit.rules
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
-index d6e108811..345269aa8 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/audit.rules
- sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
-index 4c141ff93..d23a56f5d 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules
- sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh
-index ece818b96..bad106bce 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules
- sed -i -E 's/^(.*path=[[:graph:]]+ )(.*$)/\1-F perm=x \2/' /etc/audit/audit.rules
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
-index 1c429afbb..5e5794849 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
+ sed -i '/newgrp/d' /etc/audit/audit.rules
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
+index ed2cc6c29..13cbaac12 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/audit.rules
+ sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
+index e1d5d05df..6a758969a 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
+ sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
+index ec89d9ce8..81e0062b1 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
+ sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/audit.rules
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
+index ee36da807..bd848737d 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
  # augenrules is default for rhel7
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh
-index f64e0d6a2..29e821c7f 100644
+index b6aabf247..8405f0ba1 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh
-@@ -2,7 +2,7 @@
+@@ -1,7 +1,7 @@
+ #!/bin/bash
  # packages = audit
- # Remediation for this rule cannot remove the duplicates
  # remediation = none
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- ./generate_privileged_commands_rule.sh 1000 privileged /tmp/privileged.rules
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /tmp/privileged.rules
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh
-index 1776a4d98..ba97f9521 100644
+index 711bae803..617ff1b33 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh
-@@ -1,7 +1,7 @@
+@@ -1,6 +1,6 @@
  #!/bin/bash
  # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
   sed -i '/newgrp/d' /etc/audit/rules.d/privileged.rules
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
-index 8b0d6cef5..29a608404 100644
+index d272fd1d5..f7c0fec7d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh
-@@ -1,6 +1,6 @@
+@@ -1,5 +1,5 @@
  #!/bin/bash
  # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+ echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh
-index 6903132be..10e81b369 100644
+index ecda20ef9..115487067 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh
-@@ -1,6 +1,6 @@
+@@ -1,5 +1,5 @@
  #!/bin/bash
  # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
-index 320492d74..84478668d 100644
+index 51482922f..4ac366ec9 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules
- # change key of rules for binaries in /usr/sbin
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh
-index 2093fd716..6c67b6791 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules
- sed -i -E 's/^(.*path=[[:graph:]]+ )(.*$)/\1-F perm=x \2/' /etc/audit/rules.d/privileged.rules
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
-index 28e5fecf9..4fddc3ccb 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules
- echo "-a always,exit -F path=/usr/bin/passwd -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
-index 18a8e7b5a..0679d1f7b 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
-@@ -1,7 +1,7 @@
- #!/bin/bash
- # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
- 
- echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
- echo "-a always,exit -F path=/usr/bin/passwd -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
-diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
-index 3ad8f1f60..b82e9cc08 100644
---- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
-+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  # packages = audit
- # remediation = bash
--# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
-+# platform = Fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- ./generate_privileged_commands_rule.sh 1000 own_key /etc/audit/rules.d/privileged.rules
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
+ # change key of rules for binaries in /usr/sbin
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh
+index 79c0bb972..2968492ac 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules
+ sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/rules.d/privileged.rules
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
+index a8667bbfb..471d2aff2 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules
+ echo "-a always,exit -F path=/usr/bin/passwd -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
+index b2e18d1cd..5c56cdb6d 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ echo "-a always,exit -F path=/usr/bin/newgrp -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
+ echo "-a always,exit -F path=/usr/bin/notrelevant -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
+index 81fc6dd16..9c3f84ef8 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+ # packages = audit
+-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
+ 
+ ./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
-index 8c8048e51..ffc61d925 100644
+index 639e61446..4011f6cb8 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
 @@ -1,10 +1,10 @@
@@ -12113,23 +12479,23 @@ index 8c8048e51..ffc61d925 100644
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
-index 42fbf78be..3d0d32d0d 100644
+index bc240650e..bae8ba97e 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage'
  
-@@ -60,7 +60,7 @@ references:
+@@ -61,7 +61,7 @@ references:
      stigid@ol7: OL07-00-030660
      stigid@ol8: OL08-00-030250
      stigid@rhel7: RHEL-07-030660
@@ -12139,7 +12505,7 @@ index 42fbf78be..3d0d32d0d 100644
      stigid@sle15: SLES-15-030120
      stigid@ubuntu2004: UBTU-20-010175
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
-index 8b16dfa54..61ace82d7 100644
+index 8603087c3..1f78a3177 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
 @@ -1,10 +1,10 @@
@@ -12150,12 +12516,12 @@ index 8b16dfa54..61ace82d7 100644
  
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh'
  
-@@ -60,7 +60,7 @@ references:
+@@ -61,7 +61,7 @@ references:
      stigid@ol7: OL07-00-030720
      stigid@ol8: OL08-00-030410
      stigid@rhel7: RHEL-07-030720
@@ -12165,7 +12531,7 @@ index 8b16dfa54..61ace82d7 100644
      stigid@sle15: SLES-15-030100
      stigid@ubuntu2004: UBTU-20-010163
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
-index ef97a5a77..63cb51dee 100644
+index 0846706f2..d0099324d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
 @@ -1,10 +1,10 @@
@@ -12190,24 +12556,54 @@ index ef97a5a77..63cb51dee 100644
      stigid@sle12: SLES-12-020710
      stigid@sle15: SLES-15-030130
      stigid@ubuntu2004: UBTU-20-010177
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
+index ac8b4c104..5cca96cc9 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
+index 329e48377..6bff4dc3c 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
+index 6ac08b082..dd5848d1d 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
-index a3f444ba8..c1813331b 100644
+index 347eaee25..ce442e91d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd'
  
-@@ -61,7 +61,7 @@ references:
+@@ -62,7 +62,7 @@ references:
      stigid@ol7: OL07-00-030650
      stigid@ol8: OL08-00-030370
      stigid@rhel7: RHEL-07-030650
@@ -12216,6 +12612,16 @@ index a3f444ba8..c1813331b 100644
      stigid@sle12: SLES-12-020560
      stigid@sle15: SLES-15-030080
      stigid@ubuntu2004: UBTU-20-010174
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
+index 0b7ad4110..8ee52129f 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
 index 5baa999e7..cb49a4d71 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
@@ -12237,25 +12643,25 @@ index 29bfc7be7..d0910b1c6 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
-index d30ab819a..1a2076a32 100644
+index 1f40fde77..84067bd6a 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml
 @@ -1,4 +1,4 @@
 -{{%- if product in ["ol7", "rhel7", "rhel8", "rhel9"] %}}
 +{{%- if product in ["ol7", "rhel7", "rhel8", "almalinux8", "rhel9"] %}}
-     {{%- set kmod_audit="-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged" %}}
+     {{%- set kmod_audit="-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=privileged" %}}
  {{%- elif product in ["ubuntu2004", "ubuntu2204"] %}}
      {{%- set kmod_audit="-w /bin/kmod -p x -k modules" %}}
 @@ -8,7 +8,7 @@
  
  documentation_complete: true
  
--prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - kmod'
  
-@@ -49,7 +49,7 @@ references:
+@@ -53,7 +53,7 @@ references:
      stigid@ol7: OL07-00-030840
      stigid@ol8: OL08-00-030580
      stigid@rhel7: RHEL-07-030840
@@ -12285,12 +12691,12 @@ index ed9771d0d..665d2cc0f 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
-index b9b07a651..98dc04647 100644
+index 602518ad8..aff4282ec 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
@@ -12309,9 +12715,19 @@ index b9b07a651..98dc04647 100644
 +    stigid@almalinux8: RHEL-08-030300
      stigid@sle12: SLES-12-020290
      stigid@ubuntu2004: UBTU-20-010138
-     vmmsrg: SRG-OS-000471-VMM-001910
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
+index 3c645c96c..170495c9d 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
-index 7b74b66e0..d0ed73ece 100644
+index 83c1c812f..ef4943e13 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
 @@ -1,10 +1,10 @@
@@ -12328,23 +12744,23 @@ index 7b74b66e0..d0ed73ece 100644
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
-index b25bd8fcc..05aa62a9f 100644
+index 59b4dcfbb..a6640d9c7 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp'
  
-@@ -61,7 +61,7 @@ references:
+@@ -62,7 +62,7 @@ references:
      stigid@ol7: OL07-00-030710
      stigid@ol8: OL08-00-030350
      stigid@rhel7: RHEL-07-030710
@@ -12354,7 +12770,7 @@ index b25bd8fcc..05aa62a9f 100644
      stigid@sle15: SLES-15-030090
      stigid@ubuntu2004: UBTU-20-010164
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
-index 58c4f297a..df60ceafc 100644
+index 41f9fc3de..cdaa9600d 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
 @@ -1,10 +1,10 @@
@@ -12371,12 +12787,12 @@ index 58c4f297a..df60ceafc 100644
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
-index 9e02c8012..622e1189a 100644
+index 0bda87b7d..2398e767b 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
 @@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
@@ -12384,12 +12800,12 @@ index 9e02c8012..622e1189a 100644
  
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check'
  
-@@ -65,7 +65,7 @@ references:
+@@ -66,7 +66,7 @@ references:
      stigid@ol7: OL07-00-030810
      stigid@ol8: OL08-00-030340
      stigid@rhel7: RHEL-07-030810
@@ -12399,12 +12815,12 @@ index 9e02c8012..622e1189a 100644
      stigid@sle15: SLES-15-030510
      stigid@ubuntu2004: UBTU-20-010178
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
-index 57b222a83..c98ad2219 100644
+index 19b6623a7..898ad38fd 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
@@ -12424,8 +12840,28 @@ index 57b222a83..c98ad2219 100644
      stigid@sle12: SLES-12-020550
      stigid@sle15: SLES-15-030070
      stigid@ubuntu2004: UBTU-20-010172
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
+index 126c855e7..3c514b237 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
+index aae180149..bcd8239ac 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
-index efcd8ecbf..0f2d3d17a 100644
+index 8408a93d0..093763e02 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
 @@ -1,10 +1,10 @@
@@ -12447,11 +12883,11 @@ index efcd8ecbf..0f2d3d17a 100644
      stigid@rhel7: RHEL-07-030760
 -    stigid@rhel8: RHEL-08-030311
 +    stigid@almalinux8: RHEL-08-030311
-     vmmsrg: SRG-OS-000471-VMM-001910
  
  {{{ ocil_fix_srg_privileged_command("postdrop") }}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
-index 183447d37..1a3e9c91d 100644
+index bbeabeb8d..19d5322a6 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
 @@ -1,10 +1,10 @@
@@ -12473,11 +12909,11 @@ index 183447d37..1a3e9c91d 100644
      stigid@rhel7: RHEL-07-030770
 -    stigid@rhel8: RHEL-08-030312
 +    stigid@almalinux8: RHEL-08-030312
-     vmmsrg: SRG-OS-000471-VMM-001910
  
  {{{ ocil_fix_srg_privileged_command("postqueue") }}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
-index dbd96c253..c4b98f27c 100644
+index 9a8daf680..7524b63b9 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
 @@ -1,10 +1,10 @@
@@ -12488,8 +12924,8 @@ index dbd96c253..c4b98f27c 100644
  
  documentation_complete: true
  
--prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9
-+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
+-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
++prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown'
  
@@ -12535,7 +12971,7 @@ index e1d848144..e38115cab 100644
      stigid@sle15: SLES-15-030370
      stigid@ubuntu2004: UBTU-20-010140
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
-index 45c313ae0..8976cdc63 100644
+index fd3983b53..6d0523d75 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
 @@ -1,4 +1,4 @@
@@ -12562,13 +12998,53 @@ index 45c313ae0..8976cdc63 100644
      stigid@sle12: SLES-12-020320
      stigid@sle15: SLES-15-030060
      stigid@ubuntu2004: UBTU-20-010141
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
+index 4ad68bc25..86a2598c4 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
+index 7d16f4d07..0d6e2ae4e 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
+index 2526442fe..e53152ec0 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
+index 7c3c4c64a..4811fc5ba 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
-index f0e518047..4340c063e 100644
+index 7a02e6220..827c7f7c5 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
@@ -12589,12 +13065,12 @@ index f0e518047..4340c063e 100644
      stigid@sle15: SLES-15-030550
      stigid@ubuntu2004: UBTU-20-010136
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
-index 867878942..cffeeed50 100644
+index 55e5e24bd..5a312880a 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
@@ -12615,7 +13091,7 @@ index 867878942..cffeeed50 100644
      stigid@sle15: SLES-15-030560
      stigid@ubuntu2004: UBTU-20-010161
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
-index 3d3dd8a5a..6bc830943 100644
+index ed40c3d03..964bcfd47 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
 @@ -1,10 +1,10 @@
@@ -12632,12 +13108,12 @@ index 3d3dd8a5a..6bc830943 100644
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
-index 5c4d045a2..9edc02f6d 100644
+index 4ba40efd0..39a961a90 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
@@ -12656,14 +13132,14 @@ index 5c4d045a2..9edc02f6d 100644
 +    stigid@almalinux8: RHEL-08-030301
      stigid@sle12: SLES-12-020300
      stigid@ubuntu2004: UBTU-20-010139
-     vmmsrg: SRG-OS-000471-VMM-001910
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
-index 8b5bab8ed..8daef0a43 100644
+index 53d21d2c8..c777b13b2 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
 @@ -1,10 +1,10 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x="-F perm=x " %}}
  {{%- endif %}}
  
@@ -12682,7 +13158,7 @@ index 8b5bab8ed..8daef0a43 100644
 +    stigid@almalinux8: RHEL-08-030317
      stigid@sle12: SLES-12-020680
      stigid@sle15: SLES-15-030110
-     vmmsrg: SRG-OS-000471-VMM-001910
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
 index 6ad48696d..2d326071c 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml
@@ -12705,7 +13181,7 @@ index 6ad48696d..2d326071c 100644
  
  {{{ ocil_fix_srg_privileged_command("unix_update") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
-index 5ce90cbe6..c3f15a697 100644
+index b1994fa98..b6c9180f9 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
 @@ -1,10 +1,10 @@
@@ -12727,22 +13203,22 @@ index 5ce90cbe6..c3f15a697 100644
      stigid@rhel7: RHEL-07-030670
 -    stigid@rhel8: RHEL-08-030315
 +    stigid@almalinux8: RHEL-08-030315
-     vmmsrg: SRG-OS-000471-VMM-001910
  
  {{{ ocil_fix_srg_privileged_command("userhelper") }}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
-index eff534c34..2aa7f9839 100644
+index 8af435987..7a1924c90 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usermod'
  
-@@ -44,7 +44,7 @@ references:
+@@ -45,7 +45,7 @@ references:
      nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a)
      srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210
      stigid@ol8: OL08-00-030560
@@ -12752,7 +13228,7 @@ index eff534c34..2aa7f9839 100644
      stigid@sle15: SLES-15-030500
      stigid@ubuntu2004: UBTU-20-010176
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
-index 4909928c6..d8006225c 100644
+index e3d68c134..ea7d39fcb 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
 @@ -1,10 +1,10 @@
@@ -12768,6 +13244,26 @@ index 4909928c6..d8006225c 100644
  
  title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl'
  
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
+index abd867e50..403aa9f9a 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
+index c04fda277..f877355c3 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
+@@ -1,4 +1,4 @@
+-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+   {{%- set perm_x="-F perm=x " %}}
+ {{%- endif %}}
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml
 index 4fd5bef0f..30e9c3398 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml
@@ -12934,11 +13430,11 @@ index 26d02c24e..28daa9106 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
-index 91d169395..4db7d0c7c 100644
+index 81e0bc11e..da4792b27 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml
-@@ -56,7 +56,7 @@ references:
-     pcidss: Req-10.5.2
+@@ -58,7 +58,7 @@ references:
+     pcidss4: "10.3.2"
      srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
      stigid@ol8: OL08-00-030121
 -    stigid@rhel8: RHEL-08-030121
@@ -12998,7 +13494,7 @@ index 79440e79b..614a4e09c 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml
-index 4534624b4..7d1db5bb1 100644
+index 889f83178..7896d4cb1 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13008,11 +13504,31 @@ index 4534624b4..7d1db5bb1 100644
  # reboot = true
  # strategy = restrict
  # complexity = low
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
+index 496670fad..a9cce0a56 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
+index b61368c0c..eb3bf47f9 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification_usr_share/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+ 
+ # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
+ {{{ bash_fix_audit_watch_rule("auditctl", "/usr/share/selinux/", "wa", "MAC-policy") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
-index 35d680636..d31c788b1 100644
+index 8b9ff5f99..175c68741 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml
-@@ -57,7 +57,7 @@ references:
+@@ -60,7 +60,7 @@ references:
      stigid@ol7: OL07-00-030740
      stigid@ol8: OL08-00-030302
      stigid@rhel7: RHEL-07-030740
@@ -13062,7 +13578,7 @@ index caf49d4f8..f2ba8f9f1 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml
-index 1decbff93..083f80bd9 100644
+index 8b2377d44..39c2bba69 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13073,14 +13589,14 @@ index 1decbff93..083f80bd9 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
-index 65cd15d0b..01dbc134b 100644
+index 628dc4fd8..f8a123321 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol8,ol9,rhel8,rhel9
-+prodtype: ol8,ol9,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol8,ol9,rhel8,rhel9
++prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9
  
  title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers'
  
@@ -13094,14 +13610,14 @@ index 65cd15d0b..01dbc134b 100644
  ocil_clause: 'the command does not return a line, or the line is commented out'
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
-index 7f32fc3d0..6e674c36a 100644
+index a8b33956b..86c412e9a 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol8,ol9,rhel8,rhel9
-+prodtype: ol8,ol9,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol8,ol9,rhel8,rhel9
++prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9
  
  title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/'
  
@@ -13114,8 +13630,40 @@ index 7f32fc3d0..6e674c36a 100644
  
  ocil_clause: 'the command does not return a line, or the line is commented out'
  
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
+index 64e8dde85..3d4f65278 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
+index 15d6fa4e2..7f98c9915 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ # First perform the remediation of the syscall rule
+ # Retrieve hardware architecture of the underlying system
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml
+index 866445695..c7164e885 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,rhel9
++prodtype: rhel8,almalinux8,rhel9
+ 
+ title: 'Record Events When Executables Are Run As Another User'
+ 
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
-index c46cbbe39..acbd8ad2c 100644
+index 252ed0ca6..980a260ae 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -13134,8 +13682,19 @@ index 8fdd7e75a..9c16b41cc 100644
  
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
+diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml
+index 323a798b1..46fad7416 100644
+--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml
++++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/kubernetes/shared.yml
+@@ -1,5 +1,5 @@
+ ---
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
+ # reboot = true
+ # strategy = restrict
+ # complexity = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
-index 327d07fb2..24a3364a4 100644
+index 49a665ded..1301a0496 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml
 @@ -1,6 +1,6 @@
@@ -13166,7 +13725,7 @@ index fcde9d3aa..6477bc85e 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/etc/sudoers", "wa", "actions") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml
-index 5c99e72f4..88c36f80d 100644
+index 336beb2b7..26c47e462 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13177,7 +13736,7 @@ index 5c99e72f4..88c36f80d 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
-index 57dc24fcd..79456ebaf 100644
+index 339a4846f..aa92eda70 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml
 @@ -1,6 +1,6 @@
@@ -13199,7 +13758,7 @@ index 07965e2c7..908fa6e54 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/etc/group", "wa", "audit_rules_usergroup_modification") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
-index a17b62a24..8bfafb398 100644
+index b213979b4..a475f8eb1 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml
 @@ -1,6 +1,6 @@
@@ -13210,7 +13769,7 @@ index a17b62a24..8bfafb398 100644
  
  title: 'Record Events that Modify User/Group Information - /etc/group'
  
-@@ -63,7 +63,7 @@ references:
+@@ -66,7 +66,7 @@ references:
      stigid@ol7: OL07-00-030871
      stigid@ol8: OL08-00-030170
      stigid@rhel7: RHEL-07-030871
@@ -13220,7 +13779,7 @@ index a17b62a24..8bfafb398 100644
      stigid@sle15: SLES-15-030010
      stigid@ubuntu2004: UBTU-20-010101
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
-index 82339f74a..c5ebddaa8 100644
+index 0bb5e2238..869c6f721 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml
 @@ -1,6 +1,6 @@
@@ -13231,7 +13790,7 @@ index 82339f74a..c5ebddaa8 100644
  
  title: 'Record Events that Modify User/Group Information - /etc/gshadow'
  
-@@ -63,7 +63,7 @@ references:
+@@ -66,7 +66,7 @@ references:
      stigid@ol7: OL07-00-030872
      stigid@ol8: OL08-00-030160
      stigid@rhel7: RHEL-07-030872
@@ -13241,7 +13800,7 @@ index 82339f74a..c5ebddaa8 100644
      stigid@sle15: SLES-15-030040
      stigid@ubuntu2004: UBTU-20-010103
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
-index 3d3a8a8cc..589493727 100644
+index 946cd6104..5dbc533f8 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml
 @@ -1,6 +1,6 @@
@@ -13252,7 +13811,7 @@ index 3d3a8a8cc..589493727 100644
  
  title: 'Record Events that Modify User/Group Information - /etc/security/opasswd'
  
-@@ -64,7 +64,7 @@ references:
+@@ -67,7 +67,7 @@ references:
      stigid@ol7: OL07-00-030874
      stigid@ol8: OL08-00-030140
      stigid@rhel7: RHEL-07-030874
@@ -13262,7 +13821,7 @@ index 3d3a8a8cc..589493727 100644
      stigid@sle15: SLES-15-030030
      stigid@ubuntu2004: UBTU-20-010104
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
-index fd297cce7..f86e48526 100644
+index 46cf595dd..6835c3bb1 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml
 @@ -1,6 +1,6 @@
@@ -13273,7 +13832,7 @@ index fd297cce7..f86e48526 100644
  
  title: 'Record Events that Modify User/Group Information - /etc/passwd'
  
-@@ -63,7 +63,7 @@ references:
+@@ -66,7 +66,7 @@ references:
      stigid@ol7: OL07-00-030870
      stigid@ol8: OL08-00-030150
      stigid@rhel7: RHEL-07-030870
@@ -13283,7 +13842,7 @@ index fd297cce7..f86e48526 100644
      stigid@sle15: SLES-15-030000
      stigid@ubuntu2004: UBTU-20-010100
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
-index 8c61d1f92..0fff324ce 100644
+index a4e780a39..45c857398 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml
 @@ -1,6 +1,6 @@
@@ -13294,7 +13853,7 @@ index 8c61d1f92..0fff324ce 100644
  
  title: 'Record Events that Modify User/Group Information - /etc/shadow'
  
-@@ -63,7 +63,7 @@ references:
+@@ -66,7 +66,7 @@ references:
      stigid@ol7: OL07-00-030873
      stigid@ol8: OL08-00-030130
      stigid@rhel7: RHEL-07-030873
@@ -13304,14 +13863,14 @@ index 8c61d1f92..0fff324ce 100644
      stigid@sle15: SLES-15-030020
      stigid@ubuntu2004: UBTU-20-010102
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
-index 95546923d..230523282 100644
+index b00fb3856..3072f6eb3 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_sudo_log_events/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: rhel8,rhel9,ubuntu2004,ubuntu2204
-+prodtype: rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204
+-prodtype: fedora,rhel8,rhel9,ubuntu2004,ubuntu2204
++prodtype: fedora,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204
  
  title: 'Record Attempts to perform maintenance activities'
  
@@ -13325,7 +13884,7 @@ index b7f44ab38..e6b1d1856 100644
  
  {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml
-index 3fbd4948a..27378a924 100644
+index 49c97e395..51f48c0f9 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13346,7 +13905,7 @@ index f0783ec4f..a4cc0d84c 100644
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml
-index 18bb26716..8f0bffdd8 100644
+index ec76157d4..0f9e9f7cc 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13366,7 +13925,7 @@ index b7f44ab38..e6b1d1856 100644
  
  {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml
-index e2f2d6494..bd5c24342 100644
+index 3f43030e9..85e9a47c8 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13386,7 +13945,7 @@ index b7f44ab38..e6b1d1856 100644
  
  {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml
-index 7ea72adfa..28662fe80 100644
+index 8a58bbc38..1a73014dc 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13407,7 +13966,7 @@ index 4983b503e..b4db73bce 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}}
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
-index ac72267a2..67ee86593 100644
+index 140506b60..4290a051f 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -13492,7 +14051,7 @@ index 0dad1bfe1..29632f729 100644
  if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then
    DIR=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ' | rev | cut -d"/" -f2- | rev)
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
-index cab7c10c6..c51d3f1a2 100644
+index fc07d9465..d688b8138 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml
 @@ -3,7 +3,7 @@ documentation_complete: true
@@ -13504,7 +14063,7 @@ index cab7c10c6..c51d3f1a2 100644
      Verify the audit log directories have a mode of "0700" or less permissive by first determining
      where the audit logs are stored with the following command:
      
$ sudo grep -iw log_file /etc/audit/auditd.conf
-@@ -45,7 +45,7 @@ references:
+@@ -46,7 +46,7 @@ references:
      nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
      srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
      stigid@ol8: OL08-00-030120
@@ -13513,7 +14072,7 @@ index cab7c10c6..c51d3f1a2 100644
      stigid@ubuntu2004: UBTU-20-010128
  
  ocil_clause: 'audit logs have a more permissive mode'
-@@ -69,7 +69,7 @@ ocil: |-
+@@ -70,7 +70,7 @@ ocil: |-
  
      Replace "[audit_log_directory]" to the correct audit log directory path, by default this location is "/var/log/audit".
  
@@ -13522,7 +14081,7 @@ index cab7c10c6..c51d3f1a2 100644
      The correct permissions are 0700
      {{% else %}}
      If the log_group is "root" or is not set, the correct permissions are 0700, otherwise they are 0750.
-@@ -82,7 +82,7 @@ fixtext: |-
+@@ -83,7 +83,7 @@ fixtext: |-
  
      $ sudo grep "^log_file" /etc/audit/auditd.conf
  
@@ -13580,7 +14139,7 @@ index b93254a4b..c7d66ccbb 100644
  source common_0700.sh
  
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
-index b2cba263a..46c32a0b9 100644
+index 399e4ea76..15f37085a 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
 @@ -1,6 +1,6 @@
@@ -13591,7 +14150,7 @@ index b2cba263a..46c32a0b9 100644
  
  title: 'System Audit Logs Must Be Group Owned By Root'
  
-@@ -41,7 +41,7 @@ references:
+@@ -42,7 +42,7 @@ references:
      pcidss: Req-10.5.1
      srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
      stigid@ol8: OL08-00-030090
@@ -13701,7 +14260,7 @@ index 1879113b8..8798ae1ae 100644
  
  sed -i "/^\s*log_file.*/d" /etc/audit/auditd.conf
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
-index bb0ae821f..1b84683ce 100644
+index 81e471f4e..c1e9bbb15 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -13711,7 +14270,7 @@ index bb0ae821f..1b84683ce 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
-index f97a559e6..de9777988 100644
+index 0b42da512..013401d8c 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -13721,7 +14280,7 @@ index f97a559e6..de9777988 100644
  if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then
      FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
-index e5c0e1eda..37ba97e98 100644
+index a7aa67de4..ef897a3b3 100644
 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
 +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml
 @@ -1,6 +1,6 @@
@@ -13732,7 +14291,7 @@ index e5c0e1eda..37ba97e98 100644
  
  title: 'System Audit Logs Must Have Mode 0640 or Less Permissive'
  
-@@ -53,7 +53,7 @@ references:
+@@ -55,7 +55,7 @@ references:
      stigid@ol7: OL07-00-910055
      stigid@ol8: OL08-00-030070
      stigid@rhel7: RHEL-07-910055
@@ -13806,7 +14365,7 @@ index 53a56e255..554799735 100644
  {{{ bash_instantiate_variables("var_audispd_remote_server") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
-index 85fd8e388..2c904720d 100644
+index 9ec973546..9817efe45 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml
 @@ -1,6 +1,6 @@
@@ -14126,7 +14685,7 @@ index d0065b38c..7027992a4 100644
  {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14201,7 +14760,7 @@ index ce4f4d029..6ab8e06dd 100644
  {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14276,10 +14835,10 @@ index dfb8d3035..28e3fd6c9 100644
  {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
-index c68498f85..43787aaaf 100644
+index f04a42850..66fc3abcb 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
-@@ -51,7 +51,7 @@ references:
+@@ -52,7 +52,7 @@ references:
      stigid@ol7: OL07-00-030350
      stigid@ol8: OL08-00-030020
      stigid@rhel7: RHEL-07-030350
@@ -14309,7 +14868,7 @@ index e05250cea..e04d721a4 100644
  {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14320,7 +14879,7 @@ index c865ad76e..f226ae349 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml
-index 5f10393b4..ab1400386 100644
+index 01c5df5d6..79dc15915 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_percentage/rule.yml
 @@ -1,6 +1,6 @@
@@ -14352,7 +14911,7 @@ index 79b916559..40632d099 100644
  {{{ bash_instantiate_variables("var_auditd_flush") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14467,7 +15026,7 @@ index 8a53bf847..95c5446b6 100644
  {{{ bash_instantiate_variables("var_auditd_max_log_file") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14498,7 +15057,7 @@ index 5007f965f..4c06ea831 100644
  {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14550,7 +15109,7 @@ index 7deaa0607..748a59d80 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14581,7 +15140,7 @@ index a53f062b5..e0200450d 100644
  {{{ bash_instantiate_variables("var_auditd_space_left") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14592,7 +15151,7 @@ index c865ad76e..f226ae349 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
-index 54462480d..eb0802b06 100644
+index d9b97fbfb..e34244c39 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
 @@ -1,6 +1,6 @@
@@ -14624,7 +15183,7 @@ index 870f6619e..a1dc8844a 100644
  {{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14635,20 +15194,20 @@ index c865ad76e..f226ae349 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
-index 4dc2529aa..ac76cdea4 100644
+index bea9a7805..854cc6ed4 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
-@@ -62,7 +62,7 @@ references:
+@@ -63,7 +63,7 @@ references:
      stigid@ol7: OL07-00-030340
      stigid@ol8: OL08-00-030731
      stigid@rhel7: RHEL-07-030340
 -    stigid@rhel8: RHEL-08-030731
 +    stigid@almalinux8: RHEL-08-030731
      stigid@ubuntu2004: UBTU-20-010217
-     vmmsrg: SRG-OS-000343-VMM-001240
  
+ ocil_clause: 'there is no evidence that real-time alerts are configured on the system'
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
-index aef2ffe8a..5d39f86de 100644
+index c82d0d370..46a8784bc 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
 @@ -1,6 +1,6 @@
@@ -14666,10 +15225,10 @@ index aef2ffe8a..5d39f86de 100644
 -    stigid@rhel8: RHEL-08-030730
 +    stigid@almalinux8: RHEL-08-030730
      stigid@ubuntu2004: UBTU-20-010217
-     vmmsrg: SRG-OS-000343-VMM-001240
  
+ ocil_clause: 'the value of the "space_left" keyword is not set to {{{ xccdf_value("var_auditd_space_left_percentage") }}}% of the storage volume allocated to audit logs, or if the line is commented out, ask the System Administrator to indicate how the system is providing real-time alerts to the SA and ISSO. If the "space_left" value is not configured to the correct value'
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14680,7 +15239,7 @@ index c865ad76e..f226ae349 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14704,7 +15263,7 @@ index 75590e720..0b5a09999 100644
  ocil_clause: local_events isn't set to yes
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14748,7 +15307,7 @@ index 67a1203dd..12a94396c 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14805,7 +15364,7 @@ index a058b881c..1427b39ca 100644
  ocil_clause: 'auditd overflow action is not set correctly'
  
 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
-index c865ad76e..f226ae349 100644
+index 55f407e01..b9084af21 100644
 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -14829,7 +15388,7 @@ index bcafc35b8..1579dc90f 100644
  {{% else %}}
      The setting for remote_server in /etc/audisp/audisp-remote.conf
 diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
-index 9948a25c9..1fbfd5638 100644
+index e81a90bc6..1a095b8a2 100644
 --- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
 +++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
 @@ -1,6 +1,6 @@
@@ -14840,15 +15399,15 @@ index 9948a25c9..1fbfd5638 100644
  
  title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon'
  
-@@ -50,7 +50,7 @@ references:
-     pcidss: Req-10.3
+@@ -51,7 +51,7 @@ references:
+     pcidss4: "10.7"
      srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095
      stigid@ol8: OL08-00-030601
 -    stigid@rhel8: RHEL-08-030601
 +    stigid@almalinux8: RHEL-08-030601
      stigid@ubuntu2004: UBTU-20-010198
-     vmmsrg: SRG-OS-000254-VMM-000880
  
+ ocil_clause: 'auditing is not enabled at boot time'
 diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
 index 4a03a2117..365d018a2 100644
 --- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
@@ -14938,11 +15497,11 @@ index e2d2b7fdb..f4952aacd 100644
  title: 'Install audispd-plugins Package'
  
 diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
-index 701d4e5b1..c0ac20101 100644
+index b71d4e054..7983af2cf 100644
 --- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
 +++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
-@@ -34,7 +34,7 @@ references:
-     pcidss: Req-10.2.1
+@@ -35,7 +35,7 @@ references:
+     pcidss4: "10.2.1"
      srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220
      stigid@ol8: OL08-00-030180
 -    stigid@rhel8: RHEL-08-030180
@@ -14962,7 +15521,7 @@ index e33140501..603abfb90 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
-index 992bf062a..4fd40dc3b 100644
+index cefc04f50..8a6a38e9e 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
 @@ -1,6 +1,6 @@
@@ -15007,7 +15566,7 @@ index 413293083..3f8c50a39 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
-index 8000a1a6d..59fbf2fb5 100644
+index 9c2495c3c..e19b21b56 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
 @@ -1,6 +1,6 @@
@@ -15075,7 +15634,7 @@ index 981a0c861..ab7d657c3 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
-index 08bff7139..2b27b5b35 100644
+index 6121df242..dc10d4df6 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
 @@ -1,6 +1,6 @@
@@ -15109,7 +15668,7 @@ index 08c8dc855..e9277f263 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
-index 7532b0bf1..99b6350ae 100644
+index 8dca6a682..4d76ade87 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
 @@ -1,6 +1,6 @@
@@ -15132,7 +15691,7 @@ index 023388b66..655883afe 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
-index 6280008f2..bc2a76836 100644
+index f687fd864..71bfab67b 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
 @@ -1,6 +1,6 @@
@@ -15166,7 +15725,7 @@ index 2fb2c25aa..e182781c4 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
-index 6c42b726a..1da7bb5fe 100644
+index bff04fe4c..a56d7f18f 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -15175,9 +15734,9 @@ index 6c42b726a..1da7bb5fe 100644
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
  
  {{% set file_contents = """## Successful file delete
- -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete
+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
-index c95d8aabe..3e2cd2818 100644
+index 45419ec17..b15b8f741 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
 @@ -1,6 +1,6 @@
@@ -15189,7 +15748,7 @@ index c95d8aabe..3e2cd2818 100644
  title: 'Configure auditing of successful file deletions'
  
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
-index 0314988d4..25f2c5ae8 100644
+index 37b8b3676..d1be71273 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -15198,9 +15757,9 @@ index 0314988d4..25f2c5ae8 100644
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
  
  {{% set file_contents = """## Successful file delete
- -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete
+ -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
-index 3734328c9..1ff00c4e6 100644
+index a46066d62..731636c7f 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_ppc64le/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -15209,7 +15768,7 @@ index 3734328c9..1ff00c4e6 100644
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
  
  {{% set file_contents = """## Successful file delete
- -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete""" -%}}
+ -a always,exit -F arch=b64 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete""" -%}}
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
 index 4b6116733..42e1c3da2 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
@@ -15254,7 +15813,7 @@ index 2d9279849..ec6477378 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
-index 23d3209cc..0fe51e018 100644
+index c6c9cc56c..139ffa91d 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
 @@ -1,6 +1,6 @@
@@ -15299,7 +15858,7 @@ index c6f796967..7a6e545c4 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
-index 82ac32264..33b7d1ad6 100644
+index 888a33657..e2743c631 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
 @@ -1,6 +1,6 @@
@@ -15378,7 +15937,7 @@ index a93771e85..22e9b17b9 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
-index 878b95eab..69277846e 100644
+index fbe8d9fae..c5684d979 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
 @@ -1,6 +1,6 @@
@@ -15390,7 +15949,7 @@ index 878b95eab..69277846e 100644
  title: 'Perform general configuration of Audit for OSPP'
  
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
-index 6b943ce05..5b19b70bb 100644
+index c122b209f..d1f676a94 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -15412,7 +15971,7 @@ index fa81ece03..7a26684d2 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
-index 9e8afab03..a559a87ca 100644
+index 55ad31393..3767b639e 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
 @@ -1,6 +1,6 @@
@@ -15424,7 +15983,7 @@ index 9e8afab03..a559a87ca 100644
  title: 'Configure auditing of unsuccessful ownership changes'
  
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
-index 7ba36791c..55070353f 100644
+index fc419001f..f989e141f 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
 @@ -1,6 +1,6 @@
@@ -15436,7 +15995,7 @@ index 7ba36791c..55070353f 100644
  title: 'Configure auditing of successful ownership changes'
  
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
-index 414cfba0b..d928aabc3 100644
+index f0c9a0c44..af0b162c6 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
 @@ -1,6 +1,6 @@
@@ -15448,7 +16007,7 @@ index 414cfba0b..d928aabc3 100644
  title: 'Configure auditing of unsuccessful permission changes'
  
 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
-index c01c37bd0..c6c411bd8 100644
+index 7ea158505..a85e376db 100644
 --- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
 +++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
 @@ -1,6 +1,6 @@
@@ -15483,10 +16042,10 @@ index 89d6152dc..7afbf02b7 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
-index 774887887..261342b03 100644
+index ffcdae249..edd53ca7f 100644
 --- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
 +++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
-@@ -60,7 +60,7 @@ references:
+@@ -61,7 +61,7 @@ references:
      stigid@ol7: OL07-00-030000
      stigid@ol8: OL08-00-030181
      stigid@rhel7: RHEL-07-030000
@@ -15494,7 +16053,7 @@ index 774887887..261342b03 100644
 +    stigid@almalinux8: RHEL-08-030181
      stigid@sle12: SLES-12-020010
      stigid@sle15: SLES-15-030050
-     vmmsrg: SRG-OS-000037-VMM-000150,SRG-OS-000063-VMM-000310,SRG-OS-000038-VMM-000160,SRG-OS-000039-VMM-000170,SRG-OS-000040-VMM-000180,SRG-OS-000041-VMM-000190
+ 
 diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
 index d6bfc02f3..98c11ac6f 100644
 --- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
@@ -15543,7 +16102,7 @@ index c4213caf8..c422634f2 100644
  # Break the argument in kernel command line in /boot/grub2/grubenv
  file="/boot/grub2/grubenv"
 diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
-index c455abcfd..4e082df3e 100644
+index 70251f709..aa50620ba 100644
 --- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
 @@ -1,6 +1,6 @@
@@ -15554,7 +16113,7 @@ index c455abcfd..4e082df3e 100644
  
  title: 'Enable Kernel Page-Table Isolation (KPTI)'
  
-@@ -27,7 +27,7 @@ references:
+@@ -28,7 +28,7 @@ references:
      nist: SI-16
      srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049
      stigid@ol8: OL08-00-040004
@@ -15585,19 +16144,19 @@ index 9a0f0d212..4fc19b1de 100644
  ocil_clause: 'vsyscalls are enabled'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
-index 2ee32d03d..391352701 100644
+index d0bdf2523..426907be8 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml
-index 6a9cb33f7..d32c228b7 100644
+index b7557c41f..c53d44c08 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_user_cfg/rule.yml
 @@ -1,6 +1,6 @@
@@ -15609,19 +16168,19 @@ index 6a9cb33f7..d32c228b7 100644
  title: 'Verify {{{ grub2_boot_path }}}/user.cfg Group Ownership'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
-index 5bf4ae355..12bd1974a 100644
+index 2ef41b1c5..68a2f15e1 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml
-index ca2bc1ec8..bcb9897d9 100644
+index 5df579a97..7d532af01 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_user_cfg/rule.yml
 @@ -1,6 +1,6 @@
@@ -15633,19 +16192,19 @@ index ca2bc1ec8..bcb9897d9 100644
  title: 'Verify {{{ grub2_boot_path }}}/user.cfg User Ownership'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
-index 491718273..d6172921f 100644
+index 10fe57233..da14963a0 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml
-index 7a23d0885..93a3cf5e7 100644
+index 8de6ef356..216ecd5a3 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_user_cfg/rule.yml
 @@ -1,6 +1,6 @@
@@ -15657,7 +16216,7 @@ index 7a23d0885..93a3cf5e7 100644
  title: 'Verify {{{ grub2_boot_path }}}/user.cfg Permissions'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
-index 4def1608b..0cc75f0b8 100644
+index 05e2deae0..f1cc2932f 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
 @@ -1,6 +1,6 @@
@@ -15690,31 +16249,31 @@ index fe06e5afc..1eb0615a4 100644
  title: 'Boot Loader Is Not Installed On Removeable Media'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
-index 5260666c2..210a1dbaf 100644
+index f5b957e88..b678a4e70 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml
 @@ -3,7 +3,7 @@
      {{{ oval_metadata("The grub2 boot loader should have password protection enabled.") }}}
  
      
--      {{% if product in ["ol7","ol8", "rhel8"] %}}
-+      {{% if product in ["ol7","ol8", "rhel8", "almalinux8"] %}}
+-      {{% if product in ["ol7", "ol8", "ol9", "rhel8"] %}}
++      {{% if product in ["ol7", "ol8", "ol9", "rhel8", "almalinux8"] %}}
        
        {{% else %}}
        
 diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
-index 9acb58b33..62454ce21 100644
+index 03031cd11..4bf9edefc 100644
 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Set Boot Loader Password in grub2'
  
-@@ -71,7 +71,7 @@ references:
+@@ -72,7 +72,7 @@ references:
      stigid@ol7: OL07-00-010482
      stigid@ol8: OL08-00-010150
      stigid@rhel7: RHEL-07-010482
@@ -15724,19 +16283,19 @@ index 9acb58b33..62454ce21 100644
      stigid@sle15: SLES-15-010190
      stigid@ubuntu2004: UBTU-20-010009
 diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
-index 9ff70429d..bd6c5be94 100644
+index 8a10defce..fe273c155 100644
 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
  
  title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml
-index 32ccd5de1..31efa6830 100644
+index 1fa0facd5..a17809216 100644
 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_user_cfg/rule.yml
 @@ -1,6 +1,6 @@
@@ -15748,14 +16307,14 @@ index 32ccd5de1..31efa6830 100644
  title: 'Verify {{{ grub2_uefi_boot_path }}}/user.cfg Group Ownership'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
-index 2e51fbb41..60dd27444 100644
+index 9f5bb2745..d5148b20f 100644
 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
  
  title: 'Verify the UEFI Boot Loader grub.cfg User Ownership'
  
@@ -15772,19 +16331,19 @@ index 104fa81e8..d68cbb603 100644
  title: 'Verify {{{ grub2_uefi_boot_path }}}/user.cfg User Ownership'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
-index 3a23fbac6..db366caed 100644
+index ee5bdcaf8..a7bbd206a 100644
 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
  
  
  title: 'Verify the UEFI Boot Loader grub.cfg Permissions'
 diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml
-index 9fe66afd0..ba684baca 100644
+index bfea4e047..8945ecc7d 100644
 --- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_user_cfg/rule.yml
 @@ -1,6 +1,6 @@
@@ -15817,18 +16376,18 @@ index a277f209f..2ee2ac744 100644
  ocil_clause: 'superuser account is not set or is set to an existing name or to a common name'
  
 diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
-index 47c92fd24..b717f4128 100644
+index cdaa2b573..6feeaf9c8 100644
 --- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
 +++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Set the UEFI Boot Loader Password'
  
-@@ -71,7 +71,7 @@ references:
+@@ -72,7 +72,7 @@ references:
      stigid@ol7: OL07-00-010491
      stigid@ol8: OL08-00-010140
      stigid@rhel7: RHEL-07-010491
@@ -16153,7 +16712,7 @@ index 9d645c887..9ef0b3feb 100644
  title: 'Disable vsyscalls in zIPL'
  
 diff --git a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml
-index 0eec9c5b7..fc9b014b0 100644
+index ef617d152..c3b3e1137 100644
 --- a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_latent_entropy/rule.yml
 @@ -1,6 +1,6 @@
@@ -16165,7 +16724,7 @@ index 0eec9c5b7..fc9b014b0 100644
  title: 'Generate some entropy during boot and runtime'
  
 diff --git a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml
-index 49a147518..a3f2d4cab 100644
+index 6a19eb78d..2a548404c 100644
 --- a/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/gcc_plugin/kernel_config_gcc_plugin_structleak/rule.yml
 @@ -1,6 +1,6 @@
@@ -16177,7 +16736,7 @@ index 49a147518..a3f2d4cab 100644
  title: 'Force initialization of variables containing userspace addresses'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml
-index 58e688458..c80f384e8 100644
+index 8ca4e0962..0ec72b5f7 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_arm64_sw_ttbr0_pan/rule.yml
 @@ -1,6 +1,6 @@
@@ -16189,7 +16748,7 @@ index 58e688458..c80f384e8 100644
  title: 'Emulate Privileged Access Never (PAN)'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml
-index 33e0ef488..68761ac11 100644
+index 7c85b7efe..83fd24802 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_bug_on_data_corruption/rule.yml
 @@ -1,6 +1,6 @@
@@ -16201,7 +16760,7 @@ index 33e0ef488..68761ac11 100644
  title: 'Trigger a kernel BUG when data corruption is detected'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml
-index 96344b8b7..a51914177 100644
+index e09a87043..c5e90c8a9 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_debug_wx/rule.yml
 @@ -1,6 +1,6 @@
@@ -16213,7 +16772,7 @@ index 96344b8b7..a51914177 100644
  title: 'Warn on W+X mappings found at boot'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml
-index d9ba9ef4d..89e1d047f 100644
+index b380e43cf..b54ef5778 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_fortify_source/rule.yml
 @@ -1,6 +1,6 @@
@@ -16225,7 +16784,7 @@ index d9ba9ef4d..89e1d047f 100644
  title: 'Harden common str/mem functions against buffer overflows'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml
-index 41bc3b9b7..525bcab0e 100644
+index 0fd7014cc..9a165fa88 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy/rule.yml
 @@ -1,6 +1,6 @@
@@ -16237,7 +16796,7 @@ index 41bc3b9b7..525bcab0e 100644
  title: 'Harden memory copies between kernel and userspace'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml
-index f0437d60f..1cc90682b 100644
+index 785d3d9c2..d6be520e9 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_hardened_usercopy_fallback/rule.yml
 @@ -1,6 +1,6 @@
@@ -16249,7 +16808,7 @@ index f0437d60f..1cc90682b 100644
  title: 'Do not allow usercopy whitelist violations to fallback to object size'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml
-index af38cc1c0..be425b634 100644
+index a88d80076..74e388a85 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_emulate/rule.yml
 @@ -1,6 +1,6 @@
@@ -16261,7 +16820,7 @@ index af38cc1c0..be425b634 100644
  title: 'Disable vsyscall emulation'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml
-index fa2b3b6dc..26b18817c 100644
+index 7976cd56c..f8b3f1116 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_legacy_vsyscall_none/rule.yml
 @@ -1,6 +1,6 @@
@@ -16273,7 +16832,7 @@ index fa2b3b6dc..26b18817c 100644
  title: 'Disable vsyscall mapping'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml
-index ab30078a6..ccfa740a1 100644
+index 35f88e89d..4b9cf3804 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_modify_ldt_syscall/rule.yml
 @@ -1,6 +1,6 @@
@@ -16285,7 +16844,7 @@ index ab30078a6..ccfa740a1 100644
  title: 'Disable the LDT (local descriptor table)'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml
-index 016c1e2cf..0b58b5b3e 100644
+index db2575974..99a7b6d5e 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_page_poisoning/rule.yml
 @@ -1,6 +1,6 @@
@@ -16297,7 +16856,7 @@ index 016c1e2cf..0b58b5b3e 100644
  title: 'Enable poison of pages after freeing'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml
-index 8868e1738..145a15f84 100644
+index 6b0fb3a20..a4160c8b5 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_refcount_full/rule.yml
 @@ -1,6 +1,6 @@
@@ -16309,7 +16868,7 @@ index 8868e1738..145a15f84 100644
  title: 'Perform full reference count validation'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml
-index 6a891f41a..3b0dcd26c 100644
+index 2753a98ec..baf9f6f5e 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_sched_stack_end_check/rule.yml
 @@ -1,6 +1,6 @@
@@ -16321,7 +16880,7 @@ index 6a891f41a..3b0dcd26c 100644
  title: 'Detect stack corruption on calls to schedule()'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml
-index 53c970470..c05bb000c 100644
+index 78b5db286..bdf63631e 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_hardened/rule.yml
 @@ -1,6 +1,6 @@
@@ -16333,7 +16892,7 @@ index 53c970470..c05bb000c 100644
  title: 'Harden slab freelist metadata'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml
-index 6813ea28f..604e7d423 100644
+index 5c93226b1..9b6116b61 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_slab_freelist_random/rule.yml
 @@ -1,6 +1,6 @@
@@ -16345,7 +16904,7 @@ index 6813ea28f..604e7d423 100644
  title: 'Randomize slab freelist'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml
-index 7518f1d0c..efc9beb81 100644
+index 3dd3de678..07b6e2ae0 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_slab_merge_default/rule.yml
 @@ -1,6 +1,6 @@
@@ -16357,7 +16916,7 @@ index 7518f1d0c..efc9beb81 100644
  title: 'Disallow merge of slab caches'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml
-index 50ef83cc8..94ec19498 100644
+index ce52a1198..e317a0dcd 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector/rule.yml
 @@ -1,6 +1,6 @@
@@ -16369,7 +16928,7 @@ index 50ef83cc8..94ec19498 100644
  title: 'Stack Protector buffer overlow detection'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml
-index b9c47058a..eee2e838b 100644
+index 87e6828d1..20b300249 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_stackprotector_strong/rule.yml
 @@ -1,6 +1,6 @@
@@ -16381,7 +16940,7 @@ index b9c47058a..eee2e838b 100644
  title: 'Strong Stack Protector'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml
-index 1ff97ebfc..e7c37503b 100644
+index a585ee932..7777de305 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_strict_kernel_rwx/rule.yml
 @@ -1,6 +1,6 @@
@@ -16393,7 +16952,7 @@ index 1ff97ebfc..e7c37503b 100644
  title: 'Make the kernel text and rodata read-only'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml
-index 6a6fdb043..6762a33c6 100644
+index 2c34a6816..e950b5fc9 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_strict_module_rwx/rule.yml
 @@ -1,6 +1,6 @@
@@ -16405,7 +16964,7 @@ index 6a6fdb043..6762a33c6 100644
  title: 'Make the module text and rodata read-only'
  
 diff --git a/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml b/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml
-index a406bbe45..32a1c836e 100644
+index 0f575cad3..c2430c4ea 100644
 --- a/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml
 +++ b/linux_os/guide/system/kernel_build_config/kernel_config_vmap_stack/rule.yml
 @@ -1,6 +1,6 @@
@@ -16542,6 +17101,18 @@ index ba1095929..400ae7b76 100644
  
  ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls'
  
+diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml
+index 76f0e4b38..478fcb3b3 100644
+--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml
++++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_logging_configured/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,sle12,sle15
++prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+ 
+ title: 'Ensure logging is configured'
+ 
 diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
 index bea5ed470..e4f16f70c 100644
 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
@@ -16564,43 +17135,67 @@ index bea5ed470..e4f16f70c 100644
  
  ocil_clause: 'remote access methods are not logging to rsyslog'
 diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
-index 040db3d99..18709e3c3 100644
+index 1d7cf6b6f..2bb036475 100644
 --- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml
 +++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204
-+prodtype: alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: Ensure journald is configured to compress large log files
  
 diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
-index 4586e0dde..e1b88901b 100644
+index 602e2601a..b3acb23b5 100644
 --- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
 +++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15
-+prodtype: alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+-prodtype: alinux3,anolis23,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
++prodtype: alinux3,anolis23,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
  
  title: Ensure journald is configured to send logs to rsyslog
  
 diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
-index 91cbbb694..81b1a5d46 100644
+index b4348b10b..3a4032efb 100644
 --- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml
 +++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204
-+prodtype: alinux3,anolis8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: Ensure journald is configured to write log files to persistent disk
  
+diff --git a/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml b/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml
+index 859859c7f..9e9281ab8 100644
+--- a/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml
++++ b/linux_os/guide/system/logging/journald/package_systemd-journal-remote_installed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel8,ubuntu2204
++prodtype: rhel8,almalinux8,ubuntu2204
+ 
+ title: 'Install systemd-journal-remote Package'
+ 
+diff --git a/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml b/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml
+index 8510c91a5..1c59fb9df 100644
+--- a/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml
++++ b/linux_os/guide/system/logging/journald/socket_systemd-journal-remote_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,rhel8,rhel9,ubuntu2204
++prodtype: fedora,rhel8,almalinux8,rhel9,ubuntu2204
+ 
+ title: 'Disable systemd-journal-remote Socket'
+ 
 diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
-index 859ea93ee..9b9ea07f7 100644
+index 892523fc4..9fbba1ccb 100644
 --- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
 +++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
 @@ -1,5 +1,5 @@
@@ -16611,7 +17206,7 @@ index 859ea93ee..9b9ea07f7 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
-index fe112b716..cfba6c177 100644
+index 0abe60b2d..5dbfb1bc3 100644
 --- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
 +++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -16619,10 +17214,10 @@ index fe112b716..cfba6c177 100644
  
 -prodtype: fedora,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15
 +prodtype: fedora,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
- 
  title: 'Ensure rsyslog-gnutls is installed'
  
-@@ -27,7 +27,7 @@ references:
+ description: |-
+@@ -31,7 +31,7 @@ references:
      ospp: FTP_ITC_EXT.1.1
      srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
      stigid@ol8: OL08-00-030680
@@ -16632,10 +17227,10 @@ index fe112b716..cfba6c177 100644
  ocil_clause: 'the package is not installed'
  
 diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
-index e49c00bdb..28b7a52c5 100644
+index 70b97b107..0060678e1 100644
 --- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
 +++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
-@@ -40,7 +40,7 @@ references:
+@@ -39,7 +39,7 @@ references:
      ospp: FTP_ITC_EXT.1.1
      srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024,SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-030670
@@ -16645,39 +17240,51 @@ index e49c00bdb..28b7a52c5 100644
  ocil_clause: 'the package is not installed'
  
 diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
-index 7eafd1ec2..53ae2a399 100644
+index 1ff4d159c..f956b132f 100644
 --- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
 +++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
  
  title: 'Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server'
  
+diff --git a/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml b/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml
+index f37af583d..9393c0a64 100644
+--- a/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml
++++ b/linux_os/guide/system/logging/rsyslog_filecreatemode/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
++prodtype: rhel7,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204
+ 
+ title: 'Ensure rsyslog Default File Permissions Configured'
+ 
 diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
-index 45825e0e9..fd9b17d97 100644
+index f42709ef5..8b35da68b 100644
 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
 +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_ol
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
-index b80e47d30..35dc00501 100644
+index f2019bb9a..a12ceb5c1 100644
 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
 +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("rsyslog_remote_loghost_address") }}}
  
 diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
-index 54485dffc..8e9b31ab4 100644
+index 99af538e9..4ee7be2ae 100644
 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
 +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
 @@ -69,7 +69,7 @@ references:
@@ -16688,7 +17295,7 @@ index 54485dffc..8e9b31ab4 100644
 +    stigid@almalinux8: RHEL-08-030690
      stigid@sle12: SLES-12-030340
      stigid@sle15: SLES-15-010580
-     vmmsrg: SRG-OS-000032-VMM-000130
+ 
 diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
 index d6e2b2564..323d3ffaa 100644
 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/ansible/shared.yml
@@ -16722,7 +17329,7 @@ index 86c0988cf..0aef0d4dc 100644
  title: 'Configure TLS for rsyslog remote logging'
  
 diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
-index 618c6c43d..f8506a338 100644
+index 1030537bd..12ca07bfb 100644
 --- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
 +++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
 @@ -1,6 +1,6 @@
@@ -16734,10 +17341,10 @@ index 618c6c43d..f8506a338 100644
  title: 'Configure CA certificate for rsyslog remote logging'
  
 diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
-index 429a2324a..a28f5a40e 100644
+index 5dcdc7fb5..570a06d68 100644
 --- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
 +++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
-@@ -41,7 +41,7 @@ references:
+@@ -40,7 +40,7 @@ references:
      nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.DS-4,PR.PT-1
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-010561
@@ -16747,7 +17354,7 @@ index 429a2324a..a28f5a40e 100644
  
  ocil_clause: '{{{ ocil_clause_service_enabled(service="rsyslog") }}}'
 diff --git a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
-index 3bfa85008..1ab86a090 100644
+index cdf4f0eff..ba602d12a 100644
 --- a/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
 +++ b/linux_os/guide/system/network/network-firewalld/firewalld-backend/rule.yml
 @@ -1,6 +1,6 @@
@@ -16758,7 +17365,7 @@ index 3bfa85008..1ab86a090 100644
  
  title: 'Configure Firewalld to Use the Nftables Backend'
  
-@@ -24,7 +24,7 @@ references:
+@@ -26,7 +26,7 @@ references:
      nist: SC-5
      srg: SRG-OS-000420-GPOS-00186
      stigid@ol8: OL08-00-040150
@@ -16768,14 +17375,14 @@ index 3bfa85008..1ab86a090 100644
  ocil_clause: 'the "nftables" is not set as the "firewallbackend"'
  
 diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
-index 2b6853afd..654eaf7bd 100644
+index fd1fe1494..f775c6942 100644
 --- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
 +++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
-+prodtype: alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
  
  title: 'Install firewalld Package'
  
@@ -16789,18 +17396,18 @@ index 2b6853afd..654eaf7bd 100644
  
  ocil_clause: 'the package is not installed'
 diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
-index cd2259434..5c81f3f97 100644
+index 52bc3288f..f2598e60b 100644
 --- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
 +++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Verify firewalld Enabled'
  
-@@ -44,7 +44,7 @@ references:
+@@ -47,7 +47,7 @@ references:
      stigid@ol7: OL07-00-040520
      stigid@ol8: OL08-00-040101
      stigid@rhel7: RHEL-07-040520
@@ -16810,7 +17417,7 @@ index cd2259434..5c81f3f97 100644
  
  ocil_clause: '{{{ ocil_clause_service_enabled("firewalld") }}}'
 diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
-index 5075f1e7e..37b52d4d7 100644
+index 18e51cc42..7cd879662 100644
 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
 +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
 @@ -1,6 +1,6 @@
@@ -16827,9 +17434,9 @@ index 5075f1e7e..37b52d4d7 100644
      stigid@rhel7: RHEL-07-040100
 -    stigid@rhel8: RHEL-08-040030
 +    stigid@almalinux8: RHEL-08-040030
-     vmmsrg: SRG-OS-000096-VMM-000490,SRG-OS-000480-VMM-002000
  
  ocil_clause: 'there are additional ports, protocols, or services that are not in the PPSM CLSA, or there are ports, protocols, or services that are prohibited by the PPSM Category Assurance List (CAL), or there are no firewall rules configured'
+ 
 diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
 index 787eb6976..b507337f8 100644
 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
@@ -16841,18 +17448,18 @@ index 787eb6976..b507337f8 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
-index b92f6f56d..604d45c9a 100644
+index 2c0820d66..6b057d39e 100644
 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
 +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configured_firewalld_default_deny/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: rhel8,rhel9
-+prodtype: rhel8,almalinux8,rhel9
+-prodtype: alinux2,ol8,ol9,rhel8,rhel9
++prodtype: alinux2,ol8,ol9,rhel8,almalinux8,rhel9
  
  title: 'Firewalld Must Employ a Deny-all, Allow-by-exception Policy for Allowing Connections to Other Systems'
  
-@@ -24,7 +24,7 @@ references:
+@@ -25,7 +25,7 @@ references:
      nist: AC-17 (1)
      srg: SRG-OS-000297-GPOS-00115
      stigid@ol8: OL08-00-040090
@@ -16862,19 +17469,31 @@ index b92f6f56d..604d45c9a 100644
  ocil_clause: 'no zones are active on the interfaces or if the target is set to a different option other than "DROP"'
  
 diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
-index 96215be8c..69a680b4a 100644
+index d7cd7bc83..105144ee0 100644
 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
 +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
-+prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
+-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15
++prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
  
  title: 'Set Default firewalld Zone for Incoming Packets'
  
+diff --git a/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml
+index 555ce3099..c88a9bdb5 100644
+--- a/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml
++++ b/linux_os/guide/system/network/network-firewalld/set_firewalld_appropriate_zone/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,sle15
++prodtype: rhel7,rhel8,almalinux8,sle15
+ 
+ title: 'Ensure network interfaces are assigned to appropriate zone'
+ 
 diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
-index 707eb3ba5..34bbdd9a2 100644
+index 995b046df..a7b7cc3d9 100644
 --- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
 +++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
 @@ -1,6 +1,6 @@
@@ -16886,19 +17505,65 @@ index 707eb3ba5..34bbdd9a2 100644
  title: 'Verify Any Configured IPSec Tunnel Connections'
  
 diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
-index 24cea91a8..fd8f68cde 100644
+index 9427aee63..e051434d0 100644
 --- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
 +++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
  
  title: 'Install libreswan Package'
  
+diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/rule.yml
+index 777c9d974..7e36d746a 100644
+--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/rule.yml
++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,ubuntu2204
++prodtype: rhel7,rhel8,almalinux8,ubuntu2204
+ 
+ title: 'Ensure ip6tables Firewall Rules Exist for All Open Ports'
+ 
+diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
+index ccfb8db79..e41d9c2d8 100644
+--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/ip6tables_rules_for_open_ports/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+ 
+ result=$XCCDF_RESULT_PASS
+diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/rule.yml b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/rule.yml
+index ccb144f33..7a3ba975d 100644
+--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/rule.yml
++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,ubuntu2204
++prodtype: rhel7,rhel8,almalinux8,ubuntu2204
+ 
+ title: 'Ensure iptables Firewall Rules Exist for All Open Ports'
+ 
+diff --git a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
+index b2a8e350c..e97d0f4a5 100644
+--- a/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
++++ b/linux_os/guide/system/network/network-iptables/iptables_ruleset_modifications/iptables_rules_for_open_ports/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+ 
+ result=$XCCDF_RESULT_PASS
 diff --git a/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml
-index f21ba1609..8cc1704f8 100644
+index 74fef1fa9..e0fca8171 100644
 --- a/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml
 +++ b/linux_os/guide/system/network/network-iptables/package_iptables-services_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -16909,8 +17574,20 @@ index f21ba1609..8cc1704f8 100644
  
  title: 'Install iptables-services Package'
  
+diff --git a/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml
+index 291cf5694..ec7537abf 100644
+--- a/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml
++++ b/linux_os/guide/system/network/network-iptables/package_iptables-services_removed/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8
++prodtype: rhel7,rhel8,almalinux8
+ 
+ title: 'Remove iptables-services Package'
+ 
 diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
-index 4b899abf3..d0e295a92 100644
+index 655d66d0a..6e6c15943 100644
 --- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
 +++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -16919,7 +17596,7 @@ index 4b899abf3..d0e295a92 100644
 -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
- title: 'Install iptables Package'
+ platform: machine and not rhcos4-rhel9
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml
 index 23dfed41d..e90a8c6af 100644
@@ -16979,18 +17656,18 @@ index 87306fedb..88e2884bc 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
-index 948151483..6a1f236cf 100644
+index f9728d7dc..eab3789e7 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces'
  
-@@ -39,7 +39,7 @@ references:
+@@ -40,7 +40,7 @@ references:
      nist-csf: PR.IP-1,PR.PT-3
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040261
@@ -17000,7 +17677,7 @@ index 948151483..6a1f236cf 100644
  {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}}
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
-index b10be0ff2..603da231d 100644
+index 1d1d0c692..e825870ae 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
 @@ -1,6 +1,6 @@
@@ -17012,7 +17689,7 @@ index b10be0ff2..603da231d 100644
  title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
-index b03379b67..df21a9498 100644
+index d61211712..aa03e52e2 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
 @@ -1,6 +1,6 @@
@@ -17024,7 +17701,7 @@ index b03379b67..df21a9498 100644
  title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
-index dd8c7c884..49282197d 100644
+index 6cfdfe692..ffecc80c7 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
 @@ -1,6 +1,6 @@
@@ -17047,18 +17724,18 @@ index 8792fc668..2c7c4b025 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
-index ae79bcbe8..8e8d33bed 100644
+index 2d8036595..f562e29d1 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces'
  
-@@ -40,7 +40,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      nist-csf: PR.IP-1,PR.PT-3
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040280
@@ -17079,18 +17756,18 @@ index e222b1c88..85b92ce90 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
-index 92d5ddb81..a028c53f6 100644
+index 834c8c2c1..bf8edca1e 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces'
  
-@@ -50,7 +50,7 @@ references:
+@@ -51,7 +51,7 @@ references:
      stigid@ol7: OL07-00-040830
      stigid@ol8: OL08-00-040240
      stigid@rhel7: RHEL-07-040830
@@ -17100,7 +17777,7 @@ index 92d5ddb81..a028c53f6 100644
      stigid@sle15: SLES-15-040310
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
-index f2bf2f038..df6fa58b4 100644
+index eb1264282..94093f853 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
 @@ -1,6 +1,6 @@
@@ -17112,14 +17789,14 @@ index f2bf2f038..df6fa58b4 100644
  title: Configure Auto Configuration on All IPv6 Interfaces
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
-index 2629d9322..6f85c132d 100644
+index 7373f9a7d..0e7192238 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for IPv6 Forwarding'
  
@@ -17133,7 +17810,7 @@ index 2629d9322..6f85c132d 100644
      stigid@sle15: SLES-15-040381
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
-index 424a0b2c0..6cfd8111e 100644
+index 5323d1473..571dc0ad2 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
 @@ -1,6 +1,6 @@
@@ -17168,18 +17845,18 @@ index 4ed2c480c..f59b6d7c3 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
-index ee39a00ca..1992e1209 100644
+index 68083fac1..6122a3838 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default'
  
-@@ -39,7 +39,7 @@ references:
+@@ -40,7 +40,7 @@ references:
      nist-csf: PR.IP-1,PR.PT-3
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040262
@@ -17189,7 +17866,7 @@ index ee39a00ca..1992e1209 100644
  {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}}
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
-index 34f8d0d2a..adc21921d 100644
+index e5b1d3405..641cc00f6 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
 @@ -1,6 +1,6 @@
@@ -17201,7 +17878,7 @@ index 34f8d0d2a..adc21921d 100644
  title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
-index 2ebd8ca45..7de504f57 100644
+index 561bf545a..d68230e4f 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
 @@ -1,6 +1,6 @@
@@ -17213,7 +17890,7 @@ index 2ebd8ca45..7de504f57 100644
  title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
-index 8add0b633..5d0468a3f 100644
+index 67e3ac551..f1a53f465 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
 @@ -1,6 +1,6 @@
@@ -17236,18 +17913,18 @@ index 845b013ed..063776b85 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
-index 98f2787a6..f0472128c 100644
+index 1fa3ff038..fc4d6d718 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces'
  
-@@ -42,7 +42,7 @@ references:
+@@ -43,7 +43,7 @@ references:
      nist@sle15: CM-6(b),CM-6.1(iv)
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040210
@@ -17268,18 +17945,18 @@ index e2951d845..0335df123 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
-index bf84b2f7a..c671d7198 100644
+index 6f29e358d..5cd193854 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default'
  
-@@ -49,7 +49,7 @@ references:
+@@ -50,7 +50,7 @@ references:
      pcidss: Req-1.4.3
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040250
@@ -17289,7 +17966,7 @@ index bf84b2f7a..c671d7198 100644
      stigid@sle15: SLES-15-040321
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
-index f25bf50e2..1ffd6163c 100644
+index 0362586d3..67cb4caf9 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
 @@ -1,6 +1,6 @@
@@ -17301,7 +17978,7 @@ index f25bf50e2..1ffd6163c 100644
  title: Configure Auto Configuration on All IPv6 Interfaces By Default
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
-index 089a68d3c..924230bd2 100644
+index 145dd2df5..20e1a40a5 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
 @@ -1,6 +1,6 @@
@@ -17313,7 +17990,7 @@ index 089a68d3c..924230bd2 100644
  title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default
  
 diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
-index 623294f9f..b0ab2697d 100644
+index b46af1bf7..cfc157a90 100644
 --- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
 @@ -1,6 +1,6 @@
@@ -17325,7 +18002,7 @@ index 623294f9f..b0ab2697d 100644
  title: 'Configure Denying Router Solicitations on All IPv6 Interfaces By Default'
  
 diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
-index 7333c6a6d..2e006d567 100644
+index 284850ced..488499f22 100644
 --- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
 +++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
 @@ -1,6 +1,6 @@
@@ -17414,18 +18091,18 @@ index 6bb6de134..1f0664a02 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
-index 8756e21dc..eadbfdf92 100644
+index 643403856..aca51e29a 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces'
  
-@@ -50,7 +50,7 @@ references:
+@@ -51,7 +51,7 @@ references:
      stigid@ol7: OL07-00-040641
      stigid@ol8: OL08-00-040279
      stigid@rhel7: RHEL-07-040641
@@ -17446,18 +18123,18 @@ index b3d72bb4a..b89b8a35a 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
-index 2ccc27899..896712650 100644
+index 2620e4288..21d64b193 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces'
  
-@@ -51,7 +51,7 @@ references:
+@@ -52,7 +52,7 @@ references:
      stigid@ol7: OL07-00-040610
      stigid@ol8: OL08-00-040239
      stigid@rhel7: RHEL-07-040610
@@ -17467,14 +18144,14 @@ index 2ccc27899..896712650 100644
      stigid@sle15: SLES-15-040300
  
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml
-index 55a35774c..5ca39bda7 100644
+index 977a5770b..175a4cc65 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_drop_gratuitous_arp/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,rhel8,rhel9
-+prodtype: fedora,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol8,ol9,rhel8,rhel9
++prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9
  
  title: 'Drop Gratuitious ARP frames on All IPv4 Interfaces'
  
@@ -17511,14 +18188,14 @@ index 70e767cc4..fbe1a27a2 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
-index 9d84eab4d..badedb833 100644
+index 11dc1ce81..c55b3d4f0 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces'
  
@@ -17534,18 +18211,18 @@ index c64da37a3..08535e5a1 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
-index e3b2b18f0..9d1c09e02 100644
+index 3a4507eff..c9463daec 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces'
  
-@@ -48,7 +48,7 @@ references:
+@@ -49,7 +49,7 @@ references:
      stigid@ol7: OL07-00-040611
      stigid@ol8: OL08-00-040285
      stigid@rhel7: RHEL-07-040611
@@ -17588,14 +18265,14 @@ index 8b075d55e..0dd17a34b 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
-index 849ae47b1..7b2fa5a0a 100644
+index 092fd29ce..55f20369d 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces'
  
@@ -17611,18 +18288,18 @@ index 2bfbd9e46..8ea37100a 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
-index 7bcccbb1f..6e4cda09a 100644
+index 4184bfc83..a27a22828 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces'
  
-@@ -50,7 +50,7 @@ references:
+@@ -51,7 +51,7 @@ references:
      stigid@ol7: OL07-00-040640
      stigid@ol8: OL08-00-040209
      stigid@rhel7: RHEL-07-040640
@@ -17643,18 +18320,18 @@ index aa7d1562b..08668d03c 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
-index 9a54bbc13..cd302caa3 100644
+index 0de834a15..f4a8c8a41 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default'
  
-@@ -52,7 +52,7 @@ references:
+@@ -53,7 +53,7 @@ references:
      stigid@ol7: OL07-00-040620
      stigid@ol8: OL08-00-040249
      stigid@rhel7: RHEL-07-040620
@@ -17675,14 +18352,14 @@ index 3a60ab17c..728ddb817 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
-index 6fa5a7340..417a0ef26 100644
+index 84b4b78e7..67fc4f72e 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default'
  
@@ -17698,14 +18375,14 @@ index b6e53de36..0b652c7cf 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
-index b688a15db..100805948 100644
+index 2de023866..63f521295 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default'
  
@@ -17721,14 +18398,14 @@ index aeb67c4e0..f47a8ab67 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
-index 90ef90f2a..ae26dd331 100644
+index 363dcf7d4..6eb7362bb 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default'
  
@@ -17744,18 +18421,18 @@ index 52d74441b..08c8c256d 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
-index 5b12a1b34..5de3f2c04 100644
+index 6aa5a30a5..4b2254ad2 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces'
  
-@@ -49,7 +49,7 @@ references:
+@@ -50,7 +50,7 @@ references:
      stigid@ol7: OL07-00-040630
      stigid@ol8: OL08-00-040230
      stigid@rhel7: RHEL-07-040630
@@ -17776,14 +18453,14 @@ index 9e3a85af9..d4f4d31cb 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
-index a5fb5f4b9..c94a0fc3f 100644
+index 5e9c18bcb..598d94611 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces'
  
@@ -17800,14 +18477,14 @@ index e5bb48138..c85832264 100644
  title: 'Set Kernel Parameter to Increase Local Port Range'
  
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
-index 3104be903..47783f4a9 100644
+index 59462471b..36daa50fa 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
-+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
+-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle15
++prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
  
  title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments'
  
@@ -17835,14 +18512,14 @@ index 0c8dae788..a26df0c5a 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
-index 31e76dd05..e3d0b1a8e 100644
+index 0b4f36272..1eb8bb91b 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces'
  
@@ -17858,18 +18535,18 @@ index ea1db12fe..5d8b19f68 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
-index 5c4347b97..a2d44c7f8 100644
+index 3bdc1dfea..1009ab2a0 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces'
  
-@@ -49,7 +49,7 @@ references:
+@@ -51,7 +51,7 @@ references:
      stigid@ol7: OL07-00-040660
      stigid@ol8: OL08-00-040220
      stigid@rhel7: RHEL-07-040660
@@ -17890,18 +18567,18 @@ index b54e3d12b..125464d7a 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
-index fc30851a2..a7943d2bf 100644
+index d456a9de6..083a9d033 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default'
  
-@@ -49,7 +49,7 @@ references:
+@@ -50,7 +50,7 @@ references:
      stigid@ol7: OL07-00-040650
      stigid@ol8: OL08-00-040270
      stigid@rhel7: RHEL-07-040650
@@ -17911,29 +18588,76 @@ index fc30851a2..a7943d2bf 100644
      stigid@sle15: SLES-15-040360
  
 diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
-index 55b91f12d..ec716bd8a 100644
+index 3b4f06fef..5e5d0d4cc 100644
 --- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
 +++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces'
  
 diff --git a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
-index b3b75c819..5eef0f0da 100644
+index bce0bf37f..11326b3da 100644
 --- a/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
 +++ b/linux_os/guide/system/network/network-nftables/package_nftables_installed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: rhel8,rhel9,sle15,ubuntu2004,ubuntu2204
-+prodtype: rhel8,almalinux8,rhel9,sle15,ubuntu2004,ubuntu2204
+-prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004,ubuntu2204
++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004,ubuntu2204
  
  title: 'Install nftables Package'
  
+diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
+index 983065df5..3dd2c6f15 100644
+--- a/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
++++ b/linux_os/guide/system/network/network-nftables/service_nftables_disabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: alinux3,fedora,rhel7,rhel8,rhel9,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004,ubuntu2204
+ 
+ title: 'Verify nftables Service is Disabled'
+ 
+diff --git a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml
+index 5be921e29..5f89841b4 100644
+--- a/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml
++++ b/linux_os/guide/system/network/network-nftables/service_nftables_enabled/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,sle15,ubuntu2004,ubuntu2204
++prodtype: rhel7,rhel8,almalinux8,sle15,ubuntu2004,ubuntu2204
+ 
+ title: 'Verify nftables Service is Enabled'
+ 
+diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml b/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml
+index 7dc9a9212..ef93ad06a 100644
+--- a/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml
++++ b/linux_os/guide/system/network/network-nftables/set_nftables_table/rule.yml
+@@ -1,6 +1,6 @@
+ documentation_complete: true
+ 
+-prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004,ubuntu2204
++prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004,ubuntu2204
+ 
+ title: 'Ensure a Table Exists for Nftables'
+ 
+diff --git a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
+index 89d344c4f..1a926adaa 100644
+--- a/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
++++ b/linux_os/guide/system/network/network-nftables/set_nftables_table/sce/shared.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+ # check-import = stdout
+ 
+ tbl_output=$(nft list tables | grep inet)
 diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
 index f995e2795..e1d8819ce 100644
 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
@@ -17977,14 +18701,14 @@ index 420485c11..0a36c302c 100644
  {{{ complete_ocil_entry_module_disable(module="can") }}}
  
 diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
-index 8ca0279e9..dedd22909 100644
+index 2f556b8ec..1d86a360e 100644
 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
 +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable DCCP Support'
  
@@ -18021,19 +18745,19 @@ index 0522abc15..1109e3ccb 100644
  {{{ complete_ocil_entry_module_disable(module="firewire-core") }}}
  
 diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
-index 58260bba6..6a4b1daaa 100644
+index 0da8cd9fe..96365ae00 100644
 --- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
 +++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable SCTP Support'
  
-@@ -47,7 +47,7 @@ references:
-     pcidss: Req-1.4.2
+@@ -48,7 +48,7 @@ references:
+     pcidss4: "1.4.2"
      srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040023
 -    stigid@rhel8: RHEL-08-040023
@@ -18148,18 +18872,18 @@ index 6a541594f..8c47fed5a 100644
  title: 'Disable WiFi or Bluetooth in BIOS'
  
 diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
-index fa61a9233..394f8fb42 100644
+index cb5749653..21e369337 100644
 --- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
 +++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Deactivate Wireless Network Interfaces'
  
-@@ -64,7 +64,7 @@ references:
+@@ -65,7 +65,7 @@ references:
      stigid@ol7: OL07-00-041010
      stigid@ol8: OL08-00-040110
      stigid@rhel7: RHEL-07-041010
@@ -18283,18 +19007,8 @@ index 6970bbdba..2c78e4818 100644
      stigid@sle12: SLES-12-030440
      stigid@sle15: SLES-15-040390
  
-diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
-index 51b8c53eb..6cb982f7f 100644
---- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
-+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Fedora,Oracle Linux 7,Oracle Linux 8
-+# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Fedora,Oracle Linux 7,Oracle Linux 8
- # reboot = false
- # strategy = restrict
- # complexity = low
 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
-index 175927b3b..1e6dfd931 100644
+index 678b06d33..0050efcdd 100644
 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
 +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
 @@ -1,6 +1,6 @@
@@ -18303,19 +19017,19 @@ index 175927b3b..1e6dfd931 100644
 -prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
 +prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
- title: 'Ensure All World-Writable Directories Are Owned by root user'
+ title: 'Ensure All World-Writable Directories Are Owned by root User'
  
-@@ -29,7 +29,7 @@ references:
+@@ -27,7 +27,7 @@ references:
      anssi: BP28(R40)
      disa: CCI-000366
      srg: SRG-OS-000480-GPOS-00227,SRG-OS-000138-GPOS-00069
 -    stigid@rhel8: RHEL-08-010700
 +    stigid@almalinux8: RHEL-08-010700
  
- ocil_clause: 'there is output'
+ ocil_clause: 'there are world-writable directories not owned by root'
  
 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
-index e807cbfed..79482556b 100644
+index 63827dff3..41c0ed380 100644
 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
 +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -18335,7 +19049,7 @@ index 91b3495c9..7f3876c49 100644
  | xargs -I '$6' find '$6' -xdev -type d \
  \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
-index 7cd18df08..15314d2e8 100644
+index be74f698e..e8d9dcf34 100644
 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
 +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
 @@ -61,7 +61,7 @@ references:
@@ -18423,44 +19137,44 @@ index ec3bba5b8..72fc391b9 100644
  
  ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/rules.d/*.rules", perms="-rw-r-----") }}}'
 diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
-index 5683f30bc..1b1322fa1 100644
+index b3e2a1a00..d7a1cde06 100644
 --- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
 +++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
 @@ -2,7 +2,7 @@ documentation_complete: true
  
  title: 'Ensure All SGID Executables Are Authorized'
  
--prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20
-+prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,uos20
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,uos20
  
  description: |-
      The SGID (set group id) bit should be set only on files that were
 diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
-index 249f97174..0500a3260 100644
+index 7d1ac5d38..147fce716 100644
 --- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
 +++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
 @@ -2,7 +2,7 @@ documentation_complete: true
  
  title: 'Ensure All SUID Executables Are Authorized'
  
--prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20
-+prodtype: alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,uos20
+-prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20
++prodtype: alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,uos20
  
  description: |-
      The SUID (set user id) bit should be set only on files that were
 diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
-index 7ba335626..4e9ddab00 100644
+index d2aa53a98..31342f505 100644
 --- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
 +++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Ensure All Files Are Owned by a Group'
  
-@@ -54,7 +54,7 @@ references:
+@@ -57,7 +57,7 @@ references:
      stigid@ol7: OL07-00-020330
      stigid@ol8: OL08-00-010790
      stigid@rhel7: RHEL-07-020330
@@ -18470,7 +19184,7 @@ index 7ba335626..4e9ddab00 100644
      stigid@sle15: SLES-15-040410
  
 diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
-index 71c8dad9a..c2c328cae 100644
+index 13650fcea..0f71e2abc 100644
 --- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
 +++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
 @@ -1,6 +1,6 @@
@@ -18481,7 +19195,7 @@ index 71c8dad9a..c2c328cae 100644
  
  title: 'Ensure All Files Are Owned by a User'
  
-@@ -54,7 +54,7 @@ references:
+@@ -56,7 +56,7 @@ references:
      stigid@ol7: OL07-00-020320
      stigid@ol8: OL08-00-010780
      stigid@rhel7: RHEL-07-020320
@@ -18491,12 +19205,12 @@ index 71c8dad9a..c2c328cae 100644
      stigid@sle15: SLES-15-040400
  
 diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
-index c8132dc06..f62b5f5c7 100644
+index aff9b4912..351ee43ab 100644
 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
-@@ -26,7 +26,7 @@ references:
+@@ -27,7 +27,7 @@ references:
      disa: CCI-001314
-     srg: SRG-OS-000206-GPOS-00084
+     srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
      stigid@ol8: OL08-00-010260
 -    stigid@rhel8: RHEL-08-010260
 +    stigid@almalinux8: RHEL-08-010260
@@ -18504,7 +19218,7 @@ index c8132dc06..f62b5f5c7 100644
  
  ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log", group=gid) }}}'
 diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
-index 0abe21a0d..d39daeff2 100644
+index 797bfafc3..9518e6eb6 100644
 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
 @@ -18,7 +18,7 @@ references:
@@ -18517,12 +19231,12 @@ index 0abe21a0d..d39daeff2 100644
  ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}'
  
 diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
-index 0d7118ea9..4a544643b 100644
+index f81fce93e..3cd2c4845 100644
 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
-@@ -19,7 +19,7 @@ references:
+@@ -20,7 +20,7 @@ references:
      disa: CCI-001314
-     srg: SRG-OS-000206-GPOS-00084
+     srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
      stigid@ol8: OL08-00-010250
 -    stigid@rhel8: RHEL-08-010250
 +    stigid@almalinux8: RHEL-08-010250
@@ -18543,12 +19257,12 @@ index f0d63e361..21c82f341 100644
  ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}'
  
 diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
-index 94d663b9e..f57f0431b 100644
+index fa83358bf..ce0002b49 100644
 --- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
-@@ -21,7 +21,7 @@ references:
+@@ -22,7 +22,7 @@ references:
      disa: CCI-001314
-     srg: SRG-OS-000206-GPOS-00084
+     srg: SRG-OS-000206-GPOS-00084,SRG-APP-000118-CTR-000240
      stigid@ol8: OL08-00-010240
 -    stigid@rhel8: RHEL-08-010240
 +    stigid@almalinux8: RHEL-08-010240
@@ -18569,7 +19283,7 @@ index d0cded9af..5125eb59e 100644
  ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}'
  
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
-index 8831095b9..132d2346f 100644
+index 8f41e6219..5293927d7 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
 @@ -1,6 +1,6 @@
@@ -18676,7 +19390,7 @@ index ebaf9b766..858020d51 100644
  for dirPath in $DIRS; do
  	mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
-index e8c2cfa13..63ece0bf0 100644
+index 607aba3c6..922795582 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_audit_binaries/rule.yml
 @@ -1,6 +1,6 @@
@@ -18807,7 +19521,7 @@ index 02867684c..8b274eded 100644
  useradd user_test
  for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
-index 0e380cb21..ef3993070 100644
+index 81d8a339e..70345d4e7 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
 @@ -1,4 +1,4 @@
@@ -18839,7 +19553,7 @@ index f87b5094a..6eb6e3866 100644
  title: 'Verify that audit tools Have Mode 0755 or less'
  
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
-index 33196965d..b0572f9da 100644
+index aeaa1f058..b69b5cd7a 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -18885,7 +19599,7 @@ index f497a602a..26766e94b 100644
      stigid@sle15: SLES-15-010351
      stigid@ubuntu2004: UBTU-20-010426
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
-index 539b42740..84335b1e5 100644
+index 662778c70..c68b89e80 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
 @@ -1,6 +1,6 @@
@@ -19079,7 +19793,7 @@ index b311a36be..6433b07a8 100644
  title: 'Disable Mounting of jffs2'
  
 diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
-index 54f0218f3..6a79fe57b 100644
+index 67bc619a3..43177a592 100644
 --- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
 +++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -19091,7 +19805,7 @@ index 54f0218f3..6a79fe57b 100644
  title: 'Disable Mounting of squashfs'
  
 diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
-index 7b1f0c300..2a3d78941 100644
+index f36e2b226..8e71fccf2 100644
 --- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
 +++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -19103,7 +19817,7 @@ index 7b1f0c300..2a3d78941 100644
  title: 'Disable Mounting of udf'
  
 diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
-index 8cbcf66dc..c04a4295c 100644
+index 144d855a0..c631eb6ba 100644
 --- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
 +++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -19114,7 +19828,7 @@ index 8cbcf66dc..c04a4295c 100644
  
  title: 'Disable Modprobe Loading of USB Storage Driver'
  
-@@ -49,7 +49,7 @@ references:
+@@ -50,7 +50,7 @@ references:
      stigid@ol7: OL07-00-020100
      stigid@ol8: OL08-00-040080
      stigid@rhel7: RHEL-07-020100
@@ -19147,14 +19861,14 @@ index 41352695f..8b69802ab 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
-index 86c428a68..4e81a631c 100644
+index 27f23dd29..5606031e2 100644
 --- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
 +++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204,uos20
  
  title: 'Disable the Automounter'
  
@@ -19168,7 +19882,7 @@ index 86c428a68..4e81a631c 100644
      stigid@sle15: SLES-15-010240
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
-index 310f0de84..9f61c3e69 100644
+index c6901e86d..09f1a1131 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19189,7 +19903,7 @@ index 310f0de84..9f61c3e69 100644
  platform: machine and uefi
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
-index e7e5ef074..cfee0e0ea 100644
+index e3d538abf..79bc8be0c 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
 @@ -1,6 +1,6 @@
@@ -19201,7 +19915,7 @@ index e7e5ef074..cfee0e0ea 100644
  title: 'Add noauto Option to /boot'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
-index 9ea1c41ed..32177918c 100644
+index 9ac722d0e..78e4577d0 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
 @@ -1,6 +1,6 @@
@@ -19213,7 +19927,7 @@ index 9ea1c41ed..32177918c 100644
  title: 'Add nodev Option to /boot'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
-index 64df08b9e..4167a7efd 100644
+index 56a22ce45..c8857e0a5 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
 @@ -1,6 +1,6 @@
@@ -19225,7 +19939,7 @@ index 64df08b9e..4167a7efd 100644
  title: 'Add noexec Option to /boot'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
-index bd05306ce..756b2377c 100644
+index 583dd2b60..4ea56f9ce 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19246,7 +19960,7 @@ index bd05306ce..756b2377c 100644
  platform: machine
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
-index 8e03d1265..c3e8a35dc 100644
+index 17d1273f9..1b395dc90 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
 @@ -48,7 +48,7 @@ references:
@@ -19259,7 +19973,7 @@ index 8e03d1265..c3e8a35dc 100644
  platform: machine
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
-index fec79aeca..034fb5b86 100644
+index ea5701f9b..5c95af403 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
 @@ -1,6 +1,6 @@
@@ -19280,7 +19994,7 @@ index fec79aeca..034fb5b86 100644
  platform: machine
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
-index 270100d1b..8bc04e203 100644
+index 808035e3a..4129eab2e 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
 @@ -48,7 +48,7 @@ references:
@@ -19293,7 +20007,7 @@ index 270100d1b..8bc04e203 100644
  platform: machine
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_grpquota/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_grpquota/rule.yml
-index b045cd942..9080e4121 100644
+index dfc449d17..df8415041 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_grpquota/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_grpquota/rule.yml
 @@ -1,6 +1,6 @@
@@ -19305,19 +20019,19 @@ index b045cd942..9080e4121 100644
  title: 'Add grpquota Option to /home'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
-index e7416dec1..bee38591b 100644
+index d454139b4..c3209b7a9 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
-+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
  
  title: 'Add nodev Option to /home'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
-index 85bebc775..df22b2a7c 100644
+index bee3a60e8..d8b60d3d1 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
 @@ -1,6 +1,6 @@
@@ -19338,14 +20052,14 @@ index 85bebc775..df22b2a7c 100644
  platform: machine
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
-index 24af2ab93..98d82d848 100644
+index 5e42ac0a7..e184dad3f 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
-+prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
+-prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2204
++prodtype: alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2204
  
  title: 'Add nosuid Option to /home'
  
@@ -19359,7 +20073,7 @@ index 24af2ab93..98d82d848 100644
      stigid@sle15: SLES-15-040140
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_usrquota/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_usrquota/rule.yml
-index 7ffa9379d..f2e583238 100644
+index 86536b375..10c488aec 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_home_usrquota/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_home_usrquota/rule.yml
 @@ -1,6 +1,6 @@
@@ -19455,7 +20169,7 @@ index 2ae9f064c..b9ce16e9d 100644
      stigid@sle15: SLES-15-040150
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
-index 3d417e40c..9d2cf2ea3 100644
+index b7ec9c569..0502e318d 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19467,7 +20181,7 @@ index 3d417e40c..9d2cf2ea3 100644
  title: 'Add nosuid Option to /opt'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml
-index 9d56bdd57..5116b247e 100644
+index a85e9d12c..7e277a682 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19479,7 +20193,7 @@ index 9d56bdd57..5116b247e 100644
  title: 'Add hidepid Option to /proc'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
-index eb4d1422c..bba908938 100644
+index 5ff970bd7..e4321f56d 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19491,70 +20205,70 @@ index eb4d1422c..bba908938 100644
  title: 'Add nosuid Option to /srv'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
-index eee06e09d..e508628bd 100644
+index 105a4549d..c720e1922 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
-+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
  
  title: 'Add nodev Option to /tmp'
  
-@@ -47,7 +47,7 @@ references:
+@@ -48,7 +48,7 @@ references:
      nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
      srg: SRG-OS-000368-GPOS-00154
      stigid@ol8: OL08-00-040123
 -    stigid@rhel8: RHEL-08-040123
 +    stigid@almalinux8: RHEL-08-040123
  
- platform: machine and partition-tmp
+ platform: machine and mount[tmp]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
-index 09b7aec4a..d5d40b95f 100644
+index d4105fd2b..225e4be20 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204
-+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Add noexec Option to /tmp'
  
-@@ -46,7 +46,7 @@ references:
+@@ -47,7 +47,7 @@ references:
      nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
      srg: SRG-OS-000368-GPOS-00154
      stigid@ol8: OL08-00-040125
 -    stigid@rhel8: RHEL-08-040125
 +    stigid@almalinux8: RHEL-08-040125
  
- platform: machine and partition-tmp
+ platform: machine and mount[tmp]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
-index 77ef92a5a..df49ffa90 100644
+index e8f8b86b6..cd8054422 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
-+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
  
  title: 'Add nosuid Option to /tmp'
  
-@@ -47,7 +47,7 @@ references:
+@@ -48,7 +48,7 @@ references:
      nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
      srg: SRG-OS-000368-GPOS-00154
      stigid@ol8: OL08-00-040124
 -    stigid@rhel8: RHEL-08-040124
 +    stigid@almalinux8: RHEL-08-040124
  
- platform: machine and partition-tmp
+ platform: machine and mount[tmp]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
-index 289511bfa..ebf776a59 100644
+index 844f31d18..4c427178b 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
 @@ -1,6 +1,6 @@
@@ -19572,10 +20286,10 @@ index 289511bfa..ebf776a59 100644
 -    stigid@rhel8: RHEL-08-040129
 +    stigid@almalinux8: RHEL-08-040129
  
- platform: machine
+ platform: machine and mount[var-log-audit]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
-index b58554891..ee80c5c93 100644
+index f5c55f7d4..232848cf5 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
 @@ -1,6 +1,6 @@
@@ -19593,10 +20307,10 @@ index b58554891..ee80c5c93 100644
 -    stigid@rhel8: RHEL-08-040131
 +    stigid@almalinux8: RHEL-08-040131
  
- platform: machine
+ platform: machine and mount[var-log-audit]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
-index 5ae834740..135d854ad 100644
+index 38c807ee5..80c93d999 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19614,10 +20328,10 @@ index 5ae834740..135d854ad 100644
 -    stigid@rhel8: RHEL-08-040130
 +    stigid@almalinux8: RHEL-08-040130
  
- platform: machine
+ platform: machine and mount[var-log-audit]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
-index 2da6e25a8..e6f7b9513 100644
+index b59aeba7f..2e963aa36 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
 @@ -1,6 +1,6 @@
@@ -19635,10 +20349,10 @@ index 2da6e25a8..e6f7b9513 100644
 -    stigid@rhel8: RHEL-08-040126
 +    stigid@almalinux8: RHEL-08-040126
  
- platform: machine
+ platform: machine and mount[var-log]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
-index b8f0be9b2..71143163f 100644
+index e3885b497..770a4745e 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
 @@ -1,6 +1,6 @@
@@ -19656,10 +20370,10 @@ index b8f0be9b2..71143163f 100644
 -    stigid@rhel8: RHEL-08-040128
 +    stigid@almalinux8: RHEL-08-040128
  
- platform: machine
+ platform: machine and mount[var-log]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
-index a1c4a5b46..4348bed02 100644
+index c46396311..88a182d5a 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19677,10 +20391,10 @@ index a1c4a5b46..4348bed02 100644
 -    stigid@rhel8: RHEL-08-040127
 +    stigid@almalinux8: RHEL-08-040127
  
- platform: machine
+ platform: machine and mount[var-log]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
-index a178cd462..a3529356f 100644
+index d2723fd05..f2eb30534 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
 @@ -1,6 +1,6 @@
@@ -19692,7 +20406,7 @@ index a178cd462..a3529356f 100644
  title: 'Add nodev Option to /var'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
-index 1c8c7ab5e..78adc3ea3 100644
+index d617a3b2e..82ad3ba11 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
 @@ -1,6 +1,6 @@
@@ -19704,7 +20418,7 @@ index 1c8c7ab5e..78adc3ea3 100644
  title: 'Add noexec Option to /var'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
-index e6e912b01..d250a0b13 100644
+index 09646acc0..9ba927a2d 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
 @@ -1,6 +1,6 @@
@@ -19726,7 +20440,7 @@ index 59e39270d..5c154d333 100644
  # Delete particular /etc/fstab's row if /var/tmp is already configured to
  # represent a mount point (for some device or filesystem other than /tmp)
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
-index 05992df4b..ddd97e10f 100644
+index 0d5c5a8c2..89b6d40c9 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
 @@ -1,6 +1,6 @@
@@ -19738,18 +20452,18 @@ index 05992df4b..ddd97e10f 100644
  title: 'Bind Mount /var/tmp To /tmp'
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
-index b870dee01..99f4fec05 100644
+index 0496b5523..47c99a019 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
-+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
  
  title: 'Add nodev Option to /var/tmp'
  
-@@ -40,7 +40,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      disa: CCI-001764
      srg: SRG-OS-000368-GPOS-00154
      stigid@ol8: OL08-00-040132
@@ -19757,48 +20471,48 @@ index b870dee01..99f4fec05 100644
 +    stigid@almalinux8: RHEL-08-040132
  
  platforms:
-   - machine and partition-var-tmp
+   - machine and mount[var-tmp]
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
-index 22b8d6ad5..9870d5c7e 100644
+index 355ed84dd..49ae8734c 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
-+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
  
  title: 'Add noexec Option to /var/tmp'
  
-@@ -40,7 +40,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      disa: CCI-001764
      srg: SRG-OS-000368-GPOS-00154
      stigid@ol8: OL08-00-040134
 -    stigid@rhel8: RHEL-08-040134
 +    stigid@almalinux8: RHEL-08-040134
  
- platform: machine and partition-var-tmp
+ platform: machine and mount[var-tmp]
  
 diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
-index 5414eba58..012b77a0a 100644
+index 6a5862650..1101313c9 100644
 --- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
 +++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
-+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2204
+-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004,ubuntu2204
  
  title: 'Add nosuid Option to /var/tmp'
  
-@@ -40,7 +40,7 @@ references:
+@@ -41,7 +41,7 @@ references:
      disa: CCI-001764
      srg: SRG-OS-000368-GPOS-00154
      stigid@ol8: OL08-00-040133
 -    stigid@rhel8: RHEL-08-040133
 +    stigid@almalinux8: RHEL-08-040133
  
- platform: machine and partition-var-tmp
+ platform: machine and mount[var-tmp]
  
 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
 index d94802273..554e34e00 100644
@@ -19812,11 +20526,11 @@ index d94802273..554e34e00 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
-index dfaeaa7ec..9e1ee9159 100644
+index a80679673..be2228c85 100644
 --- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
-@@ -43,7 +43,7 @@ references:
-     ospp: FMT_SMF_EXT.1
+@@ -45,7 +45,7 @@ references:
+     pcidss4: "3.3.1.1,3.3.1.2,3.3.1.3"
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-010675
 -    stigid@rhel8: RHEL-08-010675
@@ -19836,11 +20550,11 @@ index d94802273..554e34e00 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
-index 19cf6c759..e1e6bc21a 100644
+index 4206d067c..0cf8d91a9 100644
 --- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
-@@ -39,7 +39,7 @@ references:
-     ospp: FMT_SMF_EXT.1
+@@ -45,7 +45,7 @@ references:
+     pcidss4: "3.3.1.1,3.3.1.2,3.3.1.3"
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-010674
 -    stigid@rhel8: RHEL-08-010674
@@ -19870,19 +20584,19 @@ index 41cbd1197..481afa583 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
-index 96ccbe728..f12b6dcaa 100644
+index 4de1534fb..f64a3c784 100644
 --- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable Core Dumps for All Users'
  
-@@ -43,7 +43,7 @@ references:
-     nist-csf: DE.CM-1,PR.DS-4
+@@ -44,7 +44,7 @@ references:
+     pcidss4: "3.3.1.1,3.3.1.2,3.3.1.3"
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-010673
 -    stigid@rhel8: RHEL-08-010673
@@ -19891,7 +20605,7 @@ index 96ccbe728..f12b6dcaa 100644
  ocil_clause: 'the "core" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core"'
  
 diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
-index 61030d4d2..cccba50fa 100644
+index 6d62d139a..643bf3b70 100644
 --- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -19911,6 +20625,15 @@ index 61030d4d2..cccba50fa 100644
  
  ocil_clause: unit systemd-coredump.socket is not masked or running
  
+@@ -51,7 +51,7 @@ template:
+     name: socket_disabled
+     vars:
+         socketname: systemd-coredump
+-{{% if product in ["ol8", "rhel8"] %}}
++{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+         packagename: systemd
+ {{% else %}}
+         packagename: systemd-udev
 diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
 index a51038bb8..13f289b8f 100644
 --- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
@@ -19934,14 +20657,14 @@ index 6b2922e13..6cccb08ad 100644
  title: 'Set Daemon Umask'
  
 diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
-index febe85cac..f149b5897 100644
+index 461484337..6f936396a 100644
 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
-+prodtype: fedora,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
+-prodtype: fedora,rhel7,rhel8,rhel9,rhv4,sle12,sle15
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
  title: 'Enable ExecShield via sysctl'
  
@@ -20003,10 +20726,10 @@ index 7a4c107b2..22e209120 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
-index 9567cdae7..2bf890930 100644
+index 444d7b11c..df74d683f 100644
 --- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
-@@ -42,7 +42,7 @@ references:
+@@ -44,7 +44,7 @@ references:
      stigid@ol7: OL07-00-040201
      stigid@ol8: OL08-00-010430
      stigid@rhel7: RHEL-07-040201
@@ -20016,20 +20739,20 @@ index 9567cdae7..2bf890930 100644
      stigid@sle15: SLES-15-010550
      stigid@ubuntu2004: UBTU-20-010448
 diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
-index c09aefe25..0b99d0773 100644
+index 9bc399fc3..8007d2fe2 100644
 --- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Enable NX or XD Support in the BIOS'
  
 @@ -40,7 +40,7 @@ references:
-     pcidss: Req-2.2.1
-     srg: SRG-OS-000433-GPOS-00192
+     pcidss4: "2.2.1"
+     srg: SRG-OS-000433-GPOS-00192,SRG-APP-000450-CTR-001105
      stigid@ol8: OL08-00-010420
 -    stigid@rhel8: RHEL-08-010420
 +    stigid@almalinux8: RHEL-08-010420
@@ -20059,7 +20782,7 @@ index 3260539b3..29d22d491 100755
  
  cp /proc/cpuinfo /tmp/cpuinfo
 diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
-index a7adc1027..b85718ddb 100644
+index 310d1ab11..ca3e204ed 100644
 --- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
 @@ -1,6 +1,6 @@
@@ -20071,20 +20794,20 @@ index a7adc1027..b85718ddb 100644
  title: 'Install PAE Kernel on Supported 32-bit x86 Systems'
  
 diff --git a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
-index 972743474..01eed5505 100644
+index 4fcb716d1..ddc46922a 100644
 --- a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
 @@ -20,7 +20,7 @@ references:
      nist: CM-7 (a),CM-7 (5) (b)
      srg: SRG-OS-000095-GPOS-00049,SRG-OS-000370-GPOS-00155
-     stigid@l8: OL08-00-040020
+     stigid@ol8: OL08-00-040020
 -    stigid@rhel8: RHEL-08-040020
 +    stigid@almalinux8: RHEL-08-040020
  
  platform: machine
  
 diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
-index f35b9537d..6e0f427bb 100644
+index 78c982211..9c0b1d86f 100644
 --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
 @@ -1,6 +1,6 @@
@@ -20095,7 +20818,7 @@ index f35b9537d..6e0f427bb 100644
  
  title: 'Enable page allocator poisoning'
  
-@@ -29,7 +29,7 @@ references:
+@@ -30,7 +30,7 @@ references:
      nist: CM-6(a)
      srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
      stigid@ol8: OL08-00-010421
@@ -20105,7 +20828,7 @@ index f35b9537d..6e0f427bb 100644
  ocil_clause: 'page allocator poisoning is not enabled'
  
 diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
-index a9605bf9b..9000f3096 100644
+index ea3560cec..5946b88c3 100644
 --- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
 @@ -1,6 +1,6 @@
@@ -20116,7 +20839,7 @@ index a9605bf9b..9000f3096 100644
  
  title: 'Enable SLUB/SLAB allocator poisoning'
  
-@@ -29,7 +29,7 @@ references:
+@@ -30,7 +30,7 @@ references:
      nist: CM-6(a)
      srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068
      stigid@ol8: OL08-00-010423
@@ -20181,7 +20904,7 @@ index 36e025cc3..e97acde11 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
-index 8dab1d048..9ddd9d587 100644
+index b7acaf128..49d4af88c 100644
 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
 @@ -1,6 +1,6 @@
@@ -20192,14 +20915,14 @@ index 8dab1d048..9ddd9d587 100644
  
  title: 'Restrict Access to Kernel Message Buffer'
  
-@@ -29,7 +29,7 @@ references:
-     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
+@@ -30,7 +30,7 @@ references:
+     stigid@ol7: OL07-00-010375
      stigid@ol8: OL08-00-010375
      stigid@rhel7: RHEL-07-010375
 -    stigid@rhel8: RHEL-08-010375
 +    stigid@almalinux8: RHEL-08-010375
- 
- {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}}
+     stigid@sle12: SLES-12-010375
+     stigid@sle15: SLES-15-010375
  
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
 index 505b3c12b..cdf18e6dd 100644
@@ -20281,7 +21004,7 @@ index 0541e59a7..50020c28c 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
-index 05535b7b5..cbf7228fe 100644
+index a39ff72ee..0e332d7e8 100644
 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
 @@ -1,6 +1,6 @@
@@ -20294,7 +21017,7 @@ index 05535b7b5..cbf7228fe 100644
  
 @@ -26,7 +26,7 @@ references:
      ospp: FMT_SMF_EXT.1
-     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
+     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069,SRG-APP-000243-CTR-000600
      stigid@ol8: OL08-00-010376
 -    stigid@rhel8: RHEL-08-010376
 +    stigid@almalinux8: RHEL-08-010376
@@ -20337,7 +21060,7 @@ index 2e24d9211..7b706bb32 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
-index 9e5920b09..19bcb1045 100644
+index ca51c5534..f3871bd5e 100644
 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -20348,7 +21071,7 @@ index 9e5920b09..19bcb1045 100644
  
  title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes'
  
-@@ -24,7 +24,7 @@ references:
+@@ -25,7 +25,7 @@ references:
      ospp: FMT_SMF_EXT.1
      srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040281
@@ -20401,7 +21124,7 @@ index 7519b7740..af6c30abd 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
-index 1c1907f05..ffe602a19 100644
+index 323fef1e6..36ed03c39 100644
 --- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
 @@ -1,6 +1,6 @@
@@ -20412,7 +21135,7 @@ index 1c1907f05..ffe602a19 100644
  
  title: 'Harden the operation of the BPF just-in-time compiler'
  
-@@ -24,7 +24,7 @@ references:
+@@ -25,7 +25,7 @@ references:
      ospp: FMT_SMF_EXT.1
      srg: SRG-OS-000480-GPOS-00227
      stigid@ol8: OL08-00-040286
@@ -20466,7 +21189,7 @@ index ba7269b99..5e6426594 100644
  title: 'Prevent applications from mapping low portion of virtual memory'
  
 diff --git a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
-index 352e1c4e7..5b4baa103 100644
+index cd65b5921..7114fe503 100644
 --- a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
 +++ b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
 @@ -1,6 +1,6 @@
@@ -20498,7 +21221,7 @@ index 735354a2d..0c13b196e 100644
  sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
  sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
 diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
-index 04547b496..01531b365 100644
+index 5c94eafa2..37aa83fa7 100644
 --- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
 +++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
 @@ -1,6 +1,6 @@
@@ -20510,7 +21233,7 @@ index 04547b496..01531b365 100644
  title: 'Ensure SELinux Not Disabled in /etc/default/grub'
  
 diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
-index 21702856f..97a22db41 100644
+index 622ccb2a2..47675d63f 100644
 --- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
 +++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -20522,7 +21245,7 @@ index 21702856f..97a22db41 100644
  title: 'Install libselinux Package'
  
 diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
-index ea0437f5b..8759a6ce0 100644
+index 2520d3dcc..ed0bc9538 100644
 --- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
 +++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
 @@ -1,5 +1,5 @@
@@ -23122,7 +23845,7 @@ index 36c8756dd..20316bcee 100644
  title: 'Disable the secure_mode SELinux Boolean'
  
 diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
-index 0e36376e1..a85cb90c8 100644
+index 17babc7f3..bad92e4d9 100644
 --- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
 +++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
 @@ -1,6 +1,6 @@
@@ -23182,7 +23905,7 @@ index 46f76ce22..e1288fdd3 100644
  title: 'Enable the selinuxuser_execmod SELinux Boolean'
  
 diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
-index 440b1f859..16c273eb1 100644
+index 446c8225b..2cc254c0f 100644
 --- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
 +++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
 @@ -1,6 +1,6 @@
@@ -23191,7 +23914,7 @@ index 440b1f859..16c273eb1 100644
 -prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
 +prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
  
- title: 'disable the selinuxuser_execstack SELinux Boolean'
+ title: 'Disable the selinuxuser_execstack SELinux Boolean'
  
 diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
 index 88a2a92d6..3cdf3685a 100644
@@ -24210,7 +24933,7 @@ index 0b33e5768..c9b647b8e 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
-index 4b7e17987..cec080b47 100644
+index d84bae70e..fed0e7fd8 100644
 --- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
 +++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
 @@ -1,6 +1,6 @@
@@ -24221,15 +24944,15 @@ index 4b7e17987..cec080b47 100644
  
  title: 'Configure SELinux Policy'
  
-@@ -57,7 +57,7 @@ references:
+@@ -58,7 +58,7 @@ references:
      stigid@ol7: OL07-00-020220
      stigid@ol8: OL08-00-010450
      stigid@rhel7: RHEL-07-020220
 -    stigid@rhel8: RHEL-08-010450
 +    stigid@almalinux8: RHEL-08-010450
-     vmmsrg: SRG-OS-000445-VMM-001780
  
  ocil_clause: 'the loaded policy name is not "{{{ xccdf_value("var_selinux_policy_name") }}}"'
+ 
 diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
 index 3234ef102..9961cbdd9 100644
 --- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
@@ -24251,18 +24974,18 @@ index 1f458fa5b..3a9811ea3 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
-index 6619b350e..ce4a57fbb 100644
+index 8a67f6cae..b4f2870dd 100644
 --- a/linux_os/guide/system/selinux/selinux_state/rule.yml
 +++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
-@@ -49,7 +49,7 @@ references:
+@@ -50,7 +50,7 @@ references:
      stigid@ol7: OL07-00-020210
      stigid@ol8: OL08-00-010170
      stigid@rhel7: RHEL-07-020210
 -    stigid@rhel8: RHEL-08-010170
 +    stigid@almalinux8: RHEL-08-010170
-     vsrg: SRG-OS-000445-VMM-001780
  
  ocil_clause: 'SELINUX is not set to enforcing'
+ 
 diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
 index d4c211c10..b909ccace 100644
 --- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
@@ -24285,7 +25008,7 @@ index d4c211c10..b909ccace 100644
  ocil_clause: 'non-admin users are not confined correctly'
  
 diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
-index de1dc56c8..937c7282e 100644
+index a7b2c5bcc..431536d72 100644
 --- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
 +++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
 @@ -1,6 +1,6 @@
@@ -24296,7 +25019,7 @@ index de1dc56c8..937c7282e 100644
  
  title: 'Encrypt Partitions'
  
-@@ -76,7 +76,7 @@ references:
+@@ -77,7 +77,7 @@ references:
      nist@sle15: SC-28,SC-28.1
      srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183
      stigid@ol8: OL08-00-010030
@@ -24368,7 +25091,7 @@ index f40201b20..bb043b8c4 100644
  title: 'Ensure /usr Located On Separate Partition'
  
 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
-index 782dc2c1f..308a2bfb3 100644
+index 9f87a0028..584ec0c35 100644
 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
 +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
 @@ -46,7 +46,7 @@ references:
@@ -24379,7 +25102,7 @@ index 782dc2c1f..308a2bfb3 100644
 +    stigid@almalinux8: RHEL-08-010540
      stigid@sle12: SLES-12-010860
      stigid@sle15: SLES-15-040210
-     vmmsrg: SRG-OS-000341-VMM-001220
+ 
 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
 index e2f69fef8..4a102e1b7 100644
 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
@@ -24394,7 +25117,7 @@ index e2f69fef8..4a102e1b7 100644
  {{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
  
 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
-index 5f69a8b9f..78f43a115 100644
+index 9758b0625..4263bccdb 100644
 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
 +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
 @@ -52,7 +52,7 @@ references:
@@ -24405,7 +25128,7 @@ index 5f69a8b9f..78f43a115 100644
 +    stigid@almalinux8: RHEL-08-010542
      stigid@sle12: SLES-12-010870
      stigid@sle15: SLES-15-030810
-     vmmsrg: SRG-OS-000341-VMM-001220
+ 
 diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
 index 65cde9418..5bbac4fac 100644
 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
@@ -24427,17 +25150,8 @@ index 65cde9418..5bbac4fac 100644
  
  {{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
  
-diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
-index d24ad6130..78e4f65cc 100644
---- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
-+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
-@@ -1,3 +1,3 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
- 
- dconf update
 diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
-index a99dad73d..803ddd498 100644
+index 814a0103c..cd2de3213 100644
 --- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
 +++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
 @@ -1,6 +1,6 @@
@@ -24449,7 +25163,7 @@ index a99dad73d..803ddd498 100644
  title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles'
  
 diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
-index 48d446249..a45f55612 100644
+index fd69a8620..f2ab70604 100644
 --- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
 +++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
 @@ -1,6 +1,6 @@
@@ -24471,43 +25185,43 @@ index c3baa1b80..be83f158f 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
-index 3165c09fc..f2135e0b7 100644
+index b5bf2b998..30c4b5e49 100644
 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9
  
  title: 'Disable the GNOME3 Login Restart and Shutdown Buttons'
  
 diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
-index ca6beab0d..8e18147dd 100644
+index 917fc7dc4..bc1d7c63c 100644
 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
  # reboot = false
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
-index a90829993..b32701924 100644
+index 50a8651ab..9207e612e 100644
 --- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Disable the GNOME3 Login User List'
  
-@@ -41,7 +41,7 @@ references:
-     nist: CM-6(a),AC-23
-     srg: SRG-OS-000480-GPOS-00227
+@@ -48,7 +48,7 @@ references:
+     stigid@ol7: OL07-00-010063
      stigid@ol8: OL08-00-020032
+     stigid@rhel7: RHEL-07-010063
 -    stigid@rhel8: RHEL-08-020032
 +    stigid@almalinux8: RHEL-08-020032
  
@@ -24662,7 +25376,7 @@ index 60417ff4e..0af05e798 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
-index cd57e209c..d236c46b4 100644
+index f969464a3..2e7ed286b 100644
 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
 @@ -1,6 +1,6 @@
@@ -24684,14 +25398,14 @@ index ac168ef9f..69ecfa6a7 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
-index 55b8d324b..db2e190bd 100644
+index 429314038..e7370bd25 100644
 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2204
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,ubuntu2204
  
  title: 'Disable GNOME3 Automount Opening'
  
@@ -24706,14 +25420,14 @@ index 51e4063c3..3591b7266 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
-index 749be00a4..b1cc72639 100644
+index b7662be6f..0b85618cb 100644
 --- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2204
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,ubuntu2204
  
  title: 'Disable GNOME3 Automount running'
  
@@ -24838,7 +25552,7 @@ index f7c7b4379..95781d5ab 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
-index fdf6551b4..c0c9a4eec 100644
+index 89d2ecdff..947324d01 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -24882,7 +25596,7 @@ index 5b08acff4..d1af90b16 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
-index ed96f970a..ec5e2a671 100644
+index 58488e8aa..bb3ae452d 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
 @@ -1,6 +1,6 @@
@@ -24893,7 +25607,7 @@ index ed96f970a..ec5e2a671 100644
  
  title: 'Set GNOME3 Screensaver Inactivity Timeout'
  
-@@ -50,7 +50,7 @@ references:
+@@ -52,7 +52,7 @@ references:
      stigid@ol7: OL07-00-010070
      stigid@ol8: OL08-00-020060
      stigid@rhel7: RHEL-07-010070
@@ -24913,18 +25627,18 @@ index 9d034e519..2c45806b4 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
-index 00f1fc20c..88ce34272 100644
+index 99c897f17..fdf719386 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2204
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,ubuntu2204
  
  title: 'Set GNOME3 Screensaver Lock Delay After Activation Period'
  
-@@ -42,7 +42,7 @@ references:
+@@ -43,7 +43,7 @@ references:
      stigid@ol7: OL07-00-010110
      stigid@ol8: OL08-00-020031
      stigid@rhel7: RHEL-07-010110
@@ -24944,7 +25658,7 @@ index d04e6893f..5b9cba007 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
-index 32429a8de..3e8dee9d0 100644
+index 8a86e3806..82ba2fc3e 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -24955,7 +25669,7 @@ index 32429a8de..3e8dee9d0 100644
  
  title: 'Enable GNOME3 Screensaver Lock After Idle Period'
  
-@@ -57,7 +57,7 @@ references:
+@@ -58,7 +58,7 @@ references:
      stigid@ol7: OL07-00-010060
      stigid@ol8: OL08-00-020030
      stigid@rhel7: RHEL-07-010060
@@ -24975,14 +25689,14 @@ index 34ff91ab3..875abf68d 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
-index 1beba66d0..2f6b0426b 100644
+index 92ddf0d12..2147b87eb 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9
  
  title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period'
  
@@ -25006,7 +25720,7 @@ index 4dbe2b3c8..7313b6bcd 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
-index 95dc7bc27..656992e00 100644
+index 48735e16a..8051d84aa 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
 @@ -1,6 +1,6 @@
@@ -25050,14 +25764,14 @@ index ed7d98843..a41cb7151 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
-index 5b2580d5a..6667c422c 100644
+index a1169934f..bed6e6550 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
-+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9
  
  title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings'
  
@@ -25081,7 +25795,7 @@ index aae97c962..18c7ec75f 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
-index d28caa117..754d40d52 100644
+index 762e8c789..2ca30055a 100644
 --- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
 @@ -1,6 +1,6 @@
@@ -25092,7 +25806,7 @@ index d28caa117..754d40d52 100644
  
  title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings'
  
-@@ -45,7 +45,7 @@ references:
+@@ -46,7 +46,7 @@ references:
      stigid@ol7: OL07-00-010082
      stigid@ol8: OL08-00-020081
      stigid@rhel7: RHEL-07-010082
@@ -25179,11 +25893,11 @@ index 592f85584..664c876cb 100644
  title: 'Disable User Administration in GNOME3'
  
 diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
-index 6a2233156..a2c2b6983 100644
+index c7617bc43..7de8de33c 100644
 --- a/linux_os/guide/system/software/gnome/group.yml
 +++ b/linux_os/guide/system/software/gnome/group.yml
 @@ -12,7 +12,7 @@ description: |-
-     {{% if product in ['ol7', 'ol8'] %}}
+     {{% if 'ol' in product %}}
      Oracle Linux Graphical environment.
      {{% else %}}
 -    Red Hat Graphical environment.
@@ -25192,19 +25906,19 @@ index 6a2233156..a2c2b6983 100644
      


      For more information on GNOME and the GNOME Project, see {{{ weblink(link="https://www.gnome.org") }}}.
 diff --git a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
-index e2aeef7c1..8b682d45e 100644
+index 205adaf50..51042b381 100644
 --- a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
 +++ b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,rhel7,rhel8,rhel9,rhv4,ubuntu2004,ubuntu2204
-+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,ubuntu2204
+-prodtype: fedora,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Remove the GDM Package Group'
  
 diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
-index fdafdbfa1..f7f8ec6b3 100644
+index d7610c432..7318192f0 100644
 --- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
 +++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
 @@ -1,6 +1,6 @@
@@ -25228,7 +25942,7 @@ index 16c3847ad..73477c511 100644
        
        
 diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
-index 1a6b2c7a7..ce11e0485 100644
+index 234eb42b8..04b4d84e4 100644
 --- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
 +++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
 @@ -1,6 +1,6 @@
@@ -25259,14 +25973,14 @@ index 1a6b2c7a7..ce11e0485 100644
      stigid@sle15: SLES-15-010000
  
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
-index 03e830776..a29b70775 100644
+index cafd1940a..485ee6538 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,uos20
  
  title: 'Configure BIND to use System Crypto Policy'
  
@@ -25292,7 +26006,7 @@ index c7385d2c3..637496acd 100644
  
  BIND_CONF='/etc/named.conf'
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
-index 06307a5c9..490ca4bbe 100644
+index b00bbfe21..39dbf3036 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
 @@ -1,4 +1,4 @@
@@ -25300,7 +26014,7 @@ index 06307a5c9..490ca4bbe 100644
 -# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
 +# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
  
- yum remove -y bind || true
+ {{{ bash_package_remove("bind") }}}
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
 index 4f9c749eb..46fcc4703 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
@@ -25350,18 +26064,18 @@ index dd096ab41..b180ed3b3 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
-index e3b95bc95..35e81cc7b 100644
+index d1aec7744..a8584851e 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle15,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle15,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle15,uos20
  
  title: 'Configure System Cryptography Policy'
  
-@@ -70,7 +70,7 @@ references:
+@@ -71,7 +71,7 @@ references:
      ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
      srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
      stigid@ol8: OL08-00-010020
@@ -25579,14 +26293,14 @@ index 3776d35aa..8710aef51 100644
  configfile=/etc/crypto-policies/back-ends/gnutls.config
  
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
-index 3a2df056e..be08ff6f8 100644
+index 094beadb3..3c2f3ba54 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,uos20
  
  title: 'Configure Kerberos to use System Crypto Policy'
  
@@ -25632,19 +26346,19 @@ index 4eb5348f2..9047445c5 100644
  rm -f /etc/krb5.conf.d/crypto-policies
  ln -s /etc/crypto-policies/back-ends/openssh.config /etc/krb5.conf.d/crypto-policies
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
-index 5fe513be6..de105c307 100644
+index 5c8655c92..cbcd98958 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
  
  title: 'Configure Libreswan to use System Crypto Policy'
  
-@@ -36,7 +36,7 @@ references:
-     pcidss: Req-2.2
+@@ -37,7 +37,7 @@ references:
+     pcidss4: "2.2"
      srg: SRG-OS-000033-GPOS-00014
      stigid@ol8: OL08-00-010020
 -    stigid@rhel8: RHEL-08-010020
@@ -25653,7 +26367,7 @@ index 5fe513be6..de105c307 100644
  ocil_clause: |-
      the "IPsec" service is active and the ipsec configuration file does not contain does not contain include /etc/crypto-policies/back-ends/libreswan.config
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
-index a1a66e747..a4775c4ba 100644
+index 9379b5ff3..c8fdbd4f5 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
 @@ -1,4 +1,4 @@
@@ -25661,7 +26375,7 @@ index a1a66e747..a4775c4ba 100644
 -# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
 +# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
  
- yum remove -y libreswan || true
+ {{{ bash_package_remove("libreswan") }}}
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
 index 439da4978..8dee7191b 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
@@ -25711,19 +26425,19 @@ index 2863c6102..aeeddb9a1 100644
  
  cp ipsec.conf /etc
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
-index f914174f3..5d695d949 100644
+index 8cf86b739..34f206aeb 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
  
  title: 'Configure OpenSSL library to use System Crypto Policy'
  
-@@ -45,7 +45,7 @@ references:
-     pcidss: Req-2.2
+@@ -46,7 +46,7 @@ references:
+     pcidss4: "2.2"
      srg: SRG-OS-000250-GPOS-00093
      stigid@ol8: OL08-00-010293
 -    stigid@rhel8: RHEL-08-010293
@@ -25852,7 +26566,7 @@ index 209a6bd40..2330ede55 100644
  configfile=/etc/crypto-policies/back-ends/opensslcnf.config
  
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
-index 5e1d80849..031596e6f 100644
+index 26d67f1e9..bda103475 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
 @@ -1,5 +1,5 @@
@@ -25885,19 +26599,19 @@ index 1593ce8ae..e42f42388 100644
  configfile=/etc/crypto-policies/back-ends/opensslcnf.config
  
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
-index 0902a5011..2249bceb0 100644
+index 2373c03c3..b622e0e33 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4,sle12,sle15,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
  
  title: 'Configure SSH to use System Crypto Policy'
  
-@@ -35,7 +35,7 @@ references:
-     pcidss: Req-2.2
+@@ -37,7 +37,7 @@ references:
+     pcidss4: "2.2"
      srg: SRG-OS-000250-GPOS-00093
      stigid@ol8: OL08-00-010287
 -    stigid@rhel8: RHEL-08-010287
@@ -26845,7 +27559,7 @@ index a06ffc2d7..6b4a4f76c 100644
  {{{ bash_instantiate_variables("sshd_approved_macs") }}}
  
 diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
-index ad52c2a4e..a32f9eda4 100644
+index f08f120f9..9d3ecc151 100644
 --- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
 @@ -1,6 +1,6 @@
@@ -26866,47 +27580,47 @@ index ad52c2a4e..a32f9eda4 100644
  ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
  
 diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
-index e936d1979..b7e09e53a 100644
+index df9a2844e..922af22a9 100644
 --- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
 +# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
- # profiles = xccdf_org.ssgproject.content_profile_stig
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
  
- sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
+ sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
 diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
-index 66483e898..fae4417ec 100644
+index eef727791..d61b46cde 100644
 --- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
 +# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
- # profiles = xccdf_org.ssgproject.content_profile_stig
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
  
  configfile=/etc/crypto-policies/back-ends/opensshserver.config
 diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
-index ea4032290..a4a765c89 100644
+index ec6f07dbc..9b8681014 100644
 --- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
 +# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
- # profiles = xccdf_org.ssgproject.content_profile_stig
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
  
  configfile=/etc/crypto-policies/back-ends/opensshserver.config
 diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
-index 11b194db0..09699474f 100644
+index ee314357d..080606320 100644
 --- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
 +# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
- # profiles = xccdf_org.ssgproject.content_profile_stig
+ # variables = sshd_approved_macs=hmac-sha2-512,hmac-sha2-256,hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
  
  configfile=/etc/crypto-policies/back-ends/opensshserver.config
 diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
@@ -26976,7 +27690,7 @@ index 68dc260a8..87f5390dd 100644
  title: 'Install crypto-policies package'
  
 diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
-index 511a96ea2..6b28b90c5 100644
+index 0447bf2c4..43627ebd3 100644
 --- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
 +++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -26998,7 +27712,7 @@ index 264d2f94e..14cc99d5d 100644
  title: 'Install Virus Scanning Software'
  
 diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
-index d10cfa3b2..d2e8679e8 100644
+index a1dbb727a..db0a66291 100644
 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
 +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
 @@ -1,6 +1,6 @@
@@ -27010,7 +27724,7 @@ index d10cfa3b2..d2e8679e8 100644
  title: 'Install Intrusion Detection Software'
  
 diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
-index 78b9bdee9..9a60ee129 100644
+index 4a56c1623..75b8aaf18 100644
 --- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
 +++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
 @@ -1,6 +1,6 @@
@@ -27145,7 +27859,7 @@ index 5da0c99e6..57ac7592b 100644
  fips-mode-setup --enable
  FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
 diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
-index a686f80b7..90070fa98 100644
+index 62cfc0d6a..da13b857c 100644
 --- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
 +++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
 @@ -1,6 +1,6 @@
@@ -27162,9 +27876,9 @@ index a686f80b7..90070fa98 100644
      stigid@ol8: OL08-00-010020
 -    stigid@rhel8: RHEL-08-010020
 +    stigid@almalinux8: RHEL-08-010020
-     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
  
  ocil_clause: 'the Dracut FIPS module is not enabled'
+ 
 diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
 index 9c232fc94..f3d71ee21 100644
 --- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/tests/fips_dracut_module_missing.fail.sh
@@ -27190,7 +27904,7 @@ index b92e82236..138d2c997 100644
  fips-mode-setup --enable
  FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
 diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
-index 6977a704d..e18dbd026 100644
+index 41d301caa..866741c11 100644
 --- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
 +++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -27199,40 +27913,30 @@ index 6977a704d..e18dbd026 100644
  # reboot = true
  # strategy = restrict
  # complexity = medium
-diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
-index 934ecaf91..9a01dada3 100644
---- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
-+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,Red Hat Virtualization 4
- {{{ bash_instantiate_variables("var_system_crypto_policy") }}}
- 
- fips-mode-setup --enable
 diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index e805136ff..76d2978ec 100644
+index 3b50e0706..4e4d713e1 100644
 --- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
 +++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -10,7 +10,7 @@
-       {{% if product in ["ol8"] %}}
-       
--      {{% elif product in ["rhel8"] %}}
-+      {{% elif product in ["rhel8", "almalinux8"] %}}
-       
-         
-@@ -35,7 +35,7 @@
-     ^FIPS(:(OSPP|NO-SHA1|NO-CAMELLIA))?$
+@@ -25,7 +25,7 @@
+             
+           
+-          {{% if product in ["ol8", "rhel8"] %}}
++          {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
+           
+           {{% else %}}
+@@ -77,7 +77,7 @@ to a crypto policy module that further restricts the modified crypto policy.">
    {{%- endif %}}
    
+ 
 -  {{% if product in ["ol8","rhel8"] %}}
 +  {{% if product in ["ol8","rhel8", "almalinux8"] %}}
-   
-     
+   
 diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
-index c6895f23d..cd5196ba5 100644
+index c6e966202..1b0e4f32a 100644
 --- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
 +++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
 @@ -1,6 +1,6 @@
@@ -27243,17 +27947,17 @@ index c6895f23d..cd5196ba5 100644
  
  title: Enable FIPS Mode
  
-@@ -40,7 +40,7 @@ references:
+@@ -48,7 +48,7 @@ references:
      ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1,FCS_RBG_EXT.1
      srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176
      stigid@ol8: OL08-00-010020
 -    stigid@rhel8: RHEL-08-010020
 +    stigid@almalinux8: RHEL-08-010020
-     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
  
  ocil_clause: 'FIPS mode is not enabled'
+ 
 diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
-index fd61358da..323cb594f 100644
+index 33841e4d3..dabfa8764 100644
 --- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
 +++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
 @@ -1,6 +1,6 @@
@@ -27265,7 +27969,7 @@ index fd61358da..323cb594f 100644
  title: Ensure '/etc/system-fips' exists
  
 diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
-index 15c99cfcc..9f09ce655 100644
+index 2aafe35d7..cc7607cd2 100644
 --- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
 +++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -27282,9 +27986,9 @@ index 15c99cfcc..9f09ce655 100644
      stigid@ol8: OL08-00-010020
 -    stigid@rhel8: RHEL-08-010020
 +    stigid@almalinux8: RHEL-08-010020
-     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
  
  ocil_clause: 'crypto.fips_enabled is not 1'
+ 
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
 index 0cdb5d98d..a98b5566c 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
@@ -27296,7 +28000,7 @@ index 0cdb5d98d..a98b5566c 100644
  {{{ bash_package_install("aide") }}}
  {{% if 'sle' in product %}}
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
-index 430f34c1e..53ee76e69 100644
+index 43e5f16ef..927f1a9b5 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
 @@ -1,6 +1,6 @@
@@ -27307,17 +28011,17 @@ index 430f34c1e..53ee76e69 100644
  
  title: 'Build and Test AIDE Database'
  
-@@ -66,7 +66,7 @@ references:
+@@ -67,7 +67,7 @@ references:
      stigid@ol7: OL07-00-020029
      stigid@ol8: OL08-00-010359
      stigid@rhel7: RHEL-07-020029
 -    stigid@rhel8: RHEL-08-010359
 +    stigid@almalinux8: RHEL-08-010359
- 
- ocil_clause: 'there is no database file'
+     stigid@sle12: SLES-12-010499
+     stigid@sle15: SLES-15-010419
  
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
-index 5905ea8d0..19ca9df0a 100644
+index 883c40270..496e772c1 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -27327,7 +28031,7 @@ index 5905ea8d0..19ca9df0a 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
-index a81e25c39..a52955aeb 100644
+index ea2a1113b..fbc6b9b8a 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -27337,18 +28041,18 @@ index a81e25c39..a52955aeb 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
-index 4555d8aef..e2d7df503 100644
+index 4d786f01b..40a623419 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux3,fedora,ol8,ol9,rhel8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux3,fedora,ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Configure AIDE to Verify the Audit Tools'
  
-@@ -42,7 +42,7 @@ references:
+@@ -44,7 +44,7 @@ references:
      nist: AU-9(3),AU-9(3).1
      srg: SRG-OS-000278-GPOS-00108
      stigid@ol8: OL08-00-030650
@@ -27358,38 +28062,49 @@ index 4555d8aef..e2d7df503 100644
      stigid@sle15: SLES-15-030630
      stigid@ubuntu2004: UBTU-20-010205
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
-index 1a1ab8aed..d5539bdcd 100644
+index 5f751bee5..2684687ff 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = aide
  
- 
- yum -y install aide
+ aide --init
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
-index 769deaa4f..121c79b9f 100644
+index f80f6fd52..3d2bde623 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = aide
  
- yum -y install aide
+ declare -a bins
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
+index 692a60d0e..50411aad5 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = aide
  
+ declare -a bins
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
-index 868a3d2b3..13f8fcf03 100644
+index 65bf85123..708ef4e4d 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ # packages = aide
  
- 
- yum -y install aide
+ aide --init
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
 index dfa5c1b6c..60ac94141 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
@@ -27401,30 +28116,20 @@ index dfa5c1b6c..60ac94141 100644
  {{{ bash_package_install("aide") }}}
  
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
-index 1600478f0..235d0715f 100644
+index 123e0ebf2..285ded938 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
 @@ -4,7 +4,7 @@
  
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,ubuntu2204
  
  title: 'Configure Periodic Execution of AIDE'
  
-diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
-index 2f734940a..837b244b5 100644
---- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
-+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,Oracle Linux 7,Oracle Linux 8,multi_platform_sle
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,Oracle Linux 7,Oracle Linux 8,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
-index 9015d01e7..493705ba8 100644
+index 8ba2e2067..844d0ef13 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
 @@ -1,6 +1,6 @@
@@ -27442,8 +28147,8 @@ index 9015d01e7..493705ba8 100644
 -    stigid@rhel8: RHEL-08-010360
 +    stigid@almalinux8: RHEL-08-010360
      stigid@sle12: SLES-12-010510
+     stigid@sle15: SLES-15-010570
  
- ocil_clause: 'AIDE has not been configured or has not been configured to notify personnel of scan details'
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
 index 34a114520..b22a658da 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
@@ -27490,16 +28195,6 @@ index 3c2037208..8211c4ad0 100644
  
  
  cat >/etc/aide.conf </etc/aide.conf </etc/aide.conf <ignore_dot tag exists in
 diff --git a/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml b/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
-index a32a10671..de22404ac 100644
+index 165fa2157..ff3bb53d0 100644
 --- a/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
 +++ b/linux_os/guide/system/software/sudo/sudo_add_passwd_timeout/rule.yml
 @@ -1,12 +1,12 @@
  documentation_complete: true
  
--prodtype: ol7,ol8,rhel7,rhel8,sle12,sle15
-+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15
+-prodtype: alinux3,ol7,ol8,rhel7,rhel8,sle12,sle15
++prodtype: alinux3,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15
  
  title: 'Ensure sudo passwd_timeout is appropriate - sudo passwd_timeout'
  
@@ -27944,7 +28622,7 @@ index 39ec72b52..a2849d3b4 100644
  
  echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers
 diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
-index 2dee2eb85..df6ee7847 100644
+index acb0d0a7f..fde0f6b0f 100644
 --- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
 +++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
 @@ -1,6 +1,6 @@
@@ -27966,7 +28644,7 @@ index 0e5aed5d0..c75edccd5 100644
  
  # Make sure sudo is owned by root group
 diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
-index 079540b33..a8e26e140 100644
+index 4408d610e..24f3016f4 100644
 --- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
 +++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
 @@ -39,7 +39,7 @@ references:
@@ -27977,9 +28655,9 @@ index 079540b33..a8e26e140 100644
 +    stigid@almalinux8: RHEL-08-010381
      stigid@sle12: SLES-12-010110
      stigid@sle15: SLES-15-010450
-     vsrg: SRG-OS-000373-VMM-001470,SRG-OS-000373-VMM-001480,SRG-OS-000373-VMM-001490
+ 
 diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
-index 6c91f7eb6..d5b67e2d2 100644
+index 32e8a1bef..f46e56299 100644
 --- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
 +++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
 @@ -39,7 +39,7 @@ references:
@@ -27990,19 +28668,19 @@ index 6c91f7eb6..d5b67e2d2 100644
 +    stigid@almalinux8: RHEL-08-010380
      stigid@sle12: SLES-12-010110
      stigid@sle15: SLES-15-010450
-     vsrg: SRG-OS-000373-VMM-001470,SRG-OS-000373-VMM-001480,SRG-OS-000373-VMM-001490
+ 
 diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
-index fc0ec838f..1d79c1207 100644
+index 78ee25868..a9f949662 100644
 --- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
 +++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204
-+prodtype: ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204
+-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2204
++prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2204
+ 
+ title: 'Require Re-Authentication When Using the sudo Command'
  
- title: 'The operating system must require Re-Authentication when using the sudo command.
-  Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout'
 @@ -41,7 +41,7 @@ references:
      stigid@ol7: OL07-00-010343
      stigid@ol8: OL08-00-010384
@@ -28068,7 +28746,7 @@ index 4d57b106b..7c013cf69 100644
      stigid@sle15: SLES-15-020099
  
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
-index cdd03adcc..b74598aad 100644
+index bd9d93947..91f0cb08f 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
 @@ -2,7 +2,7 @@ documentation_complete: true
@@ -28456,7 +29134,7 @@ index 94428d19d..65410152c 100644
  {{{ complete_ocil_entry_package(package="libreport-plugin-logger") }}}
  
 diff --git a/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
-index 8ca0488c7..cf104f249 100644
+index da42b16a7..32f1088e3 100644
 --- a/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
 +++ b/linux_os/guide/system/software/system-tools/package_libreport-plugin-rhtsupport_removed/rule.yml
 @@ -1,6 +1,6 @@
@@ -28467,10 +29145,10 @@ index 8ca0488c7..cf104f249 100644
  
  title: 'Uninstall libreport-plugin-rhtsupport Package'
  
-@@ -20,7 +20,7 @@ references:
+@@ -19,7 +19,7 @@ identifiers:
+ references:
      disa: CCI-000381
      srg: SRG-OS-000095-GPOS-00049
-     stigid@ol8: OL08-00-040001
 -    stigid@rhel8: RHEL-08-040001
 +    stigid@almalinux8: RHEL-08-040001
  
@@ -28522,7 +29200,7 @@ index 2b34390f7..b9e583edc 100644
  {{{ complete_ocil_entry_package(package="python3-abrt-addon") }}}
  
 diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
-index 461389520..ea6bd4fa9 100644
+index 68043ea54..e2cb29db4 100644
 --- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
 +++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -28534,7 +29212,7 @@ index 461389520..ea6bd4fa9 100644
  title: 'Install rear Package'
  
 diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
-index f3b7725c5..ff830747b 100644
+index 41a484f26..1ada0f999 100644
 --- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
 +++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
 @@ -1,6 +1,6 @@
@@ -28644,7 +29322,7 @@ index 34127fd17..e30b09600 100644
  {{% if 'sle' in product %}}
  {{{ bash_replace_or_append('/etc/zypp/zypp.conf', '^solver.upgradeRemoveDroppedPackages', 'true', '%s=%s') }}}
 diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
-index 58b3ece0c..cac08aee1 100644
+index ee66181ab..20b825baf 100644
 --- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
 +++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
 @@ -1,6 +1,6 @@
@@ -28788,12 +29466,13 @@ index 000000000..7912da04b
 +   - ansible_distribution == "AlmaLinux"
 diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
 new file mode 100644
-index 000000000..dee95716e
+index 000000000..817ee6141
 --- /dev/null
 +++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
-@@ -0,0 +1,26 @@
+@@ -0,0 +1,27 @@
 +# platform = multi_platform_almalinux
-+readonly ALMALINUX_FINGERPRINT="5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8"
++readonly ALMALINUX_FINGERPRINT="{{{ release_key_fingerprint }}}"
++readonly ALMALINUX_AUXILIARY_FINGERPRINT="{{{ auxiliary_key_fingerprint }}}"
 +
 +# Location of the key we would like to import (once it's integrity verified)
 +readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
@@ -28805,25 +29484,25 @@ index 000000000..dee95716e
 +then
 +  # If they are safe, try to obtain fingerprints from the key file
 +  # (to ensure there won't be e.g. CRC error)
-+  readarray -t GPG_OUT < <(gpg --with-fingerprint --with-colons "$ALMALINUX_RELEASE_KEY" | grep "^fpr" | cut -d ":" -f 10)
++  readarray -t GPG_OUT < <(gpg --show-keys --with-fingerprint --with-colons "$REDHAT_RELEASE_KEY" | grep -A1 "^pub" | grep "^fpr" | cut -d ":" -f 10)
 +  GPG_RESULT=$?
 +  # No CRC error, safe to proceed
 +  if [ "${GPG_RESULT}" -eq "0" ]
 +  then
 +    # Filter just hexadecimal fingerprints from gpg's output from
 +    # processing of a key file
-+    echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}" || {
-+      # If $ ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
++    echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}|${ALMALINUX_AUXILIARY_FINGERPRINT}" || {
++      # If $ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
 +      rpm --import "${ALMALINUX_RELEASE_KEY}"
 +    }
 +  fi
 +fi
 diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
 new file mode 100644
-index 000000000..fb92fdb8e
+index 000000000..cbc55c2d7
 --- /dev/null
 +++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
-@@ -0,0 +1,42 @@
+@@ -0,0 +1,55 @@
 +
 +  
 +    
@@ -28838,10 +29517,11 @@ index 000000000..fb92fdb8e
 +        
 +          
 +        
-+        
-+            
-+
++        
++        
++          
 +        
 +      
 +    
@@ -28865,10 +29545,22 @@ index 000000000..fb92fdb8e
 +    {{{ pkg_version }}}
 +  
 +
++  
++  
++    
++    
++  
++  
++    {{{ aux_pkg_release }}}
++    {{{ aux_pkg_version }}}
++  
++
 +
 diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
 new file mode 100644
-index 000000000..3e4fe227b
+index 000000000..b53e57618
 --- /dev/null
 +++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
 @@ -0,0 +1,46 @@
@@ -28888,7 +29580,7 @@ index 000000000..3e4fe227b
 +    the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted
 +    in /media/cdrom, use the following command as the root user to import
 +    it into the keyring:
-+    
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY

++    
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY-AlmaLinux

 +
 +rationale: |-
 +    Changes to software components can have significant effects on the
@@ -28928,18 +29620,18 @@ index 2bf91c8ca..b5f520737 100644
  
  {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
-index e5b41c4bb..2889f1cd5 100644
+index 91cd19e26..6033621f4 100644
 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
 +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
 @@ -1,6 +1,6 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
  
  title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration'
  
-@@ -63,7 +63,7 @@ references:
+@@ -64,7 +64,7 @@ references:
      stigid@ol7: OL07-00-020050
      stigid@ol8: OL08-00-010370
      stigid@rhel7: RHEL-07-020050
@@ -28947,9 +29639,9 @@ index e5b41c4bb..2889f1cd5 100644
 +    stigid@almalinux8: RHEL-08-010370
      stigid@sle12: SLES-12-010550
      stigid@sle15: SLES-15-010430
-     vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650
+ 
 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
-index 579db66b0..c159156f7 100644
+index d02e8df1a..fdc0a717f 100644
 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
 +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
 @@ -1,6 +1,6 @@
@@ -28966,11 +29658,11 @@ index 579db66b0..c159156f7 100644
      stigid@rhel7: RHEL-07-020060
 -    stigid@rhel8: RHEL-08-010371
 +    stigid@almalinux8: RHEL-08-010371
-     vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650
  
  ocil_clause: 'there is no process to validate certificates for local packages that is approved by the organization'
+ 
 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
-index 8ba650131..6728e4d50 100644
+index 9fd7f4b5d..3b81d7866 100644
 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
 +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -28990,7 +29682,7 @@ index 07e02fa47..ee1d023d9 100644
  sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/*
  {{% else %}}
 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
-index 1a31ab2d1..1dd671bbc 100644
+index 64287817b..db9e5b949 100644
 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
 +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
 @@ -1,6 +1,6 @@
@@ -29001,15 +29693,15 @@ index 1a31ab2d1..1dd671bbc 100644
  
  title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories'
  
-@@ -47,7 +47,7 @@ references:
-     pcidss: Req-6.2
+@@ -48,7 +48,7 @@ references:
+     pcidss4: "6.3.3"
      srg: SRG-OS-000366-GPOS-00153
      stigid@ol8: OL08-00-010370
 -    stigid@rhel8: RHEL-08-010370
 +    stigid@almalinux8: RHEL-08-010370
-     vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650
  
  ocil_clause: 'GPG checking is disabled'
+ 
 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
 index 37e47e4d4..a852e856f 100644
 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
@@ -29042,6 +29734,19 @@ index 740c2be53..53e9520a8 100644
  
  title: 'Ensure gpgcheck Enabled for Repository Metadata'
  
+diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+index 5ecaae27c..cf19bab18 100644
+--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
++++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+@@ -59,7 +59,7 @@ references:
+     pcidss: Req-6.2
+     srg: SRG-OS-000366-GPOS-00153
+     stigid@rhel7: RHEL-07-010019
+-    stigid@rhel8: RHEL-08-010019
++    stigid@almalinux8: RHEL-08-010019
+ 
+ ocil_clause: 'the Red Hat GPG Key is not installed'
+ 
 diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
 index bdcc5e9be..2e150e42f 100644
 --- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
@@ -29065,14 +29770,14 @@ index fd844d2a1..2932351f4 100644
  # strategy = patch
  # complexity = low
 diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
-index d114c3236..e342962b6 100644
+index 99aa0518a..1da5c7be2 100644
 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
 +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
 @@ -1,11 +1,11 @@
  documentation_complete: true
  
--prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20
-+prodtype: alinux2,alinux3,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20
+-prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20
++prodtype: alinux2,alinux3,anolis23,anolis8,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20
  
  title: 'Ensure Software Patches Installed'
  
@@ -29094,7 +29799,7 @@ index d114c3236..e342962b6 100644
  {{% elif product in ["sle12", "sle15"] %}}
      If the system is configured for online updates, invoking the following command will list available
      security updates:
-@@ -65,7 +70,7 @@ references:
+@@ -68,7 +73,7 @@ references:
      stigid@ol7: OL07-00-020260
      stigid@ol8: OL08-00-010010
      stigid@rhel7: RHEL-07-020260
@@ -29102,7 +29807,7 @@ index d114c3236..e342962b6 100644
 +    stigid@almalinux8: RHEL-08-010010
      stigid@sle12: SLES-12-010010
      stigid@sle15: SLES-15-010010
-     vmmsrg: SRG-OS-000480-VMM-002000
+ 
 diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
 index 5ae61e5d6..e011e7d2b 100644
 --- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
@@ -29117,12 +29822,12 @@ index 5ae61e5d6..e011e7d2b 100644
  
 diff --git a/products/almalinux8/CMakeLists.txt b/products/almalinux8/CMakeLists.txt
 new file mode 100644
-index 000000000..dcbf2057a
+index 000000000..e6cb143e7
 --- /dev/null
 +++ b/products/almalinux8/CMakeLists.txt
 @@ -0,0 +1,28 @@
 +# Sometimes our users will try to do: "cd almalinux8; cmake ." That needs to error in a nice way.
-+if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
++if("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
 +    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
 +endif()
 +
@@ -29145,16 +29850,16 @@ index 000000000..dcbf2057a
 +ssg_build_html_srgmap_tables(${PRODUCT})
 +
 +ssg_build_html_stig_tables(${PRODUCT})
-+ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig")
-+ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig_gui")
++ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig")
++ssg_build_html_stig_tables_per_profile(${PRODUCT} "stig_gui")
 +
 +#ssg_build_html_stig_tables(${PRODUCT} "ospp")
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
 new file mode 100644
-index 000000000..30a1cdbc8
+index 000000000..ff05b3d8a
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
-@@ -0,0 +1,158 @@
+@@ -0,0 +1,154 @@
 +# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 8
 +# Version: 0.0.1
 +# Date: 2021-01-28
@@ -29194,7 +29899,7 @@ index 000000000..30a1cdbc8
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -29226,9 +29931,9 @@ index 000000000..30a1cdbc8
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -29246,16 +29951,16 @@ index 000000000..30a1cdbc8
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
 +# Ensure /usr Located On Separate Partition
-+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev"
++logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
 +# Ensure /opt Located On Separate Partition
-+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 +# Ensure /srv Located On Separate Partition
-+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 +# Ensure /home Located On Separate Partition
 +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
 +# Ensure /tmp Located On Separate Partition
@@ -29265,9 +29970,9 @@ index 000000000..30a1cdbc8
 +# Ensure /var Located On Separate Partition
 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 +logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
@@ -29304,21 +30009,17 @@ index 000000000..30a1cdbc8
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
 new file mode 100644
-index 000000000..1ad295d4e
+index 000000000..ec2175fef
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
-@@ -0,0 +1,162 @@
+@@ -0,0 +1,158 @@
 +# SCAP Security Guide ANSSI BP-028 (high) profile kickstart for AlmaLinux 8
 +# Version: 0.0.1
 +# Date: 2020-12-10
@@ -29358,7 +30059,7 @@ index 000000000..1ad295d4e
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -29394,9 +30095,9 @@ index 000000000..1ad295d4e
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --append="audit=1 audit_backlog_limit=8192" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -29414,16 +30115,16 @@ index 000000000..1ad295d4e
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
 +# Ensure /usr Located On Separate Partition
-+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev"
++logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
 +# Ensure /opt Located On Separate Partition
-+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 +# Ensure /srv Located On Separate Partition
-+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 +# Ensure /home Located On Separate Partition
 +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
 +# Ensure /tmp Located On Separate Partition
@@ -29433,9 +30134,9 @@ index 000000000..1ad295d4e
 +# Ensure /var Located On Separate Partition
 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 +logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
@@ -29472,21 +30173,17 @@ index 000000000..1ad295d4e
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
 new file mode 100644
-index 000000000..376cade2b
+index 000000000..52c9bb262
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
-@@ -0,0 +1,158 @@
+@@ -0,0 +1,154 @@
 +# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for AlmaLinux 8
 +# Version: 0.0.1
 +# Date: 2021-01-28
@@ -29526,7 +30223,7 @@ index 000000000..376cade2b
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -29558,9 +30255,9 @@ index 000000000..376cade2b
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr
++bootloader
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -29578,16 +30275,16 @@ index 000000000..376cade2b
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=3192 --grow
 +# Ensure /usr Located On Separate Partition
-+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev"
++logvol /usr --fstype=xfs --name=usr --vgname=VolGroup --size=6536 --fsoptions="nodev"
 +# Ensure /opt Located On Separate Partition
-+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++logvol /opt --fstype=xfs --name=opt --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 +# Ensure /srv Located On Separate Partition
-+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
++logvol /srv --fstype=xfs --name=srv --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
 +# Ensure /home Located On Separate Partition
 +logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
 +# Ensure /tmp Located On Separate Partition
@@ -29597,9 +30294,9 @@ index 000000000..376cade2b
 +# Ensure /var Located On Separate Partition
 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 +logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
@@ -29636,21 +30333,17 @@ index 000000000..376cade2b
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
 new file mode 100644
-index 000000000..f8ab2250a
+index 000000000..4659ce9f3
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
-@@ -0,0 +1,122 @@
+@@ -0,0 +1,118 @@
 +# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for AlmaLinux 8
 +# Version: 0.0.1
 +# Date: 2021-01-28
@@ -29690,7 +30383,7 @@ index 000000000..f8ab2250a
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -29712,9 +30405,9 @@ index 000000000..f8ab2250a
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr
++bootloader
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -29764,22 +30457,18 @@ index 000000000..f8ab2250a
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
 new file mode 100644
-index 000000000..8553b192d
+index 000000000..533f4ac2d
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
-@@ -0,0 +1,132 @@
-+# SCAP Security Guide CIS profile (Level 2 - Server) kickstart for AlmaLinux 8
+@@ -0,0 +1,128 @@
++# SCAP Security Guide CIS profile (Level 2 - Server) kickstart for AlmaLinux 8 Server
 +# Version: 0.0.1
 +# Date: 2021-08-12
 +#
@@ -29819,7 +30508,7 @@ index 000000000..8553b192d
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -29853,9 +30542,9 @@ index 000000000..8553b192d
 +
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
-+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
 +# encrypted password form for different plaintext password
-+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -29873,23 +30562,23 @@ index 000000000..8553b192d
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
 +# Ensure /home Located On Separate Partition
-+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
 +# Ensure /tmp Located On Separate Partition
-+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 +# Ensure /var/tmp Located On Separate Partition
-+logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var Located On Separate Partition
-+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
-+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +
 +# Harden installation with CIS profile
@@ -29902,22 +30591,18 @@ index 000000000..8553b192d
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
 new file mode 100644
-index 000000000..b599aa433
+index 000000000..f16f35838
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
-@@ -0,0 +1,122 @@
-+# SCAP Security Guide CIS profile (Level 1 - Server) kickstart for AlmaLinux 8
+@@ -0,0 +1,128 @@
++# SCAP Security Guide CIS profile (Level 1 - Server) kickstart for AlmaLinux 8 Server
 +# Version: 0.0.1
 +# Date: 2021-08-12
 +#
@@ -29957,7 +30642,7 @@ index 000000000..b599aa433
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -29991,9 +30676,9 @@ index 000000000..b599aa433
 +
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
-+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
 +# encrypted password form for different plaintext password
-+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30011,13 +30696,23 @@ index 000000000..b599aa433
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
 +# Ensure /tmp Located On Separate Partition
-+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
-+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +
 +# Harden installation with CIS profile
@@ -30030,22 +30725,18 @@ index 000000000..b599aa433
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
 new file mode 100644
-index 000000000..e72a1d61f
+index 000000000..74473195d
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
-@@ -0,0 +1,122 @@
-+# SCAP Security Guide CIS profile (Level 1 - Workstation) kickstart for AlmaLinux 8
+@@ -0,0 +1,128 @@
++# SCAP Security Guide CIS profile (Level 1 - Workstation) kickstart for AlmaLinux 8 Server
 +# Version: 0.0.1
 +# Date: 2021-08-12
 +#
@@ -30085,7 +30776,7 @@ index 000000000..e72a1d61f
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -30119,9 +30810,9 @@ index 000000000..e72a1d61f
 +
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
-+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
 +# encrypted password form for different plaintext password
-+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30139,13 +30830,23 @@ index 000000000..e72a1d61f
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
++# Ensure /home Located On Separate Partition
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
 +# Ensure /tmp Located On Separate Partition
-+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
-+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++# Ensure /var/tmp Located On Separate Partition
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++# Ensure /var Located On Separate Partition
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
++# Ensure /var/log Located On Separate Partition
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
++# Ensure /var/log/audit Located On Separate Partition
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +
 +# Harden installation with CIS profile
@@ -30158,22 +30859,18 @@ index 000000000..e72a1d61f
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
 new file mode 100644
-index 000000000..36e6989aa
+index 000000000..d68b97c91
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
-@@ -0,0 +1,132 @@
-+# SCAP Security Guide CIS profile (Level 2 - Workstation) kickstart for AlmaLinux 8
+@@ -0,0 +1,128 @@
++# SCAP Security Guide CIS profile (Level 2 - Workstation) kickstart for AlmaLinux 8 Server
 +# Version: 0.0.1
 +# Date: 2021-08-12
 +#
@@ -30213,7 +30910,7 @@ index 000000000..36e6989aa
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -30247,9 +30944,9 @@ index 000000000..36e6989aa
 +
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
-+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
 +# encrypted password form for different plaintext password
-+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30267,23 +30964,23 @@ index 000000000..36e6989aa
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
 +# Ensure /home Located On Separate Partition
-+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
 +# Ensure /tmp Located On Separate Partition
-+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 +# Ensure /var/tmp Located On Separate Partition
-+logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var Located On Separate Partition
-+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
-+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512
++logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +
 +# Harden installation with CIS profile
@@ -30296,21 +30993,17 @@ index 000000000..36e6989aa
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
 new file mode 100644
-index 000000000..1af24eeca
+index 000000000..e1237a0b2
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
-@@ -0,0 +1,153 @@
+@@ -0,0 +1,149 @@
 +# SCAP Security Guide CUI profile kickstart for AlmaLinux 8
 +#
 +# Based on:
@@ -30348,7 +31041,7 @@ index 000000000..1af24eeca
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -30383,9 +31076,9 @@ index 000000000..1af24eeca
 +
 +# Specify how the bootloader should be installed (required)
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30403,7 +31096,7 @@ index 000000000..1af24eeca
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
 +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
@@ -30416,9 +31109,9 @@ index 000000000..1af24eeca
 +# Ensure /var Located On Separate Partition
 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 +logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
@@ -30455,22 +31148,18 @@ index 000000000..1af24eeca
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
 new file mode 100644
-index 000000000..3e2e169eb
+index 000000000..1211e5806
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
-@@ -0,0 +1,111 @@
-+# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 8
+@@ -0,0 +1,107 @@
++# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 8 Server
 +# Version: 0.0.1
 +# Date: 2019-11-13
 +#
@@ -30510,7 +31199,7 @@ index 000000000..3e2e169eb
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -30544,9 +31233,9 @@ index 000000000..3e2e169eb
 +
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
-+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
 +# encrypted password form for different plaintext password
-+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30572,22 +31261,18 @@ index 000000000..3e2e169eb
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
 new file mode 100644
-index 000000000..93899d99a
+index 000000000..18926aecc
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
-@@ -0,0 +1,111 @@
-+# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 8
+@@ -0,0 +1,107 @@
++# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 8 Server
 +# Version: 0.0.1
 +# Date: 2020-05-25
 +#
@@ -30627,7 +31312,7 @@ index 000000000..93899d99a
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -30661,9 +31346,9 @@ index 000000000..93899d99a
 +
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
-+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
++# Refer to e.g. grub2-mkpasswd-pbkdf2 to see how to create
 +# encrypted password form for different plaintext password
-+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30689,22 +31374,18 @@ index 000000000..93899d99a
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
 new file mode 100644
-index 000000000..573edb572
+index 000000000..78ae77699
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
-@@ -0,0 +1,110 @@
-+# SCAP Security Guide ISM Official profile kickstart for AlmaLinux 8
+@@ -0,0 +1,106 @@
++# SCAP Security Guide ISM Official profile kickstart for AlmaLinux 8 Server
 +# Version: 0.0.1
 +# Date: 2021-08-16
 +#
@@ -30744,7 +31425,7 @@ index 000000000..573edb572
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -30779,7 +31460,7 @@ index 000000000..573edb572
 +timezone --utc America/New_York
 +
 +# Specify how the bootloader should be installed (required)
-+bootloader --location=mbr --append="crashkernel=auto rhgb quiet"
++bootloader
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30805,21 +31486,17 @@ index 000000000..573edb572
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
 new file mode 100644
-index 000000000..58805cdfc
+index 000000000..62b9ca40f
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
-@@ -0,0 +1,153 @@
+@@ -0,0 +1,149 @@
 +# SCAP Security Guide OSPP profile kickstart for AlmaLinux 8
 +#
 +# Based on:
@@ -30857,7 +31534,7 @@ index 000000000..58805cdfc
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -30892,9 +31569,9 @@ index 000000000..58805cdfc
 +
 +# Specify how the bootloader should be installed (required)
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -30912,7 +31589,7 @@ index 000000000..58805cdfc
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
 +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
@@ -30925,9 +31602,9 @@ index 000000000..58805cdfc
 +# Ensure /var Located On Separate Partition
 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
 +logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
@@ -30964,21 +31641,17 @@ index 000000000..58805cdfc
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
 new file mode 100644
-index 000000000..53eab4a5a
+index 000000000..e997629e8
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
-@@ -0,0 +1,148 @@
+@@ -0,0 +1,144 @@
 +# SCAP Security Guide PCI-DSS profile kickstart for AlmaLinux 8
 +#
 +# Based on:
@@ -31017,7 +31690,7 @@ index 000000000..53eab4a5a
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -31048,13 +31721,9 @@ index 000000000..53eab4a5a
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+#
-+# PASSWORD TEMPORARILY DISABLED
-+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
-+#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
-+
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -31072,21 +31741,21 @@ index 000000000..53eab4a5a
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
-+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow
++logvol / --fstype=xfs --name=root --vgname=VolGroup --size=11264 --grow
 +# CCE-26557-9: Ensure /home Located On Separate Partition
-+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
 +# CCE-26435-8: Ensure /tmp Located On Separate Partition
-+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
++logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
 +# CCE-26639-5: Ensure /var Located On Separate Partition
-+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev"
++logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# CCE-26215-4: Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev"
 +# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev"
-+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=512 --fsoptions="nodev"
++logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
 +# content - security policies - on the installed system.This add-on has been enabled by default
@@ -31122,17 +31791,17 @@ index 000000000..53eab4a5a
 +
 +# Packages selection (%packages section is required)
 +%packages
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
 new file mode 100644
-index 000000000..0a1ad0359
+index 000000000..d00b911b5
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
-@@ -0,0 +1,155 @@
+@@ -0,0 +1,151 @@
 +# SCAP Security Guide STIG profile kickstart for AlmaLinux 8
 +#
 +# Based on:
@@ -31170,7 +31839,7 @@ index 000000000..0a1ad0359
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -31207,9 +31876,9 @@ index 000000000..0a1ad0359
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -31227,7 +31896,7 @@ index 000000000..0a1ad0359
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
 +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
@@ -31240,9 +31909,9 @@ index 000000000..0a1ad0359
 +# Ensure /var Located On Separate Partition
 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
 +logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
@@ -31279,21 +31948,17 @@ index 000000000..0a1ad0359
 +
 +# Packages selection (%packages section is required)
 +%packages
-+
-+# Require @Base
-+@Base
-+
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
 +reboot --eject
 diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
 new file mode 100644
-index 000000000..556f64de4
+index 000000000..bacba279f
 --- /dev/null
 +++ b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
-@@ -0,0 +1,154 @@
+@@ -0,0 +1,153 @@
 +# SCAP Security Guide STIG with GUI profile kickstart for AlmaLinux 8
 +#
 +# Based on:
@@ -31331,7 +31996,7 @@ index 000000000..556f64de4
 +lang en_US.UTF-8
 +
 +# Set system keyboard type / layout (required)
-+keyboard us
++keyboard --vckeymap us
 +
 +# Configure network information for target system and activate network devices in the installer environment (optional)
 +# --onboot	enable device at a boot time
@@ -31367,9 +32032,9 @@ index 000000000..556f64de4
 +# Specify how the bootloader should be installed (required)
 +# Plaintext password is: password
 +# Refer to e.g.
-+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
++#   grub2-mkpasswd-pbkdf2
 +# to see how to create encrypted password form for different plaintext password
-+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
++bootloader --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=grub.pbkdf2.sha512.10000.45912D32B964BA58B91EAF9847F3CCE6F4C962638922543AFFAEE4D29951757F4336C181E6FC9030E07B7D9874DAD696A1B18978D995B1D7F27AF9C38159FDF3.99F65F3896012A0A3D571A99D6E6C695F3C51BE5343A01C1B6907E1C3E1373CB7F250C2BC66C44BB876961E9071F40205006A05189E51C2C14770C70C723F3FD --iscrypted
 +
 +# Initialize (format) all disks (optional)
 +zerombr
@@ -31387,7 +32052,7 @@ index 000000000..556f64de4
 +part pv.01 --grow --size=1
 +
 +# Create a Logical Volume Management (LVM) group (optional)
-+volgroup VolGroup --pesize=4096 pv.01
++volgroup VolGroup pv.01
 +
 +# Create particular logical volumes (optional)
 +logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
@@ -31400,9 +32065,9 @@ index 000000000..556f64de4
 +# Ensure /var Located On Separate Partition
 +logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
 +# Ensure /var/log Located On Separate Partition
-+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log --fstype=xfs --name=varlog --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
 +# Ensure /var/log/audit Located On Separate Partition
-+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
++logvol /var/log/audit --fstype=xfs --name=varlogaudit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
 +logvol swap --name=swap --vgname=VolGroup --size=2016
 +
 +# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
@@ -31440,10 +32105,9 @@ index 000000000..556f64de4
 +# Packages selection (%packages section is required)
 +%packages
 +
-+# Require @Base
-+@Base
++@Server with GUI
 +
-+%end # End of %packages section
++%end
 +
 +# Reboot after the installation is complete (optional)
 +# --eject	attempt to eject CD or DVD media before rebooting
@@ -31629,16 +32293,23 @@ index 000000000..08c87ea68
 +
 diff --git a/products/almalinux8/product.yml b/products/almalinux8/product.yml
 new file mode 100644
-index 000000000..9f4ddf74d
+index 000000000..7403f1526
 --- /dev/null
 +++ b/products/almalinux8/product.yml
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,49 @@
 +product: almalinux8
 +full_name: AlmaLinux 8
 +type: platform
 +
++families:
++  - rhel
++  - rhel-like
++
++major_version_ordinal: 8
++
 +benchmark_id: ALMALINUX-8
 +benchmark_root: "../../linux_os/guide"
++components_root: "../../components"
 +
 +profiles_root: "./profiles"
 +
@@ -31646,14 +32317,16 @@ index 000000000..9f4ddf74d
 +
 +init_system: "systemd"
 +
++# The fingerprints below are retrieved from https://access.redhat.com/security/team/key
 +pkg_release: "5ffd890e"
 +pkg_version: "3abb34f8"
++aux_pkg_release: "6525146f"
++aux_pkg_version: "ced7258b"
 +
++release_key_fingerprint: "5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8"
++auxiliary_key_fingerprint: "BC5EDDCADF502C077F1582882AE81E8ACED7258B"
 +oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-8.xml.bz2"
 +
-+grub2_boot_path: "/boot/grub2"
-+grub2_uefi_boot_path: "/boot/efi/EFI/almalinux"
-+
 +groups:
 +  dedicated_ssh_keyowner:
 +    name: ssh_keys
@@ -31675,7 +32348,7 @@ index 000000000..9f4ddf74d
 +  cis: 'https://www.cisecurity.org/benchmark/almalinuxos_linux/'
 diff --git a/products/almalinux8/profiles/anssi_bp28_enhanced.profile b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
 new file mode 100644
-index 000000000..8f2ee3149
+index 000000000..62cbe1715
 --- /dev/null
 +++ b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
 @@ -0,0 +1,19 @@
@@ -31688,7 +32361,7 @@ index 000000000..8f2ee3149
 +title: 'ANSSI-BP-028 (enhanced)'
 +
 +description: |-
-+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the enhanced hardening level.
 +
 +    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
 +    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
@@ -31700,10 +32373,10 @@ index 000000000..8f2ee3149
 +    - anssi:all:enhanced
 diff --git a/products/almalinux8/profiles/anssi_bp28_high.profile b/products/almalinux8/profiles/anssi_bp28_high.profile
 new file mode 100644
-index 000000000..0cd4b67f8
+index 000000000..204e141b1
 --- /dev/null
 +++ b/products/almalinux8/profiles/anssi_bp28_high.profile
-@@ -0,0 +1,19 @@
+@@ -0,0 +1,21 @@
 +documentation_complete: true
 +
 +metadata:
@@ -31713,7 +32386,7 @@ index 000000000..0cd4b67f8
 +title: 'ANSSI-BP-028 (high)'
 +
 +description: |-
-+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the high hardening level.
 +
 +    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
 +    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
@@ -31723,9 +32396,11 @@ index 000000000..0cd4b67f8
 +
 +selections:
 +    - anssi:all:high
++    # the following rule renders UEFI systems unbootable
++    - '!sebool_secure_mode_insmod'
 diff --git a/products/almalinux8/profiles/anssi_bp28_intermediary.profile b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
 new file mode 100644
-index 000000000..9c9e4cc66
+index 000000000..81b684668
 --- /dev/null
 +++ b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
 @@ -0,0 +1,19 @@
@@ -31738,7 +32413,7 @@ index 000000000..9c9e4cc66
 +title: 'ANSSI-BP-028 (intermediary)'
 +
 +description: |-
-+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the intermediary hardening level.
 +
 +    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
 +    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
@@ -31750,7 +32425,7 @@ index 000000000..9c9e4cc66
 +  - anssi:all:intermediary
 diff --git a/products/almalinux8/profiles/anssi_bp28_minimal.profile b/products/almalinux8/profiles/anssi_bp28_minimal.profile
 new file mode 100644
-index 000000000..19a95efb7
+index 000000000..79a63fd43
 --- /dev/null
 +++ b/products/almalinux8/profiles/anssi_bp28_minimal.profile
 @@ -0,0 +1,20 @@
@@ -31763,7 +32438,7 @@ index 000000000..19a95efb7
 +title: 'ANSSI-BP-028 (minimal)'
 +
 +description: |-
-+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.
++    This profile contains configurations that align to ANSSI-BP-028 v2.0 at the minimal hardening level.
 +
 +    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
 +    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
@@ -32079,7 +32754,7 @@ index 000000000..216999b09
 +    - inactivity_timeout_value=10_minutes
 diff --git a/products/almalinux8/profiles/e8.profile b/products/almalinux8/profiles/e8.profile
 new file mode 100644
-index 000000000..2a2a95394
+index 000000000..491958fdd
 --- /dev/null
 +++ b/products/almalinux8/profiles/e8.profile
 @@ -0,0 +1,152 @@
@@ -32090,7 +32765,7 @@ index 000000000..2a2a95394
 +        - shaneboulden
 +        - tjbutt58
 +
-+reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
++reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers 
 +
 +title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
 +
@@ -32237,7 +32912,7 @@ index 000000000..2a2a95394
 +  - package_rear_installed
 diff --git a/products/almalinux8/profiles/hipaa.profile b/products/almalinux8/profiles/hipaa.profile
 new file mode 100644
-index 000000000..40e3bb698
+index 000000000..e736c0657
 --- /dev/null
 +++ b/products/almalinux8/profiles/hipaa.profile
 @@ -0,0 +1,166 @@
@@ -32261,7 +32936,7 @@ index 000000000..40e3bb698
 +
 +    This profile configures AlmaLinux 8 to the HIPAA Security
 +    Rule identified for securing of electronic protected health information.
-+    Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).
++    Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).   
 +
 +selections:
 +    - grub2_password
@@ -32409,7 +33084,7 @@ index 000000000..40e3bb698
 +    - audit_rules_usergroup_modification_shadow
 diff --git a/products/almalinux8/profiles/ism_o.profile b/products/almalinux8/profiles/ism_o.profile
 new file mode 100644
-index 000000000..719f90700
+index 000000000..aac055ee1
 --- /dev/null
 +++ b/products/almalinux8/profiles/ism_o.profile
 @@ -0,0 +1,139 @@
@@ -32432,7 +33107,7 @@ index 000000000..719f90700
 +  that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
 +  with the applicability marking of OFFICIAL.
 +
-+  The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
++  The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning 
 +  AlmaLinux security controls with the ISM, which can be used to select controls 
 +  specific to an organisation's security posture and risk profile.
 +
@@ -32499,7 +33174,7 @@ index 000000000..719f90700
 +  - accounts_password_pam_minlen
 +
 +  ## Centralised logging facility
-+  ## Identifiers 1405 / 0988
++  ## Identifiers 1405 / 0988 
 +  - rsyslog_cron_logging
 +  - rsyslog_files_groupownership
 +  - rsyslog_files_ownership
@@ -32529,7 +33204,7 @@ index 000000000..719f90700
 +  - openssl_use_strong_entropy
 +
 +  ## Network design and configuration
-+  ## Identifiers 1055 / 1311
++  ## Identifiers 1055 / 1311 
 +  - network_nmcli_permissions
 +  - service_snmpd_disabled
 +  - snmpd_use_newer_protocol
@@ -32539,8 +33214,8 @@ index 000000000..719f90700
 +  - wireless_disable_interfaces
 +
 +  ## ASD Approved Cryptographic Algorithms
-+  ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 /
-+  ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 /  1139 /
++  ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 / 
++  ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 /  1139 / 
 +  ## 1372 / 1373 / 1374 / 1375
 +  - enable_fips_mode
 +  - var_system_crypto_policy=fips
@@ -33334,14 +34009,14 @@ index 000000000..7904d13c4
 +    - configure_kerberos_crypto_policy
 diff --git a/products/almalinux8/profiles/stig.profile b/products/almalinux8/profiles/stig.profile
 new file mode 100644
-index 000000000..e8ef7f0c2
+index 000000000..0ce172c28
 --- /dev/null
 +++ b/products/almalinux8/profiles/stig.profile
-@@ -0,0 +1,1207 @@
+@@ -0,0 +1,1226 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: V1R9
++    version: V1R11
 +    SMEs:
 +        - mab879
 +        - ggbecker
@@ -33352,7 +34027,7 @@ index 000000000..e8ef7f0c2
 +
 +description: |-
 +    This profile contains configuration checks that align to the
-+    DISA STIG for Red Hat Enterprise Linux 8 V1R9.
++    DISA STIG for Red Hat Enterprise Linux 8 V1R11.
 +
 +selections:
 +    ### Variables
@@ -33380,7 +34055,7 @@ index 000000000..e8ef7f0c2
 +    - var_password_pam_retry=3
 +    - var_password_pam_minlen=15
 +    - var_sshd_set_keepalive=1
-+    - sshd_approved_macs=stig
++    - sshd_approved_macs=stig_extended
 +    - sshd_approved_ciphers=stig
 +    - sshd_idle_timeout_value=10_minutes
 +    - var_accounts_authorized_local_users_regex=rhel8
@@ -33426,6 +34101,9 @@ index 000000000..e8ef7f0c2
 +    # RHEL-08-010010
 +    - security_patches_up_to_date
 +
++    # RHEL-08-010019
++    - ensure_almalinux_gpgkey_installed
++
 +    # RHEL-08-010020
 +    - sysctl_crypto_fips_enabled
 +
@@ -33448,8 +34126,10 @@ index 000000000..e8ef7f0c2
 +    - rsyslog_remote_access_monitoring
 +
 +    # RHEL-08-010090
++    - sssd_has_trust_anchor
 +
 +    # RHEL-08-010100
++    - ssh_keys_passphrase_protected
 +
 +    # RHEL-08-010110
 +    - set_password_hashing_algorithm_logindefs
@@ -33457,6 +34137,9 @@ index 000000000..e8ef7f0c2
 +    # RHEL-08-010120
 +    - accounts_password_all_shadowed_sha512
 +
++    # RHEL-08-010121
++    - no_empty_passwords_etc_shadow
++
 +    # RHEL-08-010130
 +    - set_password_hashing_min_rounds_logindefs
 +
@@ -33499,9 +34182,6 @@ index 000000000..e8ef7f0c2
 +    # RHEL-08-010190
 +    - dir_perms_world_writable_sticky_bits
 +
-+    # Although these rules have a different behavior in RHEL>=8.6
-+    # they still need to be selected so it follows exactly what STIG
-+    # states.
 +    # RHEL-08-010200
 +    - sshd_set_keepalive
 +    # RHEL-08-010201
@@ -33575,6 +34255,9 @@ index 000000000..e8ef7f0c2
 +    # RHEL-08-010351
 +    - dir_group_ownership_library_dirs
 +
++    # RHEL-08-010358
++    - package_mailx_installed
++
 +    # RHEL-08-010359
 +    - package_aide_installed
 +    - aide_build_database
@@ -33626,6 +34309,9 @@ index 000000000..e8ef7f0c2
 +    - sudo_require_reauthentication
 +    - var_sudo_timestamp_timeout=always_prompt
 +
++    # RHEL-08-010385
++    - disallow_bypass_password_sudo
++
 +    # RHEL-08-010390
 +    - install_smartcard_packages
 +
@@ -33664,7 +34350,8 @@ index 000000000..e8ef7f0c2
 +    - no_user_host_based_files
 +
 +    # RHEL-08-010471
-+    # currently there is not a relevant rule which would improve RNG for RHEL in this context
++    # Not applicable for RHEL 8.4+
++    - service_rngd_enabled
 +
 +    # RHEL-08-010472
 +    - package_rng-tools_installed
@@ -33853,6 +34540,9 @@ index 000000000..e8ef7f0c2
 +    # RHEL-08-020032
 +    - dconf_gnome_disable_user_list
 +
++    # RHEL-08-020035
++    - logind_session_timeout
++
 +    # RHEL-08-020039
 +    - package_tmux_installed
 +
@@ -33943,6 +34633,9 @@ index 000000000..e8ef7f0c2
 +    # RHEL-08-020230
 +    - accounts_password_pam_minlen
 +
++    # RHEL-08-020231
++    - accounts_password_minlen_login_defs
++
 +    # RHEL-08-020240
 +    - account_unique_id
 +
@@ -33953,7 +34646,7 @@ index 000000000..e8ef7f0c2
 +    - account_disable_post_pw_expiration
 +
 +    # RHEL-08-020270
-+    - account_emergency_expire_date
++    - account_temp_expire_date
 +
 +    # RHEL-08-020280
 +    - accounts_password_pam_ocredit
@@ -34204,9 +34897,7 @@ index 000000000..e8ef7f0c2
 +    - audit_rules_privileged_commands_kmod
 +
 +    # RHEL-08-030590
-+    # This one needs to be updated to use /var/log/faillock, but first RHEL-08-020017 should be
-+    # implemented as it is the one that configures a different path for the events of failing locks
-+    # - audit_rules_login_events_faillock
++    - audit_rules_login_events_faillock
 +
 +    # RHEL-08-030600
 +    - audit_rules_login_events_lastlog
@@ -34324,7 +35015,7 @@ index 000000000..e8ef7f0c2
 +    - configure_firewalld_ports
 +
 +    # RHEL-08-040060
-+    ### NOTE: Will be removed in V1R2
++    ### NOTE: Removed in V1R2
 +
 +    # RHEL-08-040070
 +    - service_autofs_disabled
@@ -34525,6 +35216,9 @@ index 000000000..e8ef7f0c2
 +    # RHEL-08-040341
 +    - sshd_x11_use_localhost
 +
++    # RHEL-08-040342
++    - sshd_use_approved_kex_ordered_stig
++
 +    # RHEL-08-040350
 +    - tftpd_uses_secure_mode
 +
@@ -34547,14 +35241,14 @@ index 000000000..e8ef7f0c2
 +    - package_krb5-server_removed
 diff --git a/products/almalinux8/profiles/stig_gui.profile b/products/almalinux8/profiles/stig_gui.profile
 new file mode 100644
-index 000000000..a3f39db52
+index 000000000..17e7d2bd9
 --- /dev/null
 +++ b/products/almalinux8/profiles/stig_gui.profile
 @@ -0,0 +1,33 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: V1R9
++    version: V1R11
 +    SMEs:
 +        - mab879
 +        - ggbecker
@@ -34565,7 +35259,7 @@ index 000000000..a3f39db52
 +
 +description: |-
 +    This profile contains configuration checks that align to the
-+    DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R9.
++    DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R11.
 +
 +    Warning: The installation and use of a Graphical User Interface (GUI)
 +    increases your attack vector and decreases your overall security posture. If
@@ -34724,27 +35418,27 @@ index affb9770c..7273e6d7d 100644
  	multi_platform_rhv
  	multi_platform_sle
      multi_platform_ubuntu
-diff --git a/shared/references/disa-stig-almalinux8-v1r8-xccdf-scap.xml b/shared/references/disa-stig-almalinux8-v1r8-xccdf-scap.xml
+diff --git a/shared/references/disa-stig-almalinux8-v1r10-xccdf-scap.xml b/shared/references/disa-stig-almalinux8-v1r10-xccdf-scap.xml
 new file mode 120000
-index 000000000..54c642fdf
+index 000000000..a0292d655
 --- /dev/null
-+++ b/shared/references/disa-stig-almalinux8-v1r8-xccdf-scap.xml
++++ b/shared/references/disa-stig-almalinux8-v1r10-xccdf-scap.xml
 @@ -0,0 +1 @@
-+disa-stig-rhel8-v1r8-xccdf-scap.xml
++disa-stig-rhel8-v1r10-xccdf-scap.xml
 \ No newline at end of file
-diff --git a/shared/references/disa-stig-almalinux8-v1r9-xccdf-manual.xml b/shared/references/disa-stig-almalinux8-v1r9-xccdf-manual.xml
+diff --git a/shared/references/disa-stig-almalinux8-v1r11-xccdf-manual.xml b/shared/references/disa-stig-almalinux8-v1r11-xccdf-manual.xml
 new file mode 120000
-index 000000000..083e51d2d
+index 000000000..52c4ef757
 --- /dev/null
-+++ b/shared/references/disa-stig-almalinux8-v1r9-xccdf-manual.xml
++++ b/shared/references/disa-stig-almalinux8-v1r11-xccdf-manual.xml
 @@ -0,0 +1 @@
-+disa-stig-rhel8-v1r9-xccdf-manual.xml
++disa-stig-rhel8-v1r11-xccdf-manual.xml
 \ No newline at end of file
-diff --git a/shared/references/disa-stig-ol7-v2r9-xccdf-manual.xml b/shared/references/disa-stig-ol7-v2r9-xccdf-manual.xml
-index 45b7a0956..3c953e30f 100644
---- a/shared/references/disa-stig-ol7-v2r9-xccdf-manual.xml
-+++ b/shared/references/disa-stig-ol7-v2r9-xccdf-manual.xml
-@@ -930,7 +930,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
+diff --git a/shared/references/disa-stig-ol7-v2r11-xccdf-manual.xml b/shared/references/disa-stig-ol7-v2r11-xccdf-manual.xml
+index 7d240fe02..b311997bb 100644
+--- a/shared/references/disa-stig-ol7-v2r11-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol7-v2r11-xccdf-manual.xml
+@@ -929,7 +929,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
  $ sudo grep -iw grub2_password /boot/grub2/user.cfg
  GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
  
@@ -34753,7 +35447,7 @@ index 45b7a0956..3c953e30f 100644
  
  Generate an encrypted grub2 password for the grub superusers account with the following command:
  
-@@ -942,7 +942,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not
+@@ -941,7 +941,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not
  
  Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
  
@@ -34762,7 +35456,7 @@ index 45b7a0956..3c953e30f 100644
  GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
  
  If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>OL07-00-010500The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
-@@ -1845,7 +1845,7 @@ On BIOS-based machines, use the following command:
+@@ -1836,7 +1836,7 @@ On BIOS-based machines, use the following command:
  
  On UEFI-based machines, use the following command:
  
@@ -34771,7 +35465,7 @@ index 45b7a0956..3c953e30f 100644
  
  If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
  
-@@ -1876,7 +1876,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
+@@ -1867,7 +1867,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
  
  If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
  
@@ -34780,7 +35474,7 @@ index 45b7a0956..3c953e30f 100644
  
  # grep fips /boot/grub2/grub.cfg
  /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
-@@ -1971,14 +1971,14 @@ All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
+@@ -1939,14 +1939,14 @@ An example rule that includes the "sha512" rule follows:
  
  If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>OL07-00-021700The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089SV-108367V-99263CCI-001813Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media.
  
@@ -34797,7 +35491,7 @@ index 45b7a0956..3c953e30f 100644
  
  Check that the grub configuration file has the set root command in each menu entry with the following commands:
  
-@@ -4492,12 +4492,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
+@@ -4479,12 +4479,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
  
  Generate a new grub.cfg file with the following command:
  
@@ -34812,11 +35506,11 @@ index 45b7a0956..3c953e30f 100644
  set superusers="[someuniquestringhere]"
  export superusers
  
-diff --git a/shared/references/disa-stig-ol8-v1r4-xccdf-manual.xml b/shared/references/disa-stig-ol8-v1r4-xccdf-manual.xml
-index 55252a9e0..a1aa5b167 100644
---- a/shared/references/disa-stig-ol8-v1r4-xccdf-manual.xml
-+++ b/shared/references/disa-stig-ol8-v1r4-xccdf-manual.xml
-@@ -439,7 +439,7 @@ $ sudo egrep "^SHA_CRYPT_" /etc/login.defs
+diff --git a/shared/references/disa-stig-ol8-v1r6-xccdf-manual.xml b/shared/references/disa-stig-ol8-v1r6-xccdf-manual.xml
+index 8181b3b09..364c07f42 100644
+--- a/shared/references/disa-stig-ol8-v1r6-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol8-v1r6-xccdf-manual.xml
+@@ -439,7 +439,7 @@ SHA_CRYPT_MIN_ROUNDS 5000SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>RHEL-07-010500The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
-@@ -1851,7 +1851,7 @@ On BIOS-based machines, use the following command:
+@@ -1864,7 +1864,7 @@ On BIOS-based machines, use the following command:
  
  On UEFI-based machines, use the following command:
  
@@ -34879,7 +35573,7 @@ index 2ac417f0e..b84cd4b83 100644
  
  If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
  
-@@ -1882,7 +1882,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
+@@ -1895,7 +1895,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
  
  If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
  
@@ -34888,7 +35582,7 @@ index 2ac417f0e..b84cd4b83 100644
  
  # grep fips /boot/grub2/grub.cfg
  /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
-@@ -1955,14 +1955,14 @@ An example rule that includes the "sha512" rule follows:
+@@ -1968,14 +1968,14 @@ An example rule that includes the "sha512" rule follows:
  
  If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>RHEL-07-021700The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-86699V-72075CCI-000318CCI-000368CCI-001812CCI-001813CCI-001814Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media.
  
@@ -34905,7 +35599,7 @@ index 2ac417f0e..b84cd4b83 100644
  
  Check that the grub configuration file has the set root command in each menu entry with the following commands:
  
-@@ -4452,13 +4452,13 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
+@@ -4475,13 +4475,13 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
  
  Generate a new grub.cfg file with the following command:
  
@@ -34921,11 +35615,11 @@ index 2ac417f0e..b84cd4b83 100644
      set superusers="[someuniquestringhere]"
      export superusers
  
-diff --git a/shared/references/disa-stig-rhel7-v3r10-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r10-xccdf-scap.xml
-index ee53d1416..c298fc185 100644
---- a/shared/references/disa-stig-rhel7-v3r10-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel7-v3r10-xccdf-scap.xml
-@@ -3236,7 +3236,7 @@ Confirm password:
+diff --git a/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml
+index 6d3098742..fe60061cd 100644
+--- a/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml
+@@ -3228,7 +3228,7 @@ Confirm password:
            SV-95719
            V-81007
            CCI-000213
@@ -34934,7 +35628,7 @@ index ee53d1416..c298fc185 100644
  
  Generate an encrypted grub2 password for the grub superusers account with the following command:
  
-@@ -4010,7 +4010,7 @@ On BIOS-based machines, use the following command:
+@@ -4005,7 +4005,7 @@ On BIOS-based machines, use the following command:
  
  On UEFI-based machines, use the following command:
  
@@ -34943,7 +35637,7 @@ index ee53d1416..c298fc185 100644
  
  If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
  
-@@ -7504,7 +7504,8 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
+@@ -7537,7 +7537,8 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
              Disable Prelinking
              
                multi_platform_fedora
@@ -34953,7 +35647,7 @@ index ee53d1416..c298fc185 100644
                multi_platform_rhel-osp
              
              The prelinking feature can interfere with the operation of
-@@ -7535,7 +7536,8 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
+@@ -7568,7 +7569,8 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
            
              Package openssh-server Removed
              
@@ -34963,7 +35657,7 @@ index ee53d1416..c298fc185 100644
                multi_platform_fedora
                multi_platform_sle
              
-@@ -8346,7 +8348,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -8339,7 +8341,8 @@ Password complexity is one factor of several that determines how long it takes t
            
              Limit Password Reuse
              
@@ -34973,7 +35667,7 @@ index ee53d1416..c298fc185 100644
                multi_platform_fedora
              
              The passwords to remember should be set correctly.
-@@ -8362,7 +8365,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -8355,7 +8358,8 @@ Password complexity is one factor of several that determines how long it takes t
            
              RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
              
@@ -34983,7 +35677,7 @@ index ee53d1416..c298fc185 100644
              
              Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. 
  
-@@ -8456,7 +8460,8 @@ Terminating network connections associated with communications sessions includes
+@@ -8412,7 +8416,8 @@ Terminating network connections associated with communications sessions includes
            
              RHEL-07-030410 - The Red Hat Enterprise Linux operating system must audit all uses of the chmod, fchmod and fchmodat syscalls.
              
@@ -34993,7 +35687,7 @@ index ee53d1416..c298fc185 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -8512,7 +8517,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -8468,7 +8473,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              RHEL-07-030370 - The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat and lchown syscalls.
              
@@ -35003,7 +35697,7 @@ index ee53d1416..c298fc185 100644
              
              
              
-@@ -8558,7 +8564,8 @@ When a user logs on, the auid is set to the uid of the account that is being aut
+@@ -8514,7 +8520,8 @@ When a user logs on, the auid is set to the uid of the account that is being aut
            
              RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr syscalls.
              
@@ -35013,7 +35707,7 @@ index ee53d1416..c298fc185 100644
              
              
              
-@@ -9655,7 +9662,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9611,7 +9618,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Disable Host-Based Authentication
              
@@ -35023,7 +35717,7 @@ index ee53d1416..c298fc185 100644
              
              SSH host-based authentication should be disabled.
              
-@@ -9670,7 +9678,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9626,7 +9634,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Package prelink Removed
              
@@ -35033,7 +35727,7 @@ index ee53d1416..c298fc185 100644
              
              The RPM package prelink should be removed.
              
-@@ -9813,7 +9822,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9769,7 +9778,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Mount Remote Filesystems with nosuid
              
@@ -35043,7 +35737,7 @@ index ee53d1416..c298fc185 100644
              
              
              
-@@ -9843,7 +9853,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9799,7 +9809,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Package net-snmp Removed
              
@@ -35053,7 +35747,7 @@ index ee53d1416..c298fc185 100644
              
              The RPM package net-snmp should be removed.
              
-@@ -9870,7 +9881,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9826,7 +9837,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Package telnet-server Removed
              
@@ -35063,7 +35757,7 @@ index ee53d1416..c298fc185 100644
              
              The RPM package telnet-server should be removed.
              
-@@ -9898,7 +9910,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9854,7 +9866,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Package vsftpd Removed
              
@@ -35073,7 +35767,7 @@ index ee53d1416..c298fc185 100644
              
              The RPM package vsftpd should be removed.
              
-@@ -9911,7 +9924,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9867,7 +9880,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Package xorg-x11-server-common Removed
              
@@ -35083,7 +35777,7 @@ index ee53d1416..c298fc185 100644
                multi_platform_fedora
              
              
-@@ -9940,7 +9954,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9896,7 +9910,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Ensure /home Located On Separate Partition
              
@@ -35093,7 +35787,7 @@ index ee53d1416..c298fc185 100644
              
              If user home directories will be stored locally, create a
        separate partition for /home. If /home will be mounted from another
-@@ -9958,7 +9973,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9914,7 +9929,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Ensure /var Located On Separate Partition
              
@@ -35103,7 +35797,7 @@ index ee53d1416..c298fc185 100644
              
              
              
-@@ -9976,7 +9992,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9932,7 +9948,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Ensure /var/log/audit Located On Separate Partition
              
@@ -35113,7 +35807,7 @@ index ee53d1416..c298fc185 100644
              
              
              
-@@ -9995,7 +10012,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -9951,7 +9968,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
              Verify File Hashes with RPM
              
                multi_platform_fedora
@@ -35123,7 +35817,7 @@ index ee53d1416..c298fc185 100644
              
              Verify the RPM digests of system binaries using the RPM database.
              
-@@ -10069,7 +10087,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -10025,7 +10043,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Ensure Only Protocol 2 Connections Allowed
              
@@ -35133,7 +35827,7 @@ index ee53d1416..c298fc185 100644
                multi_platform_debian
                multi_platform_ubuntu
              
-@@ -10105,7 +10124,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -10061,7 +10080,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              Disable .rhosts Files
              
@@ -35143,7 +35837,7 @@ index ee53d1416..c298fc185 100644
              
              
              
-@@ -10170,7 +10190,8 @@ This should be disabled.
+@@ -10126,7 +10146,8 @@ This should be disabled.
            
              Do Not Allow Users to Set Environment Options
              
@@ -35153,7 +35847,7 @@ index ee53d1416..c298fc185 100644
              
              PermitUserEnvironment should be disabled
              
-@@ -10519,7 +10540,8 @@ By specifying a cipher list with the order of ciphers being in a "strongest to w
+@@ -10475,7 +10496,8 @@ By specifying a cipher list with the order of ciphers being in a "strongest to w
            
              Package openssh-server is version 7.4 or higher
              
@@ -35163,7 +35857,7 @@ index ee53d1416..c298fc185 100644
                multi_platform_fedora
                multi_platform_sle
              
-@@ -10756,12 +10778,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
+@@ -10712,12 +10734,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
              The UEFI grub2 boot loader should have password protection enabled.
              
            
@@ -35180,7 +35874,7 @@ index ee53d1416..c298fc185 100644
              
            
          
-@@ -11660,7 +11682,7 @@ The ability to enable/disable a session lock is given to the user by default. Di
+@@ -11662,7 +11684,7 @@ This requirement addresses concurrent sessions for information system accounts a
          
            
          
@@ -35189,7 +35883,7 @@ index ee53d1416..c298fc185 100644
            
          
          
-@@ -12210,10 +12232,10 @@ The ability to enable/disable a session lock is given to the user by default. Di
+@@ -12191,10 +12213,10 @@ This requirement addresses concurrent sessions for information system accounts a
          
            
          
@@ -35202,7 +35896,7 @@ index ee53d1416..c298fc185 100644
            
          
          
-@@ -13637,7 +13659,7 @@ The ability to enable/disable a session lock is given to the user by default. Di
+@@ -13639,7 +13661,7 @@ This requirement addresses concurrent sessions for information system accounts a
            /boot/grub2/grub.cfg
          
          
@@ -35211,7 +35905,7 @@ index ee53d1416..c298fc185 100644
          
          
            
-@@ -14472,12 +14494,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
+@@ -14441,12 +14463,12 @@ This requirement addresses concurrent sessions for information system accounts a
            1
          
          
@@ -35226,7 +35920,7 @@ index ee53d1416..c298fc185 100644
            ^[\s]*set[\s]+superusers=\"\S+\"$
            1
          
-@@ -15057,7 +15079,7 @@ The ability to enable/disable a session lock is given to the user by default. Di
+@@ -15022,7 +15044,7 @@ This requirement addresses concurrent sessions for information system accounts a
          
          
            /boot/grub2/grub.cfg
@@ -35235,11 +35929,11 @@ index ee53d1416..c298fc185 100644
          
          
            /etc/sysctl.d
-diff --git a/shared/references/disa-stig-rhel8-v1r8-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r8-xccdf-scap.xml
-index 92f67b352..bfda2b2a3 100644
---- a/shared/references/disa-stig-rhel8-v1r8-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel8-v1r8-xccdf-scap.xml
-@@ -2531,7 +2531,7 @@ SHA_CRYPT_MIN_ROUNDS 5000
+diff --git a/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml
+index a6e6e2c0b..67788580d 100644
+--- a/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml
+@@ -2549,7 +2549,7 @@ SHA_CRYPT_MIN_ROUNDS 5000
              2921
            
            CCI-000213
@@ -35248,7 +35942,17 @@ index 92f67b352..bfda2b2a3 100644
  
  Generate an encrypted grub2 password for the grub superusers account with the following command:
  
-@@ -9746,7 +9746,8 @@ $ sudo passwd -l [username]
+@@ -9907,7 +9907,8 @@ Add the following line to the "/etc/pam.d/system-auth" file (or modify the line
+           
+             The system is RHEL 8.3 or lower
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             
+           
+@@ -9919,7 +9920,8 @@ Add the following line to the "/etc/pam.d/system-auth" file (or modify the line
            
              The RHEL 8 version is RHEL 8.2 or newer.
              
@@ -35258,7 +35962,7 @@ index 92f67b352..bfda2b2a3 100644
              
              External definition used to determine if the RHEL 8 version is RHEL 8.2 or newer for version applicability based requirements.
            
-@@ -9759,7 +9760,8 @@ $ sudo passwd -l [username]
+@@ -9932,7 +9934,8 @@ Add the following line to the "/etc/pam.d/system-auth" file (or modify the line
            
              IPv6 is disabled in the kernel.
              
@@ -35268,7 +35972,7 @@ index 92f67b352..bfda2b2a3 100644
              
              IPv6 is disabled in the kernel, either via a kernel cmdline option or sysctl.
            
-@@ -9775,7 +9777,8 @@ $ sudo passwd -l [username]
+@@ -9948,7 +9951,8 @@ Add the following line to the "/etc/pam.d/system-auth" file (or modify the line
            
              OpenSSH is installed.
              
@@ -35278,7 +35982,7 @@ index 92f67b352..bfda2b2a3 100644
              
              OpenSSH is installed
            
-@@ -9803,7 +9806,8 @@ Red Hat offers the Extended Update Support (EUS) ad-on to a Red Hat Enterprise L
+@@ -9960,7 +9964,8 @@ Add the following line to the "/etc/pam.d/system-auth" file (or modify the line
            
              RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
              
@@ -35288,7 +35992,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
  
-@@ -9820,7 +9824,8 @@ The fips=1 kernel option needs to be added to the kernel command line during sys
+@@ -9977,7 +9982,8 @@ The fips=1 kernel option needs to be added to the kernel command line during sys
            
              RHEL-08-010110 - RHEL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
              
@@ -35298,7 +36002,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
  
-@@ -9836,7 +9841,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+@@ -9993,7 +9999,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
            
              RHEL-08-010120 - RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.
              
@@ -35308,7 +36012,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The system must use a strong hashing algorithm to store the password.
  
-@@ -9850,7 +9856,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+@@ -10007,7 +10014,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
            
              RHEL-08-010130 - The RHEL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.
              
@@ -35318,7 +36022,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
  
-@@ -9865,15 +9872,16 @@ Passwords need to be protected at all times, and encryption is the standard meth
+@@ -10022,15 +10030,16 @@ Passwords need to be protected at all times, and encryption is the standard meth
            
              RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
              
@@ -35340,7 +36044,7 @@ index 92f67b352..bfda2b2a3 100644
              
            
          
-@@ -9881,7 +9889,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+@@ -10038,7 +10047,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
            
              RHEL-08-010150 - RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.
              
@@ -35350,7 +36054,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
            
-@@ -9897,7 +9906,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+@@ -10054,7 +10064,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
            
              RHEL-08-010160 - RHEL 8 operating systems must require authentication upon booting into rescue mode.
              
@@ -35360,7 +36064,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If the system does not require valid root authentication before it boots into rescue mode, anyone who invokes rescue mode is granted privileged access to all files on the system.
            
-@@ -9909,7 +9919,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
+@@ -10066,7 +10077,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
            
              RHEL-08-010160 - The RHEL 8 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
              
@@ -35370,7 +36074,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
  
-@@ -9925,7 +9936,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+@@ -10082,7 +10094,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
            
              RHEL-08-010161 - RHEL 8 must prevent system daemons from using Kerberos for authentication.
              
@@ -35380,7 +36084,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
  
-@@ -9945,7 +9957,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+@@ -10102,7 +10115,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
            
              RHEL-08-010162 - The krb5-workstation package must not be installed on RHEL 8.
              
@@ -35390,7 +36094,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
  
-@@ -9965,7 +9978,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+@@ -10122,7 +10136,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
            
              RHEL-08-010171 - RHEL 8 must have the policycoreutils package installed.
              
@@ -35400,17 +36104,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
  
-@@ -9979,7 +9993,8 @@ Policycoreutils contains the policy core utilities that are required for basic o
-           
-             RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
- 
-@@ -9996,7 +10011,8 @@ RHEL 8 utilizes /etc/ssh/sshd_config for configurations of OpenSSH. Within the s
+@@ -10136,7 +10151,8 @@ Policycoreutils contains the policy core utilities that are required for basic o
            
              RHEL-08-010210 - The RHEL 8 /var/log/messages file must have mode 0640 or less permissive.
              
@@ -35420,7 +36114,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -10010,7 +10026,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -10150,7 +10166,8 @@ The structure and content of error messages must be carefully considered by the
            
              RHEL-08-010220 - The RHEL 8 /var/log/messages file must be owned by root.
              
@@ -35430,7 +36124,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -10024,7 +10041,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -10164,7 +10181,8 @@ The structure and content of error messages must be carefully considered by the
            
              RHEL-08-010230 - The RHEL 8 /var/log/messages file must be group-owned by root.
              
@@ -35440,7 +36134,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -10038,7 +10056,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -10178,7 +10196,8 @@ The structure and content of error messages must be carefully considered by the
            
              RHEL-08-010240 - The RHEL 8 /var/log directory must have mode 0755 or less permissive.
              
@@ -35450,7 +36144,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -10052,7 +10071,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -10192,7 +10211,8 @@ The structure and content of error messages must be carefully considered by the
            
              RHEL-08-010250 - The RHEL 8 /var/log directory must be owned by root.
              
@@ -35460,7 +36154,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -10066,7 +10086,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -10206,7 +10226,8 @@ The structure and content of error messages must be carefully considered by the
            
              RHEL-08-010260 - The RHEL 8 /var/log directory must be group-owned by root.
              
@@ -35470,7 +36164,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -10080,7 +10101,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -10220,7 +10241,8 @@ The structure and content of error messages must be carefully considered by the
            
              RHEL-08-010292 - RHEL 8 must ensure the SSH server uses strong entropy.
              
@@ -35480,7 +36174,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict.  Entropy in computer security is associated with the unpredictability of a source of randomness.  The random source with high entropy tends to achieve a uniform distribution of random values.  Random number generators are one of the most important building blocks of cryptosystems.
  
-@@ -10096,7 +10118,8 @@ The SSH implementation in RHEL8 uses the OPENSSL library, which does not use hig
+@@ -10236,7 +10258,8 @@ The SSH implementation in RHEL8 uses the OPENSSL library, which does not use hig
            
              RHEL-08-010294 - The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.
              
@@ -35490,17 +36184,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -10124,7 +10147,8 @@ RHEL 8 incorporates system-wide crypto policies by default.  The employed algori
-           
-             RHEL-08-010300 - RHEL 8 system commands must have mode 755 or less permissive.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
- 
-@@ -10138,7 +10162,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
+@@ -10264,7 +10287,8 @@ RHEL 8 incorporates system-wide crypto policies by default.  The employed algori
            
              RHEL-08-010310 - RHEL 8 system commands must be owned by root.
              
@@ -35510,7 +36194,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -10152,7 +10177,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
+@@ -10278,7 +10302,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
            
              RHEL-08-010320 - RHEL 8 system commands must be group-owned by root or a system account.
              
@@ -35520,7 +36204,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -10166,7 +10192,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
+@@ -10292,7 +10317,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
            
              RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
              
@@ -35530,17 +36214,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
  
-@@ -10183,7 +10210,8 @@ Verifying the authenticity of the software prior to installation validates the i
-           
-             RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
- 
-@@ -10199,7 +10227,8 @@ Verifying the authenticity of the software prior to installation validates the i
+@@ -10309,7 +10335,8 @@ Verifying the authenticity of the software prior to installation validates the i
            
              RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution.
              
@@ -35550,7 +36224,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
  
-@@ -10222,7 +10251,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10332,7 +10359,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010373 - RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.
              
@@ -35560,7 +36234,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write).  Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment.  DAC allows the owner to determine who will have access to objects they control.  An example of DAC includes user-controlled file permissions.  
  
-@@ -10246,7 +10276,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10356,7 +10384,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010374 - RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.
              
@@ -35570,7 +36244,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
  
-@@ -10271,7 +10302,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10381,7 +10410,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010375 - RHEL 8 must restrict access to the kernel message buffer.
              
@@ -35580,7 +36254,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
  
-@@ -10297,7 +10329,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10407,7 +10437,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010376 - RHEL 8 must prevent kernel profiling by unprivileged users.
              
@@ -35590,7 +36264,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
  
-@@ -10324,7 +10357,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10434,7 +10465,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010380 - RHEL 8 must require users to provide a password for privilege escalation.
              
@@ -35600,7 +36274,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
  
-@@ -10339,7 +10373,8 @@ When operating systems provide the capability to escalate a functional capabilit
+@@ -10449,7 +10481,8 @@ When operating systems provide the capability to escalate a functional capabilit
            
              RHEL-08-010381 - RHEL 8 must require users to reauthenticate for privilege escalation.
              
@@ -35610,7 +36284,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
  
-@@ -10354,7 +10389,8 @@ When operating systems provide the capability to escalate a functional capabilit
+@@ -10464,7 +10497,8 @@ When operating systems provide the capability to escalate a functional capabilit
            
              RHEL-08-010390 - RHEL 8 must have the packages required for multifactor authentication installed.
              
@@ -35620,7 +36294,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Using an authentication device, such as a DoD Common Access Card (CAC) or token that is separate from the information system, ensures that even if the information system is compromised, credentials stored on the authentication device will not be affected.
  
-@@ -10374,7 +10410,8 @@ This requirement only applies to components where this is specific to the functi
+@@ -10484,7 +10518,8 @@ This requirement only applies to components where this is specific to the functi
            
              RHEL-08-010430 - RHEL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.
              
@@ -35630,7 +36304,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Some adversaries launch attacks with the intent of executing code in non-executable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
  
-@@ -10397,7 +10434,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10507,7 +10542,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010440 - YUM must remove all software components after updated versions have been installed on RHEL 8.
              
@@ -35640,7 +36314,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.
            
-@@ -10409,7 +10447,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10519,7 +10555,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010450 - RHEL 8 must enable the SELinux targeted policy.
              
@@ -35650,7 +36324,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
  
-@@ -10423,7 +10462,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10533,7 +10570,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010460 - There must be no shosts.equiv files on the RHEL 8 operating system.
              
@@ -35660,7 +36334,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The "shosts.equiv" files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.
            
-@@ -10435,7 +10475,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10545,7 +10583,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010470 - There must be no .shosts files on the RHEL 8 operating system.
              
@@ -35670,7 +36344,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The ".shosts" files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.
            
-@@ -10447,7 +10488,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10557,7 +10596,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010480 - The RHEL 8 SSH public host key files must have mode 0644 or less permissive.
              
@@ -35680,7 +36354,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If a public host key file is modified by an unauthorized user, the SSH service may be compromised.
            
-@@ -10460,7 +10502,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10570,7 +10610,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010490 - The RHEL 8 SSH private host key files must have mode 0640 or less permissive.
              
@@ -35690,7 +36364,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If an unauthorized user obtains the private SSH host key file, the host could be impersonated.
            
-@@ -10473,7 +10516,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10583,7 +10624,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010500 - The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files.
              
@@ -35700,7 +36374,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.
            
-@@ -10486,7 +10530,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10596,7 +10638,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010520 - The RHEL 8 SSH daemon must not allow authentication using known hosts authentication.
              
@@ -35710,7 +36384,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.
            
-@@ -10499,7 +10544,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10609,7 +10652,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010521 - The RHEL 8 SSH daemon must not allow Kerberos authentication, except to fulfill documented and validated mission requirements.
              
@@ -35720,27 +36394,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Configuring these settings for the SSH daemon provides additional assurance that remote logon via SSH will not use Kerberos authentication, even in the event of misconfiguration elsewhere.
            
-@@ -10512,7 +10558,8 @@ This requirement applies to operating systems performing security function verif
-           
-             RHEL-08-010540 - RHEL 8 must use a separate file system for /var.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
-           
-@@ -10525,7 +10572,8 @@ This requirement applies to operating systems performing security function verif
-           
-             RHEL-08-010541 - RHEL 8 must use a separate file system for /var/log.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
-           
-@@ -10538,7 +10586,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10622,7 +10666,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010542 - RHEL 8 must use a separate file system for the system audit data path.
              
@@ -35750,7 +36404,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
            
-@@ -10551,7 +10600,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10635,7 +10680,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010543 - A separate RHEL 8 filesystem must be used for the /tmp directory.
              
@@ -35760,7 +36414,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
            
-@@ -10564,7 +10614,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10648,7 +10694,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH.
              
@@ -35770,7 +36424,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging on directly as root. In addition, logging on with a user-specific account provides individual accountability of actions performed on the system.
            
-@@ -10577,7 +10628,8 @@ This requirement applies to operating systems performing security function verif
+@@ -10661,7 +10708,8 @@ This requirement applies to operating systems performing security function verif
            
              RHEL-08-010560 - The auditd service must be running in RHEL 8.
              
@@ -35780,7 +36434,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
  
-@@ -10592,7 +10644,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10676,7 +10724,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-010561 - The rsyslog service must be running in RHEL 8.
              
@@ -35790,7 +36444,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
  
-@@ -10607,12 +10660,13 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10691,12 +10740,13 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
              
@@ -35806,7 +36460,7 @@ index 92f67b352..bfda2b2a3 100644
              
                
                
-@@ -10623,7 +10677,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10707,7 +10757,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions.
              
@@ -35816,7 +36470,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.  The only legitimate location for device files is the /dev directory located on the root partition.
            
-@@ -10636,7 +10691,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10720,7 +10771,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-010630 - RHEL 8 must prevent code from being executed on file systems that are imported via Network File System (NFS).
              
@@ -35826,7 +36480,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The "noexec" mount option causes the system not to execute binary files. This option must be used for mounting any file system not containing approved binary as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
            
-@@ -10649,7 +10705,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10733,7 +10785,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-010640 - RHEL 8 must prevent special devices on file systems that are imported via Network File System (NFS).
              
@@ -35836,7 +36490,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
            
-@@ -10662,7 +10719,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10746,7 +10799,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-010650 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS).
              
@@ -35846,7 +36500,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
            
-@@ -10675,7 +10733,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10759,7 +10813,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-010671 - RHEL 8 must disable the kernel.core_pattern.
              
@@ -35856,7 +36510,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -10696,7 +10755,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -10780,7 +10835,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010673 - RHEL 8 must disable core dumps for all users.
              
@@ -35866,7 +36520,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -10711,7 +10771,8 @@ A core dump includes a memory image taken at the time the operating system termi
+@@ -10795,7 +10851,8 @@ A core dump includes a memory image taken at the time the operating system termi
            
              RHEL-08-010674 - RHEL 8 must disable storing core dumps.
              
@@ -35876,7 +36530,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -10725,7 +10786,8 @@ A core dump includes a memory image taken at the time the operating system termi
+@@ -10809,7 +10866,8 @@ A core dump includes a memory image taken at the time the operating system termi
            
              RHEL-08-010675 - RHEL 8 must disable core dump backtraces.
              
@@ -35886,7 +36540,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -10739,7 +10801,8 @@ A core dump includes a memory image taken at the time the operating system termi
+@@ -10823,7 +10881,8 @@ A core dump includes a memory image taken at the time the operating system termi
            
              RHEL-08-010760 - All RHEL 8 local interactive user accounts must be assigned a home directory upon creation
              
@@ -35896,7 +36550,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.
            
-@@ -10751,7 +10814,8 @@ A core dump includes a memory image taken at the time the operating system termi
+@@ -10835,7 +10894,8 @@ A core dump includes a memory image taken at the time the operating system termi
            
              RHEL-08-010830 - RHEL 8 must not allow users to override SSH environment variables.
              
@@ -35906,7 +36560,7 @@ index 92f67b352..bfda2b2a3 100644
              
              SSH environment options potentially allow users to bypass access restriction in some configurations.
            
-@@ -10764,7 +10828,8 @@ A core dump includes a memory image taken at the time the operating system termi
+@@ -10848,7 +10908,8 @@ A core dump includes a memory image taken at the time the operating system termi
            
              RHEL-08-020010 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
              
@@ -35916,7 +36570,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10788,7 +10853,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+@@ -10872,7 +10933,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
            
              RHEL-08-020011 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
              
@@ -35926,7 +36580,7 @@ index 92f67b352..bfda2b2a3 100644
              
              In RHEL 8.2 the "/etc/security/faillock.conf" file was incorporated to centralize the configuration of the pam_faillock.so module.  Also introduced is a "local_users_only" option that will only track failed user authentication attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users to allow the centralized platform to solely manage user lockout.
  
-@@ -10803,7 +10869,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+@@ -10887,7 +10949,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
            
              RHEL-08-020012 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
              
@@ -35936,7 +36590,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10823,7 +10890,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+@@ -10907,7 +10970,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
            
              RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
              
@@ -35946,7 +36600,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10840,7 +10908,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+@@ -10924,7 +10988,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
            
              RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
              
@@ -35956,7 +36610,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10862,7 +10931,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+@@ -10946,7 +11011,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
            
              RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
              
@@ -35966,7 +36620,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10879,7 +10949,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+@@ -10963,7 +11029,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
            
              RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
              
@@ -35976,7 +36630,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10899,7 +10970,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+@@ -10983,7 +11050,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
            
              RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
              
@@ -35986,7 +36640,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10916,7 +10988,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+@@ -11000,7 +11068,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
            
              RHEL-08-020020 - RHEL 8 must log user name information when unsuccessful logon attempts occur.
              
@@ -35996,7 +36650,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10936,7 +11009,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+@@ -11020,7 +11089,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
            
              RHEL-08-020021 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
              
@@ -36006,7 +36660,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10953,7 +11027,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
+@@ -11037,7 +11107,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
            
              RHEL-08-020022 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
              
@@ -36016,7 +36670,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10973,7 +11048,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
+@@ -11057,7 +11128,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
            
              RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
              
@@ -36026,27 +36680,7 @@ index 92f67b352..bfda2b2a3 100644
              
              By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -10990,7 +11066,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
-           
-             RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to DoS attacks.
- 
-@@ -11005,7 +11082,8 @@ This requirement addresses concurrent sessions for information system accounts a
-           
-             RHEL-08-020040 - RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
- 
-@@ -11022,7 +11100,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
+@@ -11074,7 +11146,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
            
              RHEL-08-020041 - RHEL 8 must ensure session control is automatically started at shell initialization.
              
@@ -36056,7 +36690,7 @@ index 92f67b352..bfda2b2a3 100644
              
              A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
  
-@@ -11039,7 +11118,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
+@@ -11091,7 +11164,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
            
              RHEL-08-020042 - RHEL 8 must prevent users from disabling session control mechanisms.
              
@@ -36066,17 +36700,7 @@ index 92f67b352..bfda2b2a3 100644
              
              A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
  
-@@ -11055,7 +11135,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
-           
-             RHEL-08-020100 - RHEL 8 must ensure the password complexity module is enabled in the password-auth file.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
- 
-@@ -11071,7 +11152,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. This
+@@ -11107,7 +11181,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
            
              RHEL-08-020110 - RHEL 8 must enforce password complexity by requiring that at least one uppercase character be used.
              
@@ -36086,7 +36710,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11087,7 +11169,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
+@@ -11123,7 +11198,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
            
              RHEL-08-020120 - RHEL 8 must enforce password complexity by requiring that at least one lower-case character be used.
              
@@ -36096,7 +36720,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11103,7 +11186,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
+@@ -11139,7 +11215,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
            
              RHEL-08-020130 - RHEL 8 must enforce password complexity by requiring that at least one numeric character be used.
              
@@ -36106,7 +36730,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11119,7 +11203,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
+@@ -11155,7 +11232,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
            
              RHEL-08-020140 - RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
              
@@ -36116,7 +36740,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11135,7 +11220,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+@@ -11171,7 +11249,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020150 - RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.
              
@@ -36126,7 +36750,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11151,7 +11237,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+@@ -11187,7 +11266,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020160 - RHEL 8 must require the change of at least four character classes when passwords are changed.
              
@@ -36136,7 +36760,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11167,7 +11254,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+@@ -11203,7 +11283,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020170 - RHEL 8 must require the change of at least 8 characters when passwords are changed.
              
@@ -36146,7 +36770,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11183,7 +11271,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+@@ -11219,7 +11300,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020180 - RHEL 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.
              
@@ -36156,7 +36780,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
            
-@@ -11196,7 +11285,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+@@ -11232,7 +11314,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020190 - RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/logins.def.
              
@@ -36166,7 +36790,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
            
-@@ -11208,7 +11298,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+@@ -11244,7 +11327,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020200 - RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.
              
@@ -36176,7 +36800,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.
            
-@@ -11220,7 +11311,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
+@@ -11256,7 +11340,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020210 - RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
              
@@ -36186,17 +36810,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.
            
-@@ -11235,7 +11327,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
-           
-             RHEL-08-020220 - RHEL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
- 
-@@ -11253,7 +11346,8 @@ Note that manual changes to the listed files may be overwritten by the "authsele
+@@ -11271,7 +11356,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
            
              RHEL-08-020230 - RHEL 8 passwords must have a minimum of 15 characters.
              
@@ -36206,7 +36820,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
  
-@@ -11273,7 +11367,8 @@ The DoD minimum password requirement is 15 characters.
+@@ -11291,7 +11377,8 @@ The DoD minimum password requirement is 15 characters.
            
              RHEL-08-020231 - RHEL 8 passwords for new users must have a minimum of 15 characters.
              
@@ -36216,7 +36830,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
  
-@@ -11289,7 +11384,8 @@ The DoD minimum password requirement is 15 characters.
+@@ -11307,7 +11394,8 @@ The DoD minimum password requirement is 15 characters.
            
              RHEL-08-020260 - RHEL 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity.
              
@@ -36226,7 +36840,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.
  
-@@ -11303,7 +11399,8 @@ RHEL 8 needs to track periods of inactivity and disable application identifiers
+@@ -11321,7 +11409,8 @@ RHEL 8 needs to track periods of inactivity and disable application identifiers
            
              RHEL-08-020280 - All RHEL 8 passwords must contain at least one special character.
              
@@ -36236,7 +36850,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -11319,7 +11416,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
+@@ -11337,7 +11426,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
            
              RHEL-08-021400 - RHEL 8 must prevent the use of dictionary words for passwords.
              
@@ -36246,7 +36860,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If RHEL 8 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses, and brute-force attacks.
            
-@@ -11331,7 +11429,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
+@@ -11349,7 +11439,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
            
              RHEL-08-020310 - RHEL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
              
@@ -36256,7 +36870,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Configuring the operating system to implement organization-wide security implementation guides and security checklists verifies compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
  
-@@ -11345,7 +11444,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -11363,7 +11454,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-020330 - RHEL 8 must not have accounts configured with blank or null passwords.
              
@@ -36266,7 +36880,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
            
-@@ -11357,7 +11457,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -11375,7 +11467,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-020350 - RHEL 8 must display the date and time of the last successful account logon upon an SSH logon.
              
@@ -36276,7 +36890,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use.
            
-@@ -11370,7 +11471,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -11388,7 +11481,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-020351 - RHEL 8 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
              
@@ -36286,7 +36900,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.
            
-@@ -11382,7 +11484,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -11400,7 +11494,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
              
@@ -36296,7 +36910,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
            
-@@ -11398,7 +11501,8 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -11416,7 +11511,8 @@ Configuration settings are the set of parameters that can be changed in hardware
            
              RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
              
@@ -36306,7 +36920,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
  
-@@ -11414,7 +11518,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
+@@ -11432,7 +11528,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
            
              RHEL-08-030040 - The RHEL 8 System must take appropriate action when an audit processing failure occurs.
              
@@ -36316,7 +36930,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
  
-@@ -11430,7 +11535,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
+@@ -11448,7 +11545,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
            
              RHEL-08-030060 - The RHEL 8 audit system must take appropriate action when the audit storage volume is full.
              
@@ -36326,7 +36940,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is critical that when RHEL 8 is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.
  
-@@ -11448,7 +11554,8 @@ When availability is an overriding concern, other approved actions in response t
+@@ -11466,7 +11564,8 @@ When availability is an overriding concern, other approved actions in response t
            
              RHEL-08-030061 - The RHEL 8 audit system must audit local events.
              
@@ -36336,7 +36950,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
  
-@@ -11462,7 +11569,8 @@ Audit record content that may be necessary to satisfy this requirement includes,
+@@ -11480,7 +11579,8 @@ Audit record content that may be necessary to satisfy this requirement includes,
            
              RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server.
              
@@ -36346,7 +36960,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
  
-@@ -11480,7 +11588,8 @@ When audit logs are not labeled before they are sent to a central log server, th
+@@ -11498,7 +11598,8 @@ When audit logs are not labeled before they are sent to a central log server, th
            
              RHEL-08-030063 - RHEL 8 must resolve audit information before writing to disk.
              
@@ -36356,17 +36970,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
  
-@@ -11496,7 +11605,8 @@ Enriched logging aids in making sense of who, what, and when events occur on a s
-           
-             RHEL-08-030070 - RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
-             
--              Red Hat Enterprise Linux 8
-+              Red Hat Enterprise Linux 8
-+AlmaLinux 8
-             
-             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
- 
-@@ -11510,7 +11620,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -11514,7 +11615,8 @@ Enriched logging aids in making sense of who, what, and when events occur on a s
            
              RHEL-08-030080 - RHEL 8 audit logs must be owned by root to prevent unauthorized read access.
              
@@ -36376,7 +36980,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -11524,7 +11635,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -11528,7 +11630,8 @@ The structure and content of error messages must be carefully considered by the
            
              RHEL-08-030090 - RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access.
              
@@ -36386,7 +36990,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -11538,7 +11650,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+@@ -11542,7 +11645,8 @@ Audit information includes all information (e.g., audit records, audit settings,
            
              RHEL-08-030100 - RHEL 8 audit log directory must be owned by root to prevent unauthorized read access.
              
@@ -36396,7 +37000,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -11552,7 +11665,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+@@ -11556,7 +11660,8 @@ Audit information includes all information (e.g., audit records, audit settings,
            
              RHEL-08-030110 - RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access.
              
@@ -36406,7 +37010,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -11566,7 +11680,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+@@ -11570,7 +11675,8 @@ Audit information includes all information (e.g., audit records, audit settings,
            
              RHEL-08-030120 - RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
              
@@ -36416,7 +37020,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -11580,7 +11695,8 @@ Audit information includes all information (e.g., audit records, audit settings,
+@@ -11584,7 +11690,8 @@ Audit information includes all information (e.g., audit records, audit settings,
            
              RHEL-08-030121 - RHEL 8 audit system must protect auditing rules from unauthorized change.
              
@@ -36426,7 +37030,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -11596,7 +11712,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
+@@ -11600,7 +11707,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
            
              RHEL-08-030122 - RHEL 8 audit system must protect logon UIDs from unauthorized change.
              
@@ -36436,7 +37040,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -11612,7 +11729,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
+@@ -11616,7 +11724,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
            
              RHEL-08-030130 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
              
@@ -36446,7 +37050,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11627,7 +11745,8 @@ Audit records can be generated from various components within the information sy
+@@ -11631,7 +11740,8 @@ Audit records can be generated from various components within the information sy
            
              RHEL-08-030140 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
              
@@ -36456,7 +37060,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11642,7 +11761,8 @@ Audit records can be generated from various components within the information sy
+@@ -11646,7 +11756,8 @@ Audit records can be generated from various components within the information sy
            
              RHEL-08-030150 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
              
@@ -36466,7 +37070,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11657,7 +11777,8 @@ Audit records can be generated from various components within the information sy
+@@ -11661,7 +11772,8 @@ Audit records can be generated from various components within the information sy
            
              RHEL-08-030160 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
              
@@ -36476,7 +37080,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11672,7 +11793,8 @@ Audit records can be generated from various components within the information sy
+@@ -11676,7 +11788,8 @@ Audit records can be generated from various components within the information sy
            
              RHEL-08-030170 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
              
@@ -36486,7 +37090,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11687,7 +11809,8 @@ Audit records can be generated from various components within the information sy
+@@ -11691,7 +11804,8 @@ Audit records can be generated from various components within the information sy
            
              RHEL-08-030171 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
              
@@ -36496,7 +37100,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11702,7 +11825,8 @@ Audit records can be generated from various components within the information sy
+@@ -11706,7 +11820,8 @@ Audit records can be generated from various components within the information sy
            
              RHEL-08-030172 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/.
              
@@ -36506,7 +37110,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11717,7 +11841,8 @@ Audit records can be generated from various components within the information sy
+@@ -11721,7 +11836,8 @@ Audit records can be generated from various components within the information sy
            
              RHEL-08-030180 - The RHEL 8 audit package must be installed.
              
@@ -36516,7 +37120,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
  
-@@ -11733,7 +11858,8 @@ Associating event types with detected events in RHEL 8 audit logs provides a mea
+@@ -11737,7 +11853,8 @@ Associating event types with detected events in RHEL 8 audit logs provides a mea
            
              RHEL-08-030190 - Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record.
              
@@ -36526,7 +37130,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11750,7 +11876,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11754,7 +11871,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr system calls.
              
@@ -36536,7 +37140,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11797,7 +11924,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -11801,7 +11919,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              RHEL-08-030250 - Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record
              
@@ -36546,7 +37150,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11816,7 +11944,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -11820,7 +11939,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            
              RHEL-08-030260 - Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record
              
@@ -36556,7 +37160,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11835,7 +11964,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -11839,7 +11959,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            
              RHEL-08-030280 - Successful/unsuccessful uses of the ssh-agent in RHEL 8 must generate an audit record.
              
@@ -36566,7 +37170,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11852,7 +11982,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11856,7 +11977,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030290 - Successful/unsuccessful uses of the passwd command in RHEL 8 must generate an audit record.
              
@@ -36576,7 +37180,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11869,7 +12000,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11873,7 +11995,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030300 - Successful/unsuccessful uses of the mount command in RHEL 8 must generate an audit record.
              
@@ -36586,7 +37190,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11886,7 +12018,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11890,7 +12013,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030301 - Successful/unsuccessful uses of the umount command in RHEL 8 must generate an audit record.
              
@@ -36596,7 +37200,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11903,7 +12036,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11907,7 +12031,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030302 - Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record.
              
@@ -36606,7 +37210,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -11921,7 +12055,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11925,7 +12050,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030310 - Successful/unsuccessful uses of the unix_update in RHEL 8 must generate an audit record.
              
@@ -36616,7 +37220,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -11938,7 +12073,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11942,7 +12068,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030311 - Successful/unsuccessful uses of postdrop in RHEL 8 must generate an audit record.
              
@@ -36626,7 +37230,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -11955,7 +12091,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11959,7 +12086,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030312 - Successful/unsuccessful uses of postqueue in RHEL 8 must generate an audit record.
              
@@ -36636,7 +37240,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -11972,7 +12109,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11976,7 +12104,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030313 - Successful/unsuccessful uses of semanage in RHEL 8 must generate an audit record.
              
@@ -36646,7 +37250,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -11989,7 +12127,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -11993,7 +12122,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030314 - Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record.
              
@@ -36656,7 +37260,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -12006,7 +12145,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12010,7 +12140,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030315 - Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record.
              
@@ -36666,7 +37270,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -12023,7 +12163,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12027,7 +12158,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030316 - Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record.
              
@@ -36676,7 +37280,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -12040,7 +12181,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12044,7 +12176,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030317 - Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record.
              
@@ -36686,7 +37290,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
  
-@@ -12057,7 +12199,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12061,7 +12194,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030320 - Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record.
              
@@ -36696,7 +37300,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12074,7 +12217,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12078,7 +12212,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030330 - Successful/unsuccessful uses of the setfacl command in RHEL 8 must generate an audit record.
              
@@ -36706,7 +37310,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12091,7 +12235,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12095,7 +12230,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030340 - Successful/unsuccessful uses of the pam_timestamp_check command in RHEL 8 must generate an audit record.
              
@@ -36716,7 +37320,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12108,7 +12253,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12112,7 +12248,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030350 - Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record.
              
@@ -36726,7 +37330,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12125,7 +12271,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12129,7 +12266,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030360 - Successful/unsuccessful uses of the init_module and finit_module command system calls in RHEL 8 must generate an audit record.
              
@@ -36736,7 +37340,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12147,7 +12294,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -12151,7 +12289,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              RHEL-08-030361 - Successful/unsuccessful uses of the rename, unlink, rmdir, renameat and unlinkat commandsystem calls in RHEL 8 must generate an audit record.
              
@@ -36746,7 +37350,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12178,7 +12326,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -12182,7 +12321,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              RHEL-08-030370 - Successful/unsuccessful uses of the gpasswd command in RHEL 8 must generate an audit record.
              
@@ -36756,7 +37360,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12195,7 +12344,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12199,7 +12339,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030390 - Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record.
              
@@ -36766,7 +37370,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12213,7 +12363,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12217,7 +12358,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030400 - Successful/unsuccessful uses of the crontab command in RHEL 8 must generate an audit record.
              
@@ -36776,7 +37380,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12230,7 +12381,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12234,7 +12376,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030410 - Successful/unsuccessful uses of the chsh command in RHEL 8 must generate an audit record.
              
@@ -36786,7 +37390,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12247,7 +12399,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12251,7 +12394,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030420 - Successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls in RHEL 8 must generate an audit record.
              
@@ -36796,7 +37400,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12292,7 +12445,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -12296,7 +12440,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              RHEL-08-030480 - Successful/unsuccessful uses of the chown, fchown, fchownat and lchown system calls in RHEL 8 must generate an audit record.
              
@@ -36806,7 +37410,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12321,7 +12475,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -12325,7 +12470,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod and fchmodat system calls in RHEL 8 must generate an audit record.
              
@@ -36816,7 +37420,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12346,7 +12501,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
+@@ -12350,7 +12496,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
            
              RHEL-08-030550 - Successful/unsuccessful uses of the sudo command in RHEL 8 must generate an audit record.
              
@@ -36826,7 +37430,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12363,7 +12519,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12367,7 +12514,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030560 - Successful/unsuccessful uses of the usermod command in RHEL 8 must generate an audit record.
              
@@ -36836,7 +37440,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12380,7 +12537,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12384,7 +12532,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030570 - Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record.
              
@@ -36846,7 +37450,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12397,7 +12555,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
+@@ -12401,7 +12550,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
            
              RHEL-08-030580 - Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record.
              
@@ -36856,7 +37460,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12424,7 +12583,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
+@@ -12428,7 +12578,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
            
              RHEL-08-030600 - Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record.
              
@@ -36866,7 +37470,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -12451,7 +12611,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
+@@ -12455,7 +12606,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
            
              RHEL-08-030610 - RHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
              
@@ -36876,7 +37480,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
            
-@@ -12464,7 +12625,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
+@@ -12468,7 +12620,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
            
              RHEL-08-030620 - RHEL 8 audit tools must have a mode of 0755 or less permissive.
              
@@ -36886,7 +37490,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
  
-@@ -12480,7 +12642,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -12484,7 +12637,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            
              RHEL-08-030630 - RHEL 8 audit tools must be owned by root.
              
@@ -36896,7 +37500,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
  
-@@ -12496,7 +12659,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -12500,7 +12654,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            
              RHEL-08-030640 - RHEL 8 audit tools must be group-owned by root.
              
@@ -36906,7 +37510,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
  
-@@ -12512,7 +12676,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -12516,7 +12671,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            
              RHEL-08-030680 - RHEL 8 must have the packages required for encrypting offloaded audit logs installed.
              
@@ -36916,7 +37520,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -12535,7 +12700,8 @@ Note that a port number was given as there is no standard port for RELP.
              RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.
              
@@ -36926,7 +37530,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -12551,7 +12717,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
+@@ -12555,7 +12712,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
            
              RHEL-08-030730 - RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
              
@@ -36936,7 +37540,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.
            
-@@ -12563,7 +12730,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
+@@ -12567,7 +12725,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
            
              RHEL-08-030741 - RHEL 8 must disable the chrony daemon from acting as a server.
              
@@ -36946,7 +37550,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
  
-@@ -12581,7 +12749,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
+@@ -12585,7 +12744,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
            
              RHEL-08-030742 - RHEL 8 must disable network management of the chrony daemon.
              
@@ -36956,7 +37560,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
  
-@@ -12599,7 +12768,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
+@@ -12603,7 +12763,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
            
              RHEL-08-040000 - RHEL 8 must not have the telnet-server package installed.
              
@@ -36966,7 +37570,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12621,7 +12791,8 @@ If a privileged user were to log on using this service, the privileged user pass
+@@ -12625,7 +12786,8 @@ If a privileged user were to log on using this service, the privileged user pass
            
              RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed.
              
@@ -36976,7 +37580,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12639,7 +12810,8 @@ Verify the operating system is configured to disable non-essential capabilities.
+@@ -12643,7 +12805,8 @@ Verify the operating system is configured to disable non-essential capabilities.
            
              RHEL-08-040002 - RHEL 8 must not have the sendmail package installed.
              
@@ -36986,7 +37590,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12657,7 +12829,8 @@ Verify the operating system is configured to disable non-essential capabilities.
+@@ -12661,7 +12824,8 @@ Verify the operating system is configured to disable non-essential capabilities.
            
              RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed.
              
@@ -36996,7 +37600,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12675,7 +12848,8 @@ If a privileged user were to log on using this service, the privileged user pass
+@@ -12679,7 +12843,8 @@ If a privileged user were to log on using this service, the privileged user pass
            
              RHEL-08-040021 - RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.
              
@@ -37006,7 +37610,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12692,7 +12866,8 @@ The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data li
+@@ -12696,7 +12861,8 @@ The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data li
            
              RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol.
              
@@ -37016,7 +37620,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12709,7 +12884,8 @@ The Controller Area Network (CAN) is a serial communications protocol, which was
+@@ -12713,7 +12879,8 @@ The Controller Area Network (CAN) is a serial communications protocol, which was
            
              RHEL-08-040023 - RHEL 8 must disable the stream control transmission (SCTP) protocol.
              
@@ -37026,7 +37630,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12726,7 +12902,8 @@ The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, d
+@@ -12730,7 +12897,8 @@ The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, d
            
              RHEL-08-040024 - RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.
              
@@ -37036,7 +37640,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12743,7 +12920,8 @@ The Transparent Inter-Process Communication (TIPC) protocol is designed to provi
+@@ -12747,7 +12915,8 @@ The Transparent Inter-Process Communication (TIPC) protocol is designed to provi
            
              RHEL-08-040025 - RHEL 8 must disable mounting of cramfs.
              
@@ -37046,7 +37650,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12760,7 +12938,8 @@ Compressed ROM/RAM file system (or cramfs) is a read-only file system designed f
+@@ -12764,7 +12933,8 @@ Compressed ROM/RAM file system (or cramfs) is a read-only file system designed f
            
              RHEL-08-040026 - RHEL 8 must disable IEEE 1394 (FireWire) Support.
              
@@ -37056,7 +37660,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -12775,7 +12954,8 @@ The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time commu
+@@ -12779,7 +12949,8 @@ The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time commu
            
              RHEL-08-040060 - RHEL 8 must enforce SSHv2 for network access to all accounts.
              
@@ -37066,7 +37670,7 @@ index 92f67b352..bfda2b2a3 100644
              
              A replay attack may enable an unauthorized user to gain access to RHEL 8. Authentication sessions between the authenticator and RHEL 8 validating the user credentials must not be vulnerable to a replay attack.
  
-@@ -12796,7 +12976,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
+@@ -12800,7 +12971,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
            
              RHEL-08-040080 - RHEL 8 must be configured to disable USB mass storage.
              
@@ -37076,7 +37680,7 @@ index 92f67b352..bfda2b2a3 100644
              
              USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity.
            
-@@ -12809,7 +12990,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
+@@ -12813,7 +12985,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
            
              RHEL-08-040111 - RHEL 8 Bluetooth must be disabled.
              
@@ -37086,7 +37690,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or used to compromise the RHEL 8 operating system.
  
-@@ -12826,7 +13008,8 @@ Protecting the confidentiality and integrity of communications with wireless per
+@@ -12830,7 +13003,8 @@ Protecting the confidentiality and integrity of communications with wireless per
            
              RHEL-08-040120 - RHEL 8 must mount /dev/shm with the nodev option.
              
@@ -37096,7 +37700,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12845,7 +13028,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12849,7 +13023,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040121 - RHEL 8 must mount /dev/shm with the nosuid option.
              
@@ -37106,7 +37710,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12862,7 +13046,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12866,7 +13041,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040122 - RHEL 8 must mount /dev/shm with the noexec option.
              
@@ -37116,7 +37720,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12881,7 +13066,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12885,7 +13061,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040123 - RHEL 8 must mount /tmp with the nodev option.
              
@@ -37126,7 +37730,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12901,7 +13087,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12905,7 +13082,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040124 - RHEL 8 must mount /tmp with the nosuid option.
              
@@ -37136,7 +37740,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12919,7 +13106,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12923,7 +13101,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040125 - RHEL 8 must mount /tmp with the noexec option.
              
@@ -37146,7 +37750,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12939,7 +13127,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12943,7 +13122,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040126 - RHEL 8 must mount /var/log with the nodev option.
              
@@ -37156,7 +37760,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12959,7 +13148,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12963,7 +13143,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040127 - RHEL 8 must mount /var/log with the nosuid option.
              
@@ -37166,7 +37770,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12979,7 +13169,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -12983,7 +13164,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040128 - RHEL 8 must mount /var/log with the noexec option.
              
@@ -37176,7 +37780,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -12999,7 +13190,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -13003,7 +13185,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040129 - RHEL 8 must mount /var/log/audit with the nodev option.
              
@@ -37186,7 +37790,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -13019,7 +13211,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -13023,7 +13206,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040130 - RHEL 8 must mount /var/log/audit with the nosuid option.
              
@@ -37196,7 +37800,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -13039,7 +13232,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -13043,7 +13227,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040131 - RHEL 8 must mount /var/log/audit with the noexec option.
              
@@ -37206,7 +37810,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -13059,7 +13253,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -13063,7 +13248,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040132 - RHEL 8 must mount /var/tmp with the nodev option.
              
@@ -37216,7 +37820,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -13078,7 +13273,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -13082,7 +13268,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040133 - RHEL 8 must mount /var/tmp with the nosuid option.
              
@@ -37226,7 +37830,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -13097,7 +13293,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -13101,7 +13288,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040134 - RHEL 8 must mount /var/tmp with the noexec option.
              
@@ -37236,7 +37840,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
  
-@@ -13116,7 +13313,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
+@@ -13120,7 +13308,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
            
              RHEL-08-040160 - All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
              
@@ -37246,7 +37850,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
  
-@@ -13133,7 +13331,8 @@ Protecting the confidentiality and integrity of organizational information can b
+@@ -13137,7 +13326,8 @@ Protecting the confidentiality and integrity of organizational information can b
            
              RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.
              
@@ -37256,7 +37860,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
  
-@@ -13152,7 +13351,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+@@ -13156,7 +13346,8 @@ Session key regeneration limits the chances of a session key becoming compromise
            
              RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled.
              
@@ -37266,7 +37870,7 @@ index 92f67b352..bfda2b2a3 100644
              
              A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
            
-@@ -13164,7 +13364,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+@@ -13168,7 +13359,8 @@ Session key regeneration limits the chances of a session key becoming compromise
            
              RHEL-08-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support.
              
@@ -37276,7 +37880,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If TFTP is required for operational support (such as the transmission of router configurations) its use must be documented with the Information System Security Officer (ISSO), restricted to only authorized personnel, and have access control rules established.
            
-@@ -13176,7 +13377,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+@@ -13180,7 +13372,8 @@ Session key regeneration limits the chances of a session key becoming compromise
            
              RHEL-08-040200 - The root account must be the only account having unrestricted access to the RHEL 8 system.
              
@@ -37286,7 +37890,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricted access to the entire operating system. Multiple accounts with a UID of "0" afford an opportunity for potential intruders to guess a password for a privileged account.
            
-@@ -13188,7 +13390,8 @@ Session key regeneration limits the chances of a session key becoming compromise
+@@ -13192,7 +13385,8 @@ Session key regeneration limits the chances of a session key becoming compromise
            
              RHEL-08-040210 - RHEL 8 must prevent Internet Control Message Protocol (ICMP) redirect messages from being accepted.
              
@@ -37296,7 +37900,7 @@ index 92f67b352..bfda2b2a3 100644
              
              ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
  
-@@ -13212,7 +13415,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13216,7 +13410,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040220 - RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.
              
@@ -37306,7 +37910,7 @@ index 92f67b352..bfda2b2a3 100644
              
              ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
  
-@@ -13235,7 +13439,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13239,7 +13434,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040230 - RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
              
@@ -37316,7 +37920,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
  
-@@ -13258,7 +13463,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13262,7 +13458,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040240 - RHEL 8 must not forward source-routed packets.
              
@@ -37326,7 +37930,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
  
-@@ -13282,7 +13488,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13286,7 +13483,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040250 - RHEL 8 must not forward source-routed packets by default.
              
@@ -37336,7 +37940,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
  
-@@ -13306,7 +13513,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13310,7 +13508,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040260 - RHEL 8 must not be performing packet forwarding unless the system is a router.
              
@@ -37346,7 +37950,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
  
-@@ -13330,7 +13538,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13334,7 +13533,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040261 - RHEL 8 must not accept router advertisements on all IPv6 interfaces.
              
@@ -37356,7 +37960,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
  
-@@ -13356,7 +13565,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13360,7 +13560,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040262 - RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.
              
@@ -37366,7 +37970,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
  
-@@ -13382,7 +13592,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13386,7 +13587,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040270 - RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.
              
@@ -37376,7 +37980,7 @@ index 92f67b352..bfda2b2a3 100644
              
              ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
  
-@@ -13405,7 +13616,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13409,7 +13611,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040280 - RHEL 8 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.
              
@@ -37386,7 +37990,7 @@ index 92f67b352..bfda2b2a3 100644
              
              ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
  
-@@ -13429,7 +13641,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13433,7 +13636,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040281 - RHEL 8 must disable access to network bpf syscall from unprivileged processes.
              
@@ -37396,7 +38000,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13450,7 +13663,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13454,7 +13658,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040282 - RHEL 8 must restrict usage of ptrace to descendant processes.
              
@@ -37406,7 +38010,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13471,7 +13685,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13475,7 +13680,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040283 - RHEL 8 must restrict exposed kernel pointer addresses access.
              
@@ -37416,7 +38020,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13492,7 +13707,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13496,7 +13702,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040284 - RHEL 8 must disable the use of user namespaces.
              
@@ -37426,7 +38030,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13513,7 +13729,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13517,7 +13724,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040285 - RHEL 8 must use reverse path filtering on all IPv4 interfaces.
              
@@ -37436,7 +38040,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13534,7 +13751,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13538,7 +13746,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040290 - RHEL 8 must be configured to prevent unrestricted mail relaying.
              
@@ -37446,7 +38050,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.
            
-@@ -13547,7 +13765,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13551,7 +13760,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-040340 - RHEL 8 remote X connections for interactive users must be disabled unless to fulfill documented and validated mission requirements.
              
@@ -37456,7 +38060,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding.  A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a ''no'' setting.
  X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X11 authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring if the ForwardX11Trusted option is also enabled.
-@@ -13562,7 +13781,8 @@ If X11 services are not required for the system's intended function, they should
+@@ -13566,7 +13776,8 @@ If X11 services are not required for the system's intended function, they should
            
              RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display.
              
@@ -37466,7 +38070,7 @@ index 92f67b352..bfda2b2a3 100644
              
              When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.
            
-@@ -13575,7 +13795,8 @@ If X11 services are not required for the system's intended function, they should
+@@ -13579,7 +13790,8 @@ If X11 services are not required for the system's intended function, they should
            
              RHEL-08-040350 - If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode.
              
@@ -37476,7 +38080,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
            
-@@ -13588,7 +13809,8 @@ If X11 services are not required for the system's intended function, they should
+@@ -13592,7 +13804,8 @@ If X11 services are not required for the system's intended function, they should
            
              RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8.
              
@@ -37486,7 +38090,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The FTP service provides an unencrypted remote access that does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised. SSH or other encrypted file transfer methods must be used in place of this service.
            
-@@ -13600,7 +13822,8 @@ If X11 services are not required for the system's intended function, they should
+@@ -13604,7 +13817,8 @@ If X11 services are not required for the system's intended function, they should
            
              RHEL-08-040370 - The gssproxy package must not be installed unless mission essential on RHEL 8.
              
@@ -37496,7 +38100,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13616,7 +13839,8 @@ The gssproxy package is a proxy for GSS API credential handling and could expose
+@@ -13620,7 +13834,8 @@ The gssproxy package is a proxy for GSS API credential handling and could expose
            
              RHEL-08-040380 - The iprutils package must not be installed unless mission essential on RHEL 8.
              
@@ -37506,7 +38110,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13632,7 +13856,8 @@ The iprutils package provides a suite of utilities to manage and configure SCSI
+@@ -13636,7 +13851,8 @@ The iprutils package provides a suite of utilities to manage and configure SCSI
            
              RHEL-08-040390 - The tuned package must not be installed unless mission essential on RHEL 8.
              
@@ -37516,7 +38120,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13648,7 +13873,8 @@ The tuned package contains a daemon that tunes the system settings dynamically.
+@@ -13652,7 +13868,8 @@ The tuned package contains a daemon that tunes the system settings dynamically.
            
              RHEL-08-030670 - RHEL 8 must have the packages required for offloading audit logs installed.
              
@@ -37526,7 +38130,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -13671,7 +13897,8 @@ Note that a port number was given as there is no standard port for RELP.
              RHEL-08-010163 - The krb5-server package must not be installed on RHEL 8.
              
@@ -37536,7 +38140,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
  
-@@ -13690,7 +13917,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+@@ -13694,7 +13912,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
            
              RHEL-08-010382 - RHEL 8 must restrict privilege elevation to authorized personnel.
              
@@ -37546,7 +38150,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.
            
-@@ -13703,7 +13931,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
+@@ -13707,7 +13926,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
            
              RHEL-08-010383 - RHEL 8 must use the invoking user's password for privilege escalation when using "sudo".
              
@@ -37556,7 +38160,7 @@ index 92f67b352..bfda2b2a3 100644
              
              The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
  For more information on each of the listed configurations, reference the sudoers(5) manual page.
-@@ -13727,7 +13956,8 @@ For more information on each of the listed configurations, reference the sudoers
+@@ -13731,7 +13951,8 @@ For more information on each of the listed configurations, reference the sudoers
            
              RHEL-08-010384 - RHEL 8 must require re-authentication when using the "sudo" command.
              
@@ -37566,7 +38170,7 @@ index 92f67b352..bfda2b2a3 100644
              
              Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
  
-@@ -13743,7 +13973,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
+@@ -13747,7 +13968,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
            
              RHEL-08-020331 - RHEL 8 must not allow blank or null passwords in the system-auth file.
              
@@ -37576,7 +38180,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
            
-@@ -13755,7 +13986,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
+@@ -13759,7 +13981,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
            
              RHEL-08-020332 - RHEL 8 must not allow blank or null passwords in the password-auth file.
              
@@ -37586,7 +38190,7 @@ index 92f67b352..bfda2b2a3 100644
              
              If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
            
-@@ -13767,7 +13999,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
+@@ -13771,7 +13994,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
            
              RHEL-08-040286 - RHEL 8 must enable hardening for the Berkeley Packet Filter Just-in-time compiler.
              
@@ -37596,7 +38200,7 @@ index 92f67b352..bfda2b2a3 100644
              
              It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -13790,7 +14023,8 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13794,7 +14018,8 @@ The sysctl --system command will load settings from all system configuration fil
            
              RHEL-08-010121 - The RHEL 8 operating system must not have accounts configured with blank or null passwords.
              
@@ -37606,7 +38210,127 @@ index 92f67b352..bfda2b2a3 100644
              
              If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
            
-@@ -13863,15 +14097,15 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -13806,7 +14031,8 @@ The sysctl --system command will load settings from all system configuration fil
+           
+             RHEL-08-010000 - RHEL 8 must be a vendor-supported release.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
+ 
+@@ -13821,7 +14047,8 @@ Note: The life-cycle time spans and dates are subject to adjustment.
+             RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
+ 
+@@ -13839,7 +14066,8 @@ Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000126-GPOS-00066, SRG-OS-000279-GPO
+           
+             RHEL-08-010300 - RHEL 8 system commands must have mode 755 or less permissive.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
+ 
+@@ -13853,7 +14081,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
+           
+             RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
+ 
+@@ -13869,7 +14098,8 @@ Verifying the authenticity of the software prior to installation validates the i
+           
+             RHEL-08-010540 - RHEL 8 must use a separate file system for /var.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
+           
+@@ -13881,7 +14111,8 @@ Verifying the authenticity of the software prior to installation validates the i
+           
+             RHEL-08-010541 - RHEL 8 must use a separate file system for /var/log.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
+           
+@@ -13893,7 +14124,8 @@ Verifying the authenticity of the software prior to installation validates the i
+           
+             RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to DoS attacks.
+ 
+@@ -13907,7 +14139,8 @@ This requirement addresses concurrent sessions for information system accounts a
+           
+             RHEL-08-020040 - RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
+ 
+@@ -13925,7 +14158,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011
+           
+             RHEL-08-020100 - RHEL 8 must ensure the password complexity module is enabled in the password-auth file.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
+ 
+@@ -13941,7 +14175,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. This
+           
+             RHEL-08-020220 - RHEL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
+ 
+@@ -13959,7 +14194,8 @@ Note that manual changes to the listed files may be overwritten by the "authsele
+           
+             RHEL-08-030070 - RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
+ 
+@@ -13975,7 +14211,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
+           
+             RHEL-08-020102 - RHEL 8 systems below version 8.4 must ensure the password complexity module in the system-auth file is configured for three retries or less.
+             
+-              Red Hat Enterprise Linux 8
++              Red Hat Enterprise Linux 8
++AlmaLinux 8
+             
+             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
+ 
+@@ -14092,15 +14329,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            
            
          
@@ -37625,7 +38349,7 @@ index 92f67b352..bfda2b2a3 100644
            
          
          
-@@ -15390,18 +15624,18 @@ The sysctl --system command will load settings from all system configuration fil
+@@ -15677,18 +15914,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b
            1
          
@@ -37650,11 +38374,11 @@ index 92f67b352..bfda2b2a3 100644
          
          
            /boot/grub2/grub.cfg
-diff --git a/shared/references/disa-stig-rhel8-v1r9-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r9-xccdf-manual.xml
-index 4d2982317..6d1974a59 100644
---- a/shared/references/disa-stig-rhel8-v1r9-xccdf-manual.xml
-+++ b/shared/references/disa-stig-rhel8-v1r9-xccdf-manual.xml
-@@ -374,7 +374,7 @@ SHA_CRYPT_MIN_ROUNDS 5000TMOUT option in /etc/profile ensures that
  
 diff --git a/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml b/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml
-index 151fb1c1b..286d11271 100644
+index 1feaeb55c..1e96bdeb9 100644
 --- a/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml
 +++ b/tests/unit/ssg-module/data/accounts_tmout_without_ocil.yml
 @@ -1,4 +1,4 @@
@@ -38695,10 +39452,10 @@ index 8e5e284ee..ce1b79416 100644
  # remediation = none
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
 diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
-index a25f2321d..85c39e45c 100755
+index 60eaf4402..c55660e35 100755
 --- a/utils/ansible_playbook_to_role.py
 +++ b/utils/ansible_playbook_to_role.py
-@@ -57,6 +57,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
+@@ -58,6 +58,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
  PRODUCT_ALLOWLIST = set([
      "rhel7",
      "rhel8",