From c3cbe0ea4c015870250cdd3458d03fa3955d5500 Mon Sep 17 00:00:00 2001
From: Andrew Lukoshko <andrew.lukoshko@gmail.com>
Date: Wed, 25 Dec 2024 15:09:45 +0000
Subject: [PATCH] Update AlmaLinux patch

---
 ...guide-0.1.75-add-almalinux9-product.patch} | 3136 +++++++----------
 1 file changed, 1253 insertions(+), 1883 deletions(-)
 rename SOURCES/{scap-security-guide-0.1.74-add-almalinux9-product.patch => scap-security-guide-0.1.75-add-almalinux9-product.patch} (90%)

diff --git a/SOURCES/scap-security-guide-0.1.74-add-almalinux9-product.patch b/SOURCES/scap-security-guide-0.1.75-add-almalinux9-product.patch
similarity index 90%
rename from SOURCES/scap-security-guide-0.1.74-add-almalinux9-product.patch
rename to SOURCES/scap-security-guide-0.1.75-add-almalinux9-product.patch
index 9530534..fd4a8af 100644
--- a/SOURCES/scap-security-guide-0.1.74-add-almalinux9-product.patch
+++ b/SOURCES/scap-security-guide-0.1.75-add-almalinux9-product.patch
@@ -1,8 +1,8 @@
 diff --git a/CMakeLists.txt b/CMakeLists.txt
-index 4c258307d..ddee99e14 100644
+index 59e3de4d5..ae0148019 100644
 --- a/CMakeLists.txt
 +++ b/CMakeLists.txt
-@@ -85,6 +85,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui
+@@ -87,6 +87,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui
  # project. Note that the example product is always disabled unless explicitly asked for.
  option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
@@ -10,7 +10,7 @@ index 4c258307d..ddee99e14 100644
  option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
  option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT})
-@@ -313,6 +314,7 @@ message(STATUS " ")
+@@ -317,6 +318,7 @@ message(STATUS " ")
  message(STATUS "Products:")
  message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}")
  message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}")
@@ -18,7 +18,7 @@ index 4c258307d..ddee99e14 100644
  message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}")
  message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}")
  message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}")
-@@ -377,6 +379,9 @@ endif()
+@@ -382,6 +384,9 @@ endif()
  if(SSG_PRODUCT_ALINUX3)
      add_subdirectory("products/alinux3" "alinux3")
  endif()
@@ -29,10 +29,10 @@ index 4c258307d..ddee99e14 100644
      add_subdirectory("products/anolis8" "anolis8")
  endif()
 diff --git a/build_product b/build_product
-index b3246a268..b89a05eb8 100755
+index 8685fffc6..f8c3e0203 100755
 --- a/build_product
 +++ b/build_product
-@@ -351,6 +351,7 @@ all_cmake_products=(
+@@ -359,6 +359,7 @@ all_cmake_products=(
  	AL2023
  	ALINUX2
  	ALINUX3
@@ -41,19 +41,19 @@ index b3246a268..b89a05eb8 100755
  	ANOLIS23
  	CHROMIUM
 diff --git a/components/rpm.yml b/components/rpm.yml
-index f32f248ad..8a05dca3f 100644
+index f32f248ad..eb6b16ee4 100644
 --- a/components/rpm.yml
 +++ b/components/rpm.yml
-@@ -9,6 +9,7 @@ rules:
- - dnf-automatic_apply_updates
- - dnf-automatic_security_updates_only
- - ensure_GPG_keys_are_configured
+@@ -17,6 +17,7 @@ rules:
+ - ensure_oracle_gpgkey_installed
+ - ensure_package_repositories_are_configured
+ - ensure_redhat_gpgkey_installed
 +- ensure_almalinux_gpgkey_installed
- - ensure_fedora_gpgkey_installed
- - ensure_gpgcheck_globally_activated
- - ensure_gpgcheck_local_packages
+ - ensure_amazon_gpgkey_installed
+ - ensure_suse_gpgkey_installed
+ - package_dnf-automatic_installed
 diff --git a/controls/anssi.yml b/controls/anssi.yml
-index 247a9c44a..1e747157d 100644
+index a03a06d56..86d42ae18 100644
 --- a/controls/anssi.yml
 +++ b/controls/anssi.yml
 @@ -1244,7 +1244,7 @@ controls:
@@ -65,15 +65,15 @@ index 247a9c44a..1e747157d 100644
      - ensure_oracle_gpgkey_installed
  
    - id: R60
-@@ -1362,7 +1362,6 @@ controls:
+@@ -1363,7 +1363,6 @@ controls:
        When authentication takes place through a remote application (network),
        the authentication protocol used by PAM must be secure (flow encryption,
        remote server authentication, anti-replay mechanisms, ...).
--    {{% if "rhel" in product %}}
+-    {{% if "rhel" in product or "ol" in families %}}
      notes: |-
-       In RHEL systems, remote authentication is handled through sssd service.
+       In {{{ full_name }}} systems, remote authentication is handled through sssd service.
        PAM delegates requests for remote authentication to this service through a
-@@ -1385,10 +1384,6 @@ controls:
+@@ -1386,10 +1385,6 @@ controls:
        {{% endif %}}
      related_rules:
        - package_sssd-ipa_installed
@@ -85,10 +85,10 @@ index 247a9c44a..1e747157d 100644
    - id: R68
      title: Protecting stored passwords
 diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml
-index f2a4cdc5e..3ac8392cd 100644
+index 825328bc2..f8f2e295a 100644
 --- a/controls/cis_rhel10.yml
 +++ b/controls/cis_rhel10.yml
-@@ -360,7 +360,7 @@ controls:
+@@ -365,7 +365,7 @@ controls:
        - l1_workstation
      status: manual
      related_rules:
@@ -98,7 +98,7 @@ index f2a4cdc5e..3ac8392cd 100644
    - id: 1.2.1.2
      title: Ensure gpgcheck is globally activated (Automated)
 diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml
-index 102793f78..07f20d0c0 100644
+index 95b94d22f..1840be10e 100644
 --- a/controls/cis_rhel8.yml
 +++ b/controls/cis_rhel8.yml
 @@ -353,7 +353,7 @@ controls:
@@ -111,7 +111,7 @@ index 102793f78..07f20d0c0 100644
    - id: 1.2.2
      title: Ensure gpgcheck is globally activated (Automated)
 diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml
-index ffa633298..f718a26b1 100644
+index 9004c8426..916505823 100644
 --- a/controls/cis_rhel9.yml
 +++ b/controls/cis_rhel9.yml
 @@ -360,7 +360,7 @@ controls:
@@ -124,7 +124,7 @@ index ffa633298..f718a26b1 100644
    - id: 1.2.1.2
      title: Ensure gpgcheck is globally activated (Automated)
 diff --git a/controls/e8.yml b/controls/e8.yml
-index 7656fb7ae..aa66e557c 100644
+index 49a58ef29..ebbffc918 100644
 --- a/controls/e8.yml
 +++ b/controls/e8.yml
 @@ -23,7 +23,7 @@ controls:
@@ -137,7 +137,7 @@ index 7656fb7ae..aa66e557c 100644
              - ensure_gpgcheck_local_packages
              - ensure_gpgcheck_globally_activated
 diff --git a/controls/hipaa.yml b/controls/hipaa.yml
-index a2eaad9c6..28add3325 100644
+index 3de4d53c2..8e5d4f27d 100644
 --- a/controls/hipaa.yml
 +++ b/controls/hipaa.yml
 @@ -163,7 +163,7 @@ controls:
@@ -149,7 +149,7 @@ index a2eaad9c6..28add3325 100644
              - ensure_suse_gpgkey_installed
          status: automated
  
-@@ -1376,7 +1376,7 @@ controls:
+@@ -1377,7 +1377,7 @@ controls:
              - ensure_gpgcheck_local_packages
              - ensure_gpgcheck_never_disabled
              - ensure_gpgcheck_repo_metadata
@@ -158,7 +158,7 @@ index a2eaad9c6..28add3325 100644
              - ensure_suse_gpgkey_installed
          status: automated
  
-@@ -1406,7 +1406,7 @@ controls:
+@@ -1407,7 +1407,7 @@ controls:
              - ensure_gpgcheck_local_packages
              - ensure_gpgcheck_never_disabled
              - ensure_gpgcheck_repo_metadata
@@ -167,7 +167,7 @@ index a2eaad9c6..28add3325 100644
              - ensure_suse_gpgkey_installed
          status: automated
  
-@@ -1425,7 +1425,7 @@ controls:
+@@ -1426,7 +1426,7 @@ controls:
              - ensure_gpgcheck_local_packages
              - ensure_gpgcheck_never_disabled
              - ensure_gpgcheck_repo_metadata
@@ -186,32 +186,32 @@ index a2eaad9c6..28add3325 100644
          status: automated
  
 diff --git a/controls/ospp.yml b/controls/ospp.yml
-index 1734ed07b..052ad09e2 100644
+index 8e3f400ed..4d724aa2b 100644
 --- a/controls/ospp.yml
 +++ b/controls/ospp.yml
-@@ -552,7 +552,7 @@ controls:
+@@ -448,7 +448,7 @@ controls:
              - ensure_gpgcheck_globally_activated
              - ensure_gpgcheck_local_packages
              - ensure_gpgcheck_never_disabled
 -            - ensure_redhat_gpgkey_installed
 +            - ensure_almalinux_gpgkey_installed
-             - ensure_suse_gpgkey_installed
          status: automated
  
-@@ -566,7 +566,7 @@ controls:
+     -   id: FPT_TUD_EXT.2
+@@ -462,7 +462,7 @@ controls:
              - ensure_gpgcheck_globally_activated
              - ensure_gpgcheck_local_packages
              - ensure_gpgcheck_never_disabled
 -            - ensure_redhat_gpgkey_installed
 +            - ensure_almalinux_gpgkey_installed
-             - ensure_suse_gpgkey_installed
          status: automated
  
+     -   id: FPT_TST_EXT.1
 diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml
-index 644c31313..695166558 100644
+index 17b688dfa..23bbc421c 100644
 --- a/controls/pcidss_4.yml
 +++ b/controls/pcidss_4.yml
-@@ -1549,7 +1549,7 @@ controls:
+@@ -1554,7 +1554,7 @@ controls:
          - base
        status: automated
        rules:
@@ -221,10 +221,10 @@ index 644c31313..695166558 100644
          - ensure_gpgcheck_globally_activated
          - ensure_gpgcheck_never_disabled
 diff --git a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
-index 77571c24c..7d36e6e18 100644
+index dbec9fe45..c237f1be4 100644
 --- a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
 +++ b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml
-@@ -18,5 +18,8 @@ controls:
+@@ -21,5 +21,8 @@ controls:
              {{% if 'ol' in product %}}
              - ensure_oracle_gpgkey_installed
              {{% endif %}}
@@ -234,10 +234,10 @@ index 77571c24c..7d36e6e18 100644
  
          status: automated
 diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml
-index c2ce40e0b..2d9836b69 100644
+index b7197b06a..aa351548c 100644
 --- a/controls/stig_rhel9.yml
 +++ b/controls/stig_rhel9.yml
-@@ -386,7 +386,7 @@ controls:
+@@ -377,7 +377,7 @@ controls:
              - medium
          title: RHEL 9 must ensure cryptographic verification of vendor software packages.
          rules:
@@ -246,273 +246,6 @@ index c2ce40e0b..2d9836b69 100644
          status: automated
  
      -   id: RHEL-09-214015
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
-index 3b17acca6..adba274db 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
-@@ -11,13 +11,13 @@ description: |-
-     startup (the default), add the following line to a file with suffix
-     <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-     <pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-@@ -25,13 +25,13 @@ description: |-
-     utility to read audit rules during daemon startup, add the following line to
-     <tt>/etc/audit/audit.rules</tt> file:
-     <pre>-a always,exit -F arch=b32 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S fremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
-index 9756ead9e..c1a4d2c76 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
-@@ -9,24 +9,24 @@ description: |-
-     startup (the default), add the following line to a file with suffix
-     <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-     <pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-     utility to read audit rules during daemon startup, add the following line to
-     <tt>/etc/audit/audit.rules</tt> file:
-     <pre>-a always,exit -F arch=b32 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S fsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
-index 240ad18ff..15aadcdbc 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
-@@ -11,13 +11,13 @@ description: |-
-     startup (the default), add the following line to a file with suffix
-     <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-     <pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-@@ -25,13 +25,13 @@ description: |-
-     utility to read audit rules during daemon startup, add the following line to
-     <tt>/etc/audit/audit.rules</tt> file:
-     <pre>-a always,exit -F arch=b32 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S lremovexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
-index 574ecc36d..6e4d8d783 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
-@@ -9,24 +9,24 @@ description: |-
-     startup (the default), add the following line to a file with suffix
-     <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-     <pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-     utility to read audit rules during daemon startup, add the following line to
-     <tt>/etc/audit/audit.rules</tt> file:
-     <pre>-a always,exit -F arch=b32 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S lsetxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
-index 9c88331a0..96003db79 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
-@@ -10,13 +10,13 @@ description: |-
-     program to read audit rules during daemon startup (the default), add the
-     following line to a file with suffix <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-     <pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-@@ -24,13 +24,13 @@ description: |-
-     utility to read audit rules during daemon startup, add the following line to
-     <tt>/etc/audit/audit.rules</tt> file:
-     <pre>-a always,exit -F arch=b32 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     <br /><br />
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S removexattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
-index 8c8f9b4df..92db5e6e9 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
-@@ -9,24 +9,24 @@ description: |-
-     startup (the default), add the following line to a file with suffix
-     <tt>.rules</tt> in the directory <tt>/etc/audit/rules.d</tt>:
-     <pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the <tt>auditd</tt> daemon is configured to use the <tt>auditctl</tt>
-     utility to read audit rules during daemon startup, add the following line to
-     <tt>/etc/audit/audit.rules</tt> file:
-     <pre>-a always,exit -F arch=b32 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
-     If the system is 64 bit then also add the following line:
-     <pre>-a always,exit -F arch=b64 -S setxattr -F auid&gt;={{{ auid }}} -F auid!=unset -F key=perm_mod</pre>
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}}
-+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}}
-     <pre>-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod</pre>
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
-index 2fe1d2081..be5512c21 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
-index ecf5cc94c..e7f7633bc 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
-index 7f9a6d07e..13283e92d 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
-index fde14f70c..b894fc96d 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
-index 7373a058f..e602a2c35 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
-index 83c97ec3e..1313d59ea 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
 index 53e61fb25..e9a0edcde 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
@@ -636,12 +369,12 @@ index bdf3015c4..658327033 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
-index 2e008b37e..7e74c94e7 100644
+index 1ee266d25..a32ed4e88 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_ubuntu,multi_platform_debian
  # reboot = false
  # complexity = low
  # disruption = low
@@ -657,12 +390,12 @@ index 7c8e520c1..e5c1d9d93 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
-index 9349085f7..b20604aa7 100644
+index 6d545f87c..613960cbc 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  # reboot = false
  # complexity = low
  # disruption = low
@@ -720,7 +453,7 @@ index 1ea2bcfa9..06d0f131a 100644
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
-index 123bfa32f..e4cf27034 100644
+index e8b40c40b..e5236edeb 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_cis.pass.sh
 @@ -1,6 +1,6 @@
@@ -730,9 +463,9 @@ index 123bfa32f..e4cf27034 100644
 +# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9
  # profiles = xccdf_org.ssgproject.content_profile_cis
  
- path="/var/run/faillock"
+ {{{ setup_auditctl_environment() }}}
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
-index 2c17afeaa..2671c5a97 100644
+index b1e45d310..ad0406008 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_extra_permission_cis.pass.sh
 @@ -1,6 +1,6 @@
@@ -742,9 +475,9 @@ index 2c17afeaa..2671c5a97 100644
 +# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9
  # profiles = xccdf_org.ssgproject.content_profile_cis
  
- path="/var/run/faillock"
+ {{{ setup_auditctl_environment() }}}
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
-index ea2066f6f..a933d7648 100644
+index c602f8e49..9ad785f22 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_correct_without_key_cis.pass.sh
 @@ -1,6 +1,6 @@
@@ -754,9 +487,9 @@ index ea2066f6f..a933d7648 100644
 +# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9
  # profiles = xccdf_org.ssgproject.content_profile_cis
  
- path="/var/run/faillock"
+ {{{ setup_auditctl_environment() }}}
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
-index 609e9755d..e3a533a78 100644
+index 00e9c031c..af04b3b7e 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_remove_all_rules_cis.fail.sh
 @@ -1,6 +1,6 @@
@@ -766,9 +499,9 @@ index 609e9755d..e3a533a78 100644
 +# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9
  # profiles = xccdf_org.ssgproject.content_profile_cis
  
- path="/var/run/faillock"
+ {{{ setup_auditctl_environment() }}}
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
-index caf40c54b..180926634 100644
+index 8c380177f..7cb0a78a9 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_cis.fail.sh
 @@ -1,6 +1,6 @@
@@ -778,9 +511,9 @@ index caf40c54b..180926634 100644
 +# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9
  # profiles = xccdf_org.ssgproject.content_profile_cis
  
- path="/var/run/faillock"
+ {{{ setup_auditctl_environment() }}}
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
-index ee1fdc951..114358c95 100644
+index a321ab78b..a54b2e4d6 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/auditctl_wrong_rule_without_key_cis.fail.sh
 @@ -1,6 +1,6 @@
@@ -790,7 +523,7 @@ index ee1fdc951..114358c95 100644
 +# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9,AlmaLinux 9
  # profiles = xccdf_org.ssgproject.content_profile_cis
  
- path="/var/run/faillock"
+ {{{ setup_auditctl_environment() }}}
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
 index e2750dbee..f6561744c 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/tests/augenrules_correct_cis.pass.sh
@@ -874,7 +607,7 @@ index b3f4eb102..e6bb717eb 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
-index 8615165ec..002902145 100644
+index 3526d3fea..046a977ca 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh
 @@ -1,5 +1,5 @@
@@ -883,9 +616,9 @@ index 8615165ec..002902145 100644
 -# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+ {{{ setup_auditctl_environment() }}}
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
-index bc3f67c9c..a37ccd0bf 100644
+index 1fbd8ba8a..65ac95bb2 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh
 @@ -1,6 +1,6 @@
@@ -894,10 +627,10 @@ index bc3f67c9c..a37ccd0bf 100644
 -# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
- sed -i '/newgrp/d' /etc/audit/audit.rules
+ {{{ setup_auditctl_environment() }}}
+ 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
-index ed2cc6c29..13cbaac12 100644
+index 20fee9f76..71dfe4b3c 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh
 @@ -1,6 +1,6 @@
@@ -906,10 +639,10 @@ index ed2cc6c29..13cbaac12 100644
 -# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- echo "-a always,exit -F path=/usr/bin/sudo -F perm=x -F auid>={{{ uid_min }}} -F auid!=unset -k privileged" >> /etc/audit/audit.rules
- sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+ {{{ setup_auditctl_environment() }}}
+ 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
-index e1d5d05df..6a758969a 100644
+index 5cc15361e..2e18c47f0 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh
 @@ -1,6 +1,6 @@
@@ -918,10 +651,10 @@ index e1d5d05df..6a758969a 100644
 -# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
- sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service
+ {{{ setup_auditctl_environment() }}}
+ 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
-index ec89d9ce8..81e0062b1 100644
+index dc7ae3bdf..ff7f21c64 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_without_perm_x.pass.sh
 @@ -1,6 +1,6 @@
@@ -930,8 +663,8 @@ index ec89d9ce8..81e0062b1 100644
 -# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
- ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/audit.rules
- sed -i -E 's/^(.*path=[[:graph:]]+) -F perm=x(.*$)/\1\2/' /etc/audit/audit.rules
+ {{{ setup_auditctl_environment() }}}
+ 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
 index ee36da807..bd848737d 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh
@@ -1085,96 +818,6 @@ index 81fc6dd16..9c3f84ef8 100644
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8
  
  ./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
-index 9157c17f2..f7d274205 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
-index 699c2d8c3..0119493b3 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
-index 8c2f54aa9..2c406e634 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
-index 457617560..2ffa5534b 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
-index f911a1d55..520094144 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
-index 561a4974d..e91db62ba 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
-index b500a24a9..59e228acd 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
-index 90b3941f0..60d2d8077 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
-index 88a766528..e5a38cc86 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
 index 6c114c13c..5c5f7185c 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml
@@ -1215,126 +858,6 @@ index c4c78f756..c9c2d7239 100644
  
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}}
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
-index 0a926a6e8..f20b56a6f 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
-index aaf7d582d..407456b42 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
-index 2576c601a..b370e724f 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
-index 03ef13994..c7b265fb5 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
-index eade8c773..9b7cf6502 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
-index d8f56e495..0fca7dc10 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
-index e56a86204..33a358b9b 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
-index 6c01ca01c..e3d06dbb3 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
-index 69d289386..885d6d1fc 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
-index 778db53e1..e02f0d34a 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
-index ab922936f..01e4924cd 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
-index b3117ec8c..953a43454 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
 index 7e18fe435..a27adad2d 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml
@@ -1355,136 +878,6 @@ index 102d4b40b..f9a428790 100644
  
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}}
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
-index 1ab729e15..0a120f536 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
-index f605a88d0..3486b8b16 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
-index 1abe26173..f19afceca 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
-index 39e36b02f..defc67d02 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
-index 1450e43e8..a2f6c6790 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
-index f65a2c582..b55f0485d 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
-index 49e688630..7bb6db04d 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
-index 74f5baa80..211dd20a1 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
-index 4bf53b3d9..efbe8d851 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
-index f27698264..76cbf268d 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
-index a0ec6851a..7f3d85d3f 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
-index bf42d77e9..8c8698a28 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
-diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
-index 264d2b88e..b66bf55db 100644
---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
-+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml
-@@ -1,4 +1,4 @@
--{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4",  "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}}
-   {{%- set perm_x="-F perm=x " %}}
- {{%- endif %}}
- 
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh
 index b57078075..5d03b92a6 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh
@@ -1619,7 +1012,7 @@ index 8b2377d44..39c2bba69 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
-index 64e8dde85..3d4f65278 100644
+index 0e882f8c9..e18326c0d 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_auid_privilege_function/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -1639,22 +1032,22 @@ index 15d6fa4e2..7f98c9915 100644
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
-index 4b841e808..80473d8ce 100644
+index 340551b27..3dcf0ed87 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh
-index 8fdd7e75a..9c16b41cc 100644
+index 424d65c1f..f787822c0 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
@@ -1670,12 +1063,12 @@ index 323a798b1..46fad7416 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh
-index 027623091..c1c2c1952 100644
+index 1dfe6124c..7e915ca96 100644
 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh
 +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  
@@ -1991,97 +1384,84 @@ index 003e3330f..368540adc 100644
  
  source common_0600.sh
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
-index 1e0529f08..9ed9948a4 100644
+index 083f32d74..655635941 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = false
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
-index f17751e98..df9a32a67 100644
+index e5743cfad..b60215a3e 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_audispd_remote_server") }}}
  
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
-index 942cd0f5d..a53df57b1 100644
+index d4ba66ac7..de8c26b9c 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
-index 36e7f8cda..842f3922d 100644
+index 76c1ad183..18a751f06 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_audispd_disk_full_action") }}}
  
-diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
-index a7707339f..a7fcad306 100644
---- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
-+++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
-@@ -55,7 +55,7 @@ ocil: |-
- 
- fixtext: |-
-     Configure {{{ full_name }}} to encrypt audit records sent with audispd plugin.
--{{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] %}}
-+{{% if product in ["rhel8", "rhel9", "almalinux9", "fedora", "ol8", "rhv4"] %}}
-     Set the "transport" option in "{{{ audisp_conf_path }}}/audisp-remote.conf" to "KRB5".
- {{% else %}}
-     Uncomment the "enable_krb5" option in "{{{ audisp_conf_path }}}/audisp-remote.conf",
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
-index 71fc81683..835402712 100644
+index d238e7277..cbeae4d55 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
-index d1a513600..8ca091bea 100644
+index 90f6fbc93..d64b401df 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_audispd_network_failure_action") }}}
  
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
-index d244d4bd0..ec516de8a 100644
+index 28d00f26e..bf391529f 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  
  . $SHARED/auditd_utils.sh
  prepare_auditd_test_enviroment
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
-index af96da871..3bcbba05c 100644
+index fea488a3e..62a08e1c7 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  
  . $SHARED/auditd_utils.sh
  prepare_auditd_test_enviroment
@@ -2184,22 +1564,22 @@ index 55f407e01..b9084af21 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
-index 0adf2b538..376952524 100644
+index 4205bb067..d7a1a4d8b 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
-index ce4f4d029..6ab8e06dd 100644
+index 698076ac8..e59677252 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}}
  
@@ -2246,22 +1626,22 @@ index 55f407e01..b9084af21 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
-index b82e6d174..717e52b99 100644
+index bcb4b0de9..2f6e309d3 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
-index dfb8d3035..28e3fd6c9 100644
+index 06d79abb6..258378a89 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}}
  
@@ -2545,22 +1925,22 @@ index 55f407e01..b9084af21 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
-index ec0ed4850..3c3b130e8 100644
+index bf6dec7e1..5ab7ec344 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
-index b6e0267bb..990063e2f 100644
+index e6a508f32..4be7f5b35 100644
 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
 +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
  
@@ -2670,6 +2050,19 @@ index 55f407e01..b9084af21 100644
  # reboot = true
  # strategy = restrict
  # complexity = low
+diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml
+index b14a9d1ea..bae972a3d 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_access_failed/rule.yml
+@@ -28,7 +28,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
 index f29a4afc6..26ac0688c 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml
@@ -2703,6 +2096,19 @@ index 413293083..3f8c50a39 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml
+index 07f1995d3..30466b97c 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_access_success/rule.yml
+@@ -27,7 +27,7 @@ severity: medium
+ 
+ # on RHEL9 there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
 index 1d08bae3a..3e2300448 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml
@@ -2736,6 +2142,19 @@ index f62426900..bd3ddd10a 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml
+index 6e54357fb..e5dc076dd 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_create_failed/rule.yml
+@@ -36,7 +36,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
 index c26dc39be..d32b854fd 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml
@@ -2758,6 +2177,19 @@ index 08c8dc855..e9277f263 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml
+index 8f2967b86..497e9d14e 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_create_success/rule.yml
+@@ -30,7 +30,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
 index dab3d0eaa..620596c44 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
@@ -2769,6 +2201,19 @@ index dab3d0eaa..620596c44 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml
+index fd0c14485..2c74a5745 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_failed/rule.yml
+@@ -28,7 +28,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
 index 22d3990f0..ed4f8bce8 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml
@@ -2802,6 +2247,19 @@ index bff04fe4c..a56d7f18f 100644
  
  {{% set file_contents = """## Successful file delete
  -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid&gt;=" ~ uid_min ~ " -F auid!=unset -F key=successful-delete
+diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml
+index de80eee5e..8b847c0fb 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_delete_success/rule.yml
+@@ -26,7 +26,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
 index 37b8b3676..d1be71273 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml
@@ -2846,6 +2304,19 @@ index 2d9279849..ec6477378 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml
+index b3c3f4df7..0edd1130c 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_failed/rule.yml
+@@ -36,7 +36,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
 index dae466002..527bc8489 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml
@@ -2879,6 +2350,19 @@ index c6f796967..7a6e545c4 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml
+index eb6c21648..001790bdd 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_modify_success/rule.yml
+@@ -31,7 +31,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
 index 212ec4ba5..62e1ee6de 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml
@@ -2912,6 +2396,19 @@ index f8cd8b73d..090554c02 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml
+index 4cf215813..8a6276261 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_module_load/rule.yml
+@@ -27,7 +27,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
 index 231034a9c..460877cec 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_module_load_ppc64le/kubernetes/shared.yml
@@ -2934,6 +2431,19 @@ index 6002067e5..0515753c4 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
+index 43c10850f..d856b0849 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_ospp_general/rule.yml
+@@ -142,7 +142,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
 index c122b209f..d1f676a94 100644
 --- a/linux_os/guide/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml
@@ -2956,6 +2466,58 @@ index fa81ece03..7a26684d2 100644
  apiVersion: machineconfiguration.openshift.io/v1
  kind: MachineConfig
  spec:
+diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml
+index da5675b52..fc4ab9d98 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_failed/rule.yml
+@@ -28,7 +28,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
+diff --git a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml
+index acad2197a..a6e2ba04a 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_owner_change_success/rule.yml
+@@ -26,7 +26,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
+diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml
+index c3dc80d3e..893cdfd44 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_failed/rule.yml
+@@ -28,7 +28,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
+diff --git a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml
+index b4d600325..641e734d9 100644
+--- a/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml
++++ b/linux_os/guide/auditing/policy_rules/audit_perm_change_success/rule.yml
+@@ -26,7 +26,7 @@ severity: medium
+ 
+ # on RHEL9+ there are rules which cover particular hardware architectures
+ # so do not apply this rule but apply the specific one instead
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
+ platforms:
+     - not aarch64_arch and not ppc64le_arch
+ {{% endif %}}
 diff --git a/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml
 index 89d6152dc..7afbf02b7 100644
 --- a/linux_os/guide/auditing/service_auditd_enabled/kubernetes/shared.yml
@@ -2976,6 +2538,16 @@ index 1f6a233ed..9f3a4d6b4 100644
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
  
  kdump --disable
+diff --git a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
+index 7977cba9f..f382450ee 100644
+--- a/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
++++ b/linux_os/guide/services/cron_and_at/service_cron_enabled/rule.yml
+@@ -1,4 +1,4 @@
+-{{% if product in ["rhel8", "rhel9", "rhel10"] %}}
++{{% if product in ["rhel8", "rhel9", "almalinux9", "rhel10"] %}}
+ {{% set service_name = "crond" %}}
+ {{% else %}}
+ {{% set service_name = "cron" %}}
 diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
 index 646e63f4b..cb346ebf4 100644
 --- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh
@@ -2987,27 +2559,27 @@ index 646e63f4b..cb346ebf4 100644
  
  # Use LDAP for authentication
 diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
-index 3a86771d6..bacfaa7d0 100644
+index a0330236a..89efc61e4 100644
 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
 +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
  # reboot = false
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
-index 743d47775..54354e10c 100644
+index 001ead7d6..1fc220d8a 100644
 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
 +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
  
  {{{ bash_instantiate_variables("var_postfix_root_mail_alias") }}}
  
 diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
-index c5e7ae18c..1ab2a0a40 100644
+index ef8290b59..ad730ee5c 100644
 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
 +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -3026,6 +2598,30 @@ index befe1acf3..e36b1fd3e 100644
  
  {{{ bash_instantiate_variables("var_postfix_inet_interfaces") }}}
  
+diff --git a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
+index 4963780f8..c3bc5b0de 100644
+--- a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_pool_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_package_remove("ntp") }}}
+ 
+diff --git a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh
+index fdfe38968..92a468e1e 100644
+--- a/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh
++++ b/linux_os/guide/services/ntp/chrony_set_nts/tests/chrony_d_one_server_missing.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = chrony
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
+ 
+ {{{ bash_package_remove("ntp") }}}
+ 
 diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
 index 524cdc7d0..2678708d2 100644
 --- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh
@@ -3705,15 +3301,15 @@ index 5a97f74df..104b27f3f 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
-index 280020823..582a114c6 100644
+index dddb0e0e9..0eac6ed8c 100644
 --- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
 +++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/oval/shared.xml
 @@ -53,7 +53,7 @@
  
      <ind:textfilecontent54_object id="object_firewalld_sshd_port_enabled_zones_assigned_to_nics"
          comment="Check the respective zone parameter in all NICs configuration files" version="3">
--        {{% if product in ["fedora", "ol9", "rhel9"] %}}
-+        {{% if product in ["fedora", "ol9", "rhel9", "almalinux9"] %}}
+-        {{% if product in ["fedora", "ol9", "rhel9", "rhel10"] %}}
++        {{% if product in ["fedora", "ol9", "rhel9", "almalinux9", "rhel10"] %}}
          <ind:path>/etc/NetworkManager/system-connections</ind:path>
          <ind:filename operation="pattern match">.*\.nmconnection</ind:filename>
          <ind:pattern operation="pattern match">^zone=(.*)$</ind:pattern>
@@ -3721,83 +3317,11 @@ index 280020823..582a114c6 100644
      <unix:file_object id="object_firewalld_sshd_port_enabled_network_conf_files" version="1">
          <unix:behaviors recurse="directories" recurse_direction="down" max_depth="1"
              recurse_file_system="all"/>
--        {{% if product in ["fedora", "ol9", "rhel9"] %}}
-+        {{% if product in ["fedora", "ol9", "rhel9", "almalinux9"] %}}
+-        {{% if product in ["fedora", "ol9", "rhel9", "rhel10"] %}}
++        {{% if product in ["fedora", "ol9", "rhel9", "almalinux9", "rhel10"] %}}
          <unix:path>/etc/NetworkManager/system-connections</unix:path>
          <unix:filename operation="pattern match">.*\.nmconnection</unix:filename>
          {{% else %}}
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml
-index 39102e5d7..2dcfeeb0f 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh
-index ba5987621..d972650ea 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv
- 
- 
- {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^Protocol', '2', '%s %s') }}}
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml
-index f8d422c6c..aafcd046f 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh
-index c7212d5b8..dc1e8c4b9 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- 
- {{{ bash_instantiate_variables("var_sshd_disable_compression") }}}
- {{{ bash_sshd_remediation("Compression", "$var_sshd_disable_compression") }}}
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/param_conflict_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/param_conflict_directory.fail.sh
-index f1c15c139..b22ea6c66 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/param_conflict_directory.fail.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/tests/param_conflict_directory.fail.sh
-@@ -1,6 +1,6 @@
- #!/bin/bash
- 
--# platform = multi_platform_fedora,Red Hat Enterprise Linux 9
-+# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9
- 
- SSHD_PARAM="Compression"
- 
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml
-index 228a1166a..6ba91af43 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh
-index 5a1ec5cf7..d240b4711 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
- 
- 
- {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^RhostsRSAAuthentication', 'no', '%s %s') }}}
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_size_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_size_directory.fail.sh
 index 9b10c1d19..9d45a7368 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/bad_size_directory.fail.sh
@@ -3860,216 +3384,90 @@ index 021280218..904930d1a 100644
  # profiles = xccdf_org.ssgproject.content_profile_ospp
  
  mkdir -p /etc/ssh/sshd_config.d
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml
-index 5b54ab892..4213bc152 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh
-index 66b0d783a..78adcaa64 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/correct_value_directory.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,Red Hat Enterprise Linux 9
-+# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9
- 
- SSHD_CONFIG_DIR="/etc/ssh/sshd_config.d"
- SSHD_CONFIG="${SSHD_CONFIG_DIR}/good_config.conf"
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh
-index ea5e8f16c..5df0dd4af 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/param_conflict_directory.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,Red Hat Enterprise Linux 9
-+# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9
- 
- SSHD_CONFIG_DIR="/etc/ssh/sshd_config.d"
- SSHD_CONFIG_BAD="${SSHD_CONFIG_DIR}/bad_config.conf"
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh
-index ead09cc23..c4dae825a 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/tests/wrong_value_directory.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,Red Hat Enterprise Linux 9
-+# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9
- 
- SSHD_CONFIG_DIR="/etc/ssh/sshd_config.d"
- SSHD_CONFIG="${SSHD_CONFIG_DIR}/bad_config.conf"
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml
-index be6b3672f..869beb409 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh
-index e777ce8fe..588ca64d7 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
- 
- {{{ bash_instantiate_variables("var_sshd_set_keepalive") }}}
- 
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh
-index 8c774768c..9e8a8c6cd 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/correct_value_dot_dir.pass.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,Red Hat Enterprise Linux 9
-+# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9
- # variables = var_sshd_set_keepalive=1
- 
- SSHD_CONFIG="/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf"
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/param_conflict_directory.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/param_conflict_directory.fail.sh
-index acbca14d8..287c3763a 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/param_conflict_directory.fail.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/param_conflict_directory.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,Red Hat Enterprise Linux 9
-+# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9
- # variables = var_sshd_set_keepalive=1
- 
- mkdir -p /etc/ssh/sshd_config.d
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh
-index 17f1bd721..49ba4cfa7 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/tests/wrong_value_dot_dir.fail.sh
-@@ -1,5 +1,5 @@
- #!/bin/bash
--# platform = multi_platform_fedora,Red Hat Enterprise Linux 9
-+# platform = multi_platform_fedora,Red Hat Enterprise Linux 9,AlmaLinux 9
- # variables = var_sshd_set_keepalive=1
- 
- SSHD_CONFIG="/etc/ssh/sshd_config.d/00-complianceascode-hardening.conf"
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml
-index a7a2ed3d6..f4ba85ff9 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh
-index 2920273f9..32fba975e 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
- 
- {{{ bash_instantiate_variables("sshd_max_auth_tries_value") }}}
- 
-diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
-index fcdb800c2..77c3e82da 100644
---- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
-+++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel, multi_platform_fedora
-+# platform = multi_platform_rhel,multi_platform_almalinux, multi_platform_fedora
- 
- #!/bin/bash
- SSHD_CONFIG="/etc/ssh/sshd_config"
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh
-index 1d6e73048..03439603e 100644
+index e38b6bf60..4658991c3 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  
  if grep -q "^Ciphers" /etc/ssh/sshd_config; then
  	sed -i "s/^Ciphers.*/Ciphers aes192-ctr,aes128-ctr/" /etc/ssh/sshd_config
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
-index 4319832c0..313cc1c9d 100644
+index 925d9862f..d3146b477 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  source common.sh
  
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
-index 5e7246205..6de325120 100644
+index a2af968bb..34dc5eae4 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  
  source common.sh
  
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
-index dfe21de81..9ec1188e8 100644
+index b99287bd4..49cfc66c0 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_scrambled.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  source common.sh
  
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
-index 63774b1e3..780664422 100644
+index 0dc5ce52d..2e01aa869 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_value.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  source common.sh
  
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
-index a9ddcf7c1..e696c5c82 100644
+index d0fdba3e0..562580591 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/line_not_there.fail.sh
 @@ -1,4 +1,4 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  source common.sh
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
-index 682758a9d..7f2f9144a 100644
+index 46040718a..82010363d 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/no_parameters.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  source common.sh
  
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
-index 4cac68a12..e329787c3 100644
+index 15cf3f7fa..be91dfca7 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/wrong_value.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  source common.sh
  
@@ -4092,13 +3490,13 @@ index b903a7a08..cd6f95db4 100644
  
  {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "wrong_value_expected_to_fail.com", '%s %s') }}}
 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
-index 17ff9f0aa..f2ba6a570 100644
+index e0a7f0ac5..20fbef899 100644
 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
 +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  
  if grep -q "^MACs" /etc/ssh/sshd_config; then
  	sed -i "s/^MACs.*/MACs hmac-sha2-512/" /etc/ssh/sshd_config
@@ -4278,7 +3676,7 @@ index 1cadee2e4..dfd1e3568 100644
    comment="tests the presence of try_cert_auth or require_cert_auth in /etc/pam.d/smartcard-auth"
    id="test_sssd_enable_smartcards_allow_missing_name_smartcard_auth" version="2">
 diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
-index 941d038dc..55b9bf153 100644
+index e729a6822..d1c910235 100644
 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
 +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml
 @@ -10,7 +10,7 @@ description: |-
@@ -4290,7 +3688,7 @@ index 941d038dc..55b9bf153 100644
      Add or update "pam_sss.so" line in auth section of "/etc/pam.d/system-auth" file to include
      "try_cert_auth" or "require_cert_auth" option, like in the following example:
      <pre>
-@@ -60,7 +60,7 @@ ocil: |-
+@@ -58,7 +58,7 @@ ocil: |-
      If configured properly, output should be
      <pre>pam_cert_auth = True</pre>
  
@@ -4299,7 +3697,7 @@ index 941d038dc..55b9bf153 100644
      To verify that smart cards are enabled in PAM files, run the following command:
      <pre>$ sudo grep -e "auth.*pam_sss\.so.*\(allow_missing_name\|try_cert_auth\)" /etc/pam.d/smartcard-auth /etc/pam.d/system-auth</pre>
      If configured properly, output should be
-@@ -75,7 +75,7 @@ fixtext: |-
+@@ -73,7 +73,7 @@ fixtext: |-
  
      pam_cert_auth = True
  
@@ -4417,22 +3815,22 @@ index 43e19d382..6c7a50002 100644
  SSSD_FILE="/etc/sssd/sssd.conf"
  rm -f $SSSD_FILE
 diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
-index efd5408e4..8e7ade7bc 100644
+index 0817b532e..f27acd4e2 100644
 --- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
 +++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
-index e7d5d3916..ed768f876 100644
+index 6a8a81817..2f380920e 100644
 --- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
 +++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  
  {{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}}
  
@@ -4459,7 +3857,7 @@ index 89bba2055..dd224425d 100644
    comment="tests the value of cache_credentials setting in the /etc/sssd/sssd.conf file"
    id="test_sssd_cache_credentials" version="1">
 diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
-index c7a0a5cf8..6acb3b916 100644
+index dfa576a1c..0939f07e9 100644
 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
 +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
 @@ -5,7 +5,7 @@ title: 'Configure SSSD to Expire Offline Credentials'
@@ -4471,7 +3869,7 @@ index c7a0a5cf8..6acb3b916 100644
      Check if SSSD allows cached authentications with the following command:
      <pre>
      $ sudo grep cache_credentials /etc/sssd/sssd.conf
-@@ -55,7 +55,7 @@ references:
+@@ -54,7 +54,7 @@ references:
  ocil_clause: 'it does not exist or is not configured properly'
  
  ocil: |-
@@ -4613,22 +4011,22 @@ index d3da2f113..a90d73d4b 100644
  
  ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
-index 1dea09b2f..cbc23c694 100644
+index 58d38f9a2..4eea80461 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
-index 63ceaaf88..e50ada3e4 100644
+index bfa9ddc92..cd29e3739 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  {{{ bash_instantiate_variables("login_banner_text") }}}
  
@@ -4728,24 +4126,24 @@ index e1abf408e..ea28b1697 100644
  # packages = dconf,gdm
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
-index 428fbd7fa..390b6513d 100644
+index ad3b44290..562d3b354 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,Red Hat Virtualization 4
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Red Hat Virtualization 4
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4
  # reboot = false
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
-index badc79bff..f6c602159 100644
+index 891d516d5..ff2f7b63b 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
-+# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+-# platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_sle,multi_platform_slmicro,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
  
- {{%- if "sle" in product or "ubuntu" in product %}}
+ {{%- if "sle" in product or "slmicro" in product or "ubuntu" in product %}}
  {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
 index 2cd897b71..3580aae19 100644
@@ -4784,7 +4182,7 @@ index 325d5860a..9da59ddad 100644
  if authselect list-features sssd | grep -q with-silent-lastlog; then
      authselect select sssd --force
 diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
-index 3b6df64d6..c60568c1a 100644
+index 003dc0beb..fd02163bd 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -6156,12 +5554,12 @@ index f6b461789..fb6d88e37 100644
  {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}}
  LIBUSER_CONF="/etc/libuser.conf"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
-index 8dedf993c..51c76b11a 100644
+index e0b6d68db..5ec6c69bb 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
@@ -6372,59 +5770,11 @@ index 41eed9737..992dc2304 100644
 +# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
  
  systemctl unmask ctrl-alt-del.target
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
-index a3490a60d..81831631c 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
-@@ -18,7 +18,7 @@
-       create: yes
-       dest: /usr/lib/systemd/system/emergency.service
-       regexp: "^#?ExecStart="
--      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9"] -%}}
-+      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9"] -%}}
-       line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency"
-       {{%- else -%}}
-       line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
-index 2a65ef992..641747e9e 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
-@@ -7,7 +7,7 @@ service_dropin_file="${service_dropin_cfg_dir}/10-oscap.conf"
- service_file="/usr/lib/systemd/system/emergency.service"
- {{% endif %}}
- 
--{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
-+{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
- sulogin="/usr/lib/systemd/systemd-sulogin-shell emergency"
- {{%- else -%}}
- sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
-index 90ef51b2a..742ee525f 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
-@@ -24,7 +24,7 @@
-   </definition>
-   <ind:textfilecontent54_test check="all" check_existence="all_exist"
-     comment="Tests that
--    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
-+    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
-     /usr/lib/systemd/systemd-sulogin-shell
-     {{%- else -%}}
-     /sbin/sulogin
-@@ -36,7 +36,7 @@
-   </ind:textfilecontent54_test>
-   <ind:textfilecontent54_object id="obj_require_emergency_service" version="1">
-     <ind:filepath>/usr/lib/systemd/system/emergency.service</ind:filepath>
--    {{%- if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}}
-+    {{%- if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
-     <ind:pattern operation="pattern match">^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency</ind:pattern>
-     {{%- else -%}}
-     <ind:pattern operation="pattern match">^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"</ind:pattern>
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
-index 102fa944f..e4fce479f 100644
+index 1517b25f8..fd2c49137 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
-@@ -51,7 +51,7 @@ ocil: |-
+@@ -50,7 +50,7 @@ ocil: |-
      To check if authentication is required for emergency mode, run the following command:
      <pre>$ grep sulogin /usr/lib/systemd/system/emergency.service</pre>
      The output should be similar to the following, and the line must begin with
@@ -6433,12 +5783,12 @@ index 102fa944f..e4fce479f 100644
          ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
          <pre>ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency</pre>
      {{%- else -%}}
-@@ -79,7 +79,7 @@ fixtext: |-
+@@ -78,7 +78,7 @@ fixtext: |-
      Configure {{{ full_name }}} to require authentication for system emergency mode.
  
      Add or edit the following line in "/usr/lib/systemd/system/emergency.service":
--    {{% if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}}
-+    {{% if product in ["fedora", "ol8", "ol9", "openeuler2203", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
+-    {{% if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "rhel8", "rhel9", "sle12", "sle15"] -%}}
++    {{% if product in ["fedora", "ol8", "ol9", "kylinserver10", "openeuler2203", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
      ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
      {{%- else -%}}
      ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
@@ -6453,6 +5803,17 @@ index bce932b72..dda999a74 100644
  
  service_file="/usr/lib/systemd/system/emergency.service"
  sulogin="/usr/lib/systemd/systemd-sulogin-shell"
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
+index 73d2f3ad0..d5c7db6ab 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value_dropin.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ rm -f /etc/systemd/system/emergency.service
+ mkdir -p /etc/systemd/system/emergency.service.d/
+ cat << EOF > /etc/systemd/system/emergency.service.d/10-automatus.conf
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
 index d9fdc678f..a4f6ea6a9 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
@@ -6464,74 +5825,39 @@ index d9fdc678f..a4f6ea6a9 100644
  
  service_file="/usr/lib/systemd/system/emergency.service"
  sulogin="/bin/bash"
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
-index 94e34a0f8..9e3baf87b 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
-@@ -9,7 +9,7 @@
-       create: yes
-       dest: /usr/lib/systemd/system/rescue.service
-       regexp: "^#?ExecStart="
--      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
-+      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
-       line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue"
-       {{%- else -%}}
-       line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
-index 62fd1a76a..d4074b6b5 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
-@@ -14,7 +14,7 @@
-   </definition>
-   <ind:textfilecontent54_test check="all" check_existence="all_exist"
-     comment="Tests that
--    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
-+    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhcos4", "sle12", "sle15"] -%}}
-     /usr/lib/systemd/systemd-sulogin-shell
-     {{%- else -%}}
-     /sbin/sulogin
-@@ -26,7 +26,7 @@
-   </ind:textfilecontent54_test>
-   <ind:textfilecontent54_object id="obj_require_rescue_service" version="1">
-     <ind:filepath>/usr/lib/systemd/system/rescue.service</ind:filepath>
--    {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
-+    {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhcos4", "sle12", "sle15"] -%}}
-     <ind:pattern operation="pattern match">^ExecStart=\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue</ind:pattern>
-     {{%- else -%}}
-     <ind:pattern operation="pattern match">^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"</ind:pattern>
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
-index ac4b5a733..734832048 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
-@@ -54,7 +54,7 @@ ocil: |-
-     To check if authentication is required for single-user mode, run the following command:
-     <pre>$ grep sulogin /usr/lib/systemd/system/rescue.service</pre>
-     The output should be similar to the following, and the line must begin with
--    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4"] -%}}
-+    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhcos4"] -%}}
-         ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
-         <pre>ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue</pre>
-     {{%- else -%}}
-@@ -84,7 +84,7 @@ fixtext: |-
-     Configure {{{ full_name }}} to require authentication in single user mode.
- 
-     Add or update the following line in "/usr/lib/systemd/system/rescue.service":
--    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
-+    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
-     ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
-     {{%- else -%}}
-     ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
-index fd13fbd1c..ce2a1a9dc 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
+index 4545cf49f..520cd2af5 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value_dropin.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
-+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
- 
- service_file="/usr/lib/systemd/system/rescue.service"
- sulogin="/usr/lib/systemd/systemd-sulogin-shell"
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ rm -f /etc/systemd/system/emergency.service
+ mkdir -p /etc/systemd/system/emergency.service.d/
+ cat << EOF > /etc/systemd/system/emergency.service.d/10-oscap.conf
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
+index 3cf97a457..7f9b4043f 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_dropin.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ rm -rf /etc/systemd/system/rescue.service.d
+ mkdir -p /etc/systemd/system/rescue.service.d
+ cat << EOF > /etc/systemd/system/rescue.service.d/10-automatus.conf
+diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
+index 0bb3ce9ff..d9865e063 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_dropin.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ rm -rf /etc/systemd/system/rescue.service.d
+ mkdir -p /etc/systemd/system/rescue.service.d
+ cat << EOF > /etc/systemd/system/rescue.service.d/10-automatus.conf
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
 index 63b9b08b5..15abe6cec 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
@@ -6650,12 +5976,12 @@ index 1a9d35f69..9a5753d98 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
-index 18231e23a..c986f5c73 100644
+index 08b89bf8f..cea27ab4d 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_sle,multi_platform_rhel
-+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_rhel
++# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_rhel,multi_platform_almalinux
  # reboot = false
  # strategy = restrict
  # complexity = low
@@ -6693,22 +6019,22 @@ index c0cc3c94f..6db041b04 100644
  
  if [ ! -f /etc/pam_pkcs11/pam_pkcs11.conf ]; then
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
-index 74598bc7e..680caf4ba 100644
+index 84f13bfea..709b9e923 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
-index f299285d4..52e841b61 100644
+index 77aa71dd9..b3bfff528 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
  
  {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}}
  
@@ -6724,22 +6050,22 @@ index aa147fdce..bb8288f5b 100644
  
  var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$"
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
-index 1e571bcbf..7901ceae0 100644
+index c4c2f7ba0..e03ccee7a 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
-index 0c81c0ee5..29f31c654 100644
+index 6e22e90d7..bfd7508ad 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
@@ -6764,22 +6090,22 @@ index dcc5de3f1..268aafbab 100644
  {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}}
  {{{ bash_replace_or_append('/etc/login.defs', '^PASS_MIN_LEN', "$var_accounts_password_minlen_login_defs", '%s %s') }}}
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
-index dc843c19c..1290f8d43 100644
+index 18974ea6c..d72de8a97 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ol
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ol
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
-index 8ff7cba19..14ece5d17 100644
+index 7d6bc11f9..0a8561b81 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = false
  # strategy = restrict
  # complexity = low
@@ -7008,12 +6334,12 @@ index 117a42585..b41d01a89 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
-index 9878acd1a..65218e2fe 100644
+index 889998309..05177f1a1 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = false
  # strategy = configure
  # complexity = low
@@ -7176,27 +6502,27 @@ index 305f8fea8..e9470bfa1 100644
  {{{ bash_instantiate_variables("var_accounts_fail_delay") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
-index 536ac2956..d1bff5ffa 100644
+index 88758d295..f0c54f4c3 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
-index 0005b2ccb..0329d6cdf 100644
+index 3415b164a..97ac5e4d9 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
  
  {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}}
  
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
-index 3f080376a..6295c853e 100644
+index d3798de62..19761e09d 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -7206,7 +6532,7 @@ index 3f080376a..6295c853e 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
-index 9ca521640..5c961399e 100644
+index da628bc5e..90f23cb90 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -7394,7 +6720,7 @@ index 0d90d58db..de4f6c4c6 100644
  # Correct BLS option using grubby, which is a thin wrapper around BLS operations
  grubby --update-kernel=ALL --remove-args="systemd.debug-shell"
 diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
-index 773f88904..6060189e7 100644
+index 8fa32223f..89e411a7f 100644
 --- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
 +++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -7501,15 +6827,15 @@ index 892523fc4..9fbba1ccb 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
-index c7df0824a..d6ea64596 100644
+index 19a4028a0..b73cc246d 100644
 --- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
 +++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/oval/shared.xml
 @@ -11,7 +11,7 @@
        test_ref="test_logrotate_conf_no_other_keyword" />
        <criteria comment="Check if either logrotate timer or cron job is enabled" operator="OR">
          <criterion comment="Check if /etc/cron.daily/logrotate file exists (and calls logrotate)" test_ref="test_cron_daily_logrotate_existence" />
--{{% if product in ["rhcos4", "rhel9", "sle12", "sle15"] %}}
-+{{% if product in ["rhcos4", "rhel9", "almalinux9", "sle12", "sle15"] %}}
+-{{% if product in ["rhcos4", "rhel9", "sle12", "sle15","ol9"] %}}
++{{% if product in ["rhcos4", "rhel9", "almalinux9", "sle12", "sle15","ol9"] %}}
          <extend_definition comment="Check if logrotate timer is being enabled" definition_ref="timer_logrotate_enabled" />
  {{% endif %}}
        </criteria>
@@ -7912,22 +7238,22 @@ index 469db24e9..671a4d019 100644
  source common.sh
  
 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
-index dcb2b99b7..8dbb02940 100644
+index 33caa81c9..df5b4eacb 100644
 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
 +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_rhel
++# platform = multi_platform_sle,multi_platform_slmicro,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
-index 91b3495c9..7f3876c49 100644
+index e488cceeb..f36b06f69 100644
 --- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
 +++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  df --local -P | awk '{if (NR!=1) print $6}' \
  | xargs -I '$6' find '$6' -xdev -type d \
  \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
@@ -7992,42 +7318,42 @@ index ebaf9b766..858020d51 100644
  for dirPath in $DIRS; do
  	mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
-index 8f479451b..21a923e63 100644
+index 8e9fc7b8b..7ce862d34 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_fedora
-+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = medium
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
-index b9bbe4dbe..2652ea041 100644
+index 8ecb16700..bad3166e1 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
-+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
  do
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
-index 04178f485..ce116710e 100644
+index bfa87de9e..8e2e64479 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = medium
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
-index 5471f360f..1a2c2a9fa 100644
+index c01f262cb..2f899a4ae 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
  find /bin/ \
  /usr/bin/ \
  /usr/local/bin/ \
@@ -8072,22 +7398,22 @@ index 3382568ce..b4f4bd0a0 100644
  useradd user_test
  
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
-index aeaa1f058..b69b5cd7a 100644
+index ab6d35c79..f37c06f86 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = medium
 diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
-index ab89b277a..f4a7c33a9 100644
+index 6eef84def..984fb7f55 100644
 --- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
 +++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec"
  for dirPath in $DIRS; do
  	find "$dirPath" -perm /022 -exec chmod go-w '{}' \;
@@ -8264,15 +7590,15 @@ index 88c683445..fa9b2020d 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
-index 63c3b0957..558628619 100644
+index b555eca8f..58c0e6e86 100644
 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
 @@ -12,7 +12,7 @@ rationale: |-
  
  severity: medium
  
--{{% if product in ["rhel9"] %}}
-+{{% if product in ["rhel9", "almalinux9"] %}}
+-{{% if product in ["rhel9", "rhel10"] %}}
++{{% if product in ["rhel9", "almalinux9", "rhel10"] %}}
  conflicts:
      - sysctl_kernel_core_pattern_empty_string
  {{% endif %}}
@@ -8752,7 +8078,7 @@ index c7617bc43..7de8de33c 100644
      <br /><br />
      For more information on GNOME and the GNOME Project, see <b>{{{ weblink(link="https://www.gnome.org") }}}</b>.
 diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
-index d4f698215..2e9f1e178 100644
+index e0b7e6db5..68e529e12 100644
 --- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
 +++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
 @@ -4,6 +4,7 @@
@@ -9278,10 +8604,10 @@ index b92e82236..138d2c997 100644
  fips-mode-setup --enable
  FIPS_CONF="/etc/dracut.conf.d/40-fips.conf"
 diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-index 3b50e0706..fe102e2f5 100644
+index 267fc6b0d..7f0c1cb9a 100644
 --- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
 +++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/oval/shared.xml
-@@ -68,7 +68,7 @@
+@@ -70,7 +70,7 @@
    <ind:variable_state id="ste_system_crypto_policy_value" version="2"
      comment="variable value is set to 'FIPS' or 'FIPS:modifier', where the modifier corresponds
  to a crypto policy module that further restricts the modified crypto policy.">
@@ -9291,32 +8617,32 @@ index 3b50e0706..fe102e2f5 100644
    {{%- else %}}
    {{# Legacy and more relaxed list of crypto policies that were historically considered
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
-index 04e69228b..9072c4023 100644
+index b320fccb5..5e1c5b637 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro
++# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro
  
- {{% if 'sle' in product %}}
+ {{% if 'sle' in product or 'slmicro' in produc %}}
  zypper -q --no-remote ref
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
-index 4109e8d44..65a693e23 100644
+index c78b92690..39bab2902 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
-+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
-index ea2a1113b..fbc6b9b8a 100644
+index eb25eaa3a..1c4e85445 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle
-+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle
+-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = false
  # strategy = restrict
  # complexity = low
@@ -9384,6 +8710,54 @@ index 34a114520..b22a658da 100644
  
  {{{ bash_package_install("aide") }}}
  
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
+index 345dd0d85..3881ea90b 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = aide
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ 
+ cat >/etc/aide.conf <<EOL
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
+index ffe2b672b..daed42215 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/tests/wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = aide
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ 
+ cat >/etc/aide.conf <<EOL
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
+index 345dd0d85..3881ea90b 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/correct_value.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = aide
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ 
+ cat >/etc/aide.conf <<EOL
+diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
+index 1ab6b7b23..3633030e5 100644
+--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
++++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/tests/wrong_value.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = aide
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+ 
+ 
+ cat >/etc/aide.conf <<EOL
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml
 index 9e5172cc5..88a2fa5de 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_hashes/ansible/shared.yml
@@ -9415,7 +8789,7 @@ index a40f350d4..b1c682604 100644
  # Find which files have incorrect hash (not in /etc, because of the system related config files) and then get files names
  files_with_incorrect_hash="$(rpm -Va --noconfig | grep -E '^..5' | awk '{print $NF}' )"
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml
-index 5c39628ff..9aa639575 100644
+index f2f7f9b64..70363f637 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -9425,7 +8799,7 @@ index 5c39628ff..9aa639575 100644
  # strategy = restrict
  # complexity = high
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh
-index 329a00f56..d3cce1c0c 100644
+index 815226948..dacfcd998 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_ownership/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -9435,7 +8809,7 @@ index 329a00f56..d3cce1c0c 100644
  # strategy = restrict
  # complexity = high
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
-index 0bd8e7e8a..25b5bd333 100644
+index 7a31fc54f..726667da5 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
 +++ b/linux_os/guide/system/software/integrity/software-integrity/rpm_verification/rpm_verify_permissions/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -9520,107 +8894,107 @@ index 0e5aed5d0..c75edccd5 100644
  
  # Make sure sudo is owned by root group
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
-index a258d108a..904d4adb0 100644
+index 4cf3ce661..296d0b930 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.pass.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  echo 'Defaults !targetpw' >> /etc/sudoers
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
-index cdd8174d2..ab7afd6a4 100644
+index ee448e531..13b381ede 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  touch /etc/sudoers.d/empty
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
-index 093f9dd80..0cd6dbf48 100644
+index ef3750b2f..ccef4017d 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  echo 'Defaults !targetpw' >> /etc/sudoers
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
-index 3372c20b7..6c9e6fc44 100644
+index ebbcef34d..0e3a3d43a 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_conflicting_values.fail.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  echo 'Defaults !targetpw' >> /etc/sudoers
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
-index ef0abd449..9606a913c 100644
+index 3794bb647..e8d9bbaa6 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
 @@ -1,4 +1,4 @@
--# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_slmicro
++# platform = SUSE Linux Enterprise 15,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_slmicro
  # packages = sudo
  
  echo 'Defaults !targetpw' >> /etc/sudoers
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
-index 6247b5230..bd82dc53d 100644
+index 81b218e1a..b8114e674 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.pass.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  echo 'Defaults !targetpw' >> /etc/sudoers
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
-index 071e3a0ab..b6779c1c5 100644
+index 60354bba5..aebe5505f 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_multiple_files.pass.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  echo 'Defaults !targetpw' >> /etc/sudoers
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
-index 273fb4529..b15cdc1da 100644
+index c8e38ccd0..7955c2d54 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  touch /etc/sudoers.d/empty
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
-index d477b5972..569a80382 100644
+index 4454ed38e..97a9346e2 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  touch /etc/sudoers.d/empty
 diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
-index a4c5bde62..42fb94bf8 100644
+index 1de6b3bbb..06eadc9e9 100644
 --- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
 +++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15,multi_platform_slmicro
  # packages = sudo
  
  touch /etc/sudoers.d/empty
 diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
-index a0385cb00..2271b97a2 100644
+index 230a064b6..3be027b0d 100644
 --- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
 +++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
 @@ -13,7 +13,7 @@ rationale: |-
@@ -9633,24 +9007,24 @@ index a0385cb00..2271b97a2 100644
      to interact with repositories and subscriptions
      from the Red Hat entitlement platform - the subscription-manager and
 diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
-index 71b66ebab..f51a5fa0a 100644
+index e25b2e615..5ef42594e 100644
 --- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
 +++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
-index 34127fd17..e30b09600 100644
+index 742c2e452..c7fdd0009 100644
 --- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
 +++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
  
- {{% if 'sle' in product %}}
+ {{% if 'sle' in product or 'slmicro' in product %}}
  {{{ bash_replace_or_append('/etc/zypp/zypp.conf', '^solver.upgradeRemoveDroppedPackages', 'true', '%s=%s') }}}
 diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/tests/yum_commented.fail.sh
 index 4cba82b3c..1d8495018 100644
@@ -9881,12 +9255,12 @@ index 000000000..bc0ba8d22
 +    The command should return the string below:
 +    <pre>gpg(AlmaLinux &lt;packager@almalinux.org&gt;</pre>
 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
-index 2bf91c8ca..b5f520737 100644
+index 4366d9faa..4a3043290 100644
 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
 +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
 @@ -1,3 +1,3 @@
--# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro
  
  {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
@@ -9930,7 +9304,7 @@ index 04ff6e577..b97d75469 100644
  
  sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
 diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
-index cbd37bfad..9ec07e5cf 100644
+index e77380808..829e5f9f0 100644
 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
 +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
 @@ -16,6 +16,11 @@ description: |-
@@ -9942,7 +9316,7 @@ index cbd37bfad..9ec07e5cf 100644
 +    <pre>$ sudo yum update</pre>
 +    If the system is not configured to use repos, updates (in the form of RPM packages)
 +    can be manually downloaded from the repos and installed using <tt>rpm</tt>.
- {{% elif product in ["sle12", "sle15"] %}}
+ {{% elif product in ["sle12", "sle15", "slmicro5"] %}}
      If the system is configured for online updates, invoking the following command will list available
      security updates:
 diff --git a/products/almalinux9/CMakeLists.txt b/products/almalinux9/CMakeLists.txt
@@ -12908,10 +12282,10 @@ index 000000000..e2c08883c
 +journald_conf_dir_path: /etc/systemd/journald.conf.d
 diff --git a/products/almalinux9/profiles/anssi_bp28_enhanced.profile b/products/almalinux9/profiles/anssi_bp28_enhanced.profile
 new file mode 100644
-index 000000000..a24723e8d
+index 000000000..f6af70d65
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_enhanced.profile
-@@ -0,0 +1,62 @@
+@@ -0,0 +1,63 @@
 +documentation_complete: true
 +
 +metadata:
@@ -12961,6 +12335,7 @@ index 000000000..a24723e8d
 +    - '!cracklib_accounts_password_pam_minlen'
 +    - '!cracklib_accounts_password_pam_dcredit'
 +    - '!ensure_oracle_gpgkey_installed'
++    - '!package_kea_removed'
 +    # RHEL9 unified the paths for grub2 files. These rules are selected in control file by R29.
 +    - '!file_groupowner_efi_grub2_cfg'
 +    - '!file_owner_efi_grub2_cfg'
@@ -12976,10 +12351,10 @@ index 000000000..a24723e8d
 +    - '!package_pam_apparmor_installed'
 diff --git a/products/almalinux9/profiles/anssi_bp28_high.profile b/products/almalinux9/profiles/anssi_bp28_high.profile
 new file mode 100644
-index 000000000..228289214
+index 000000000..fd425188d
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_high.profile
-@@ -0,0 +1,58 @@
+@@ -0,0 +1,59 @@
 +documentation_complete: true
 +
 +metadata:
@@ -13032,6 +12407,7 @@ index 000000000..228289214
 +    - '!cracklib_accounts_password_pam_minlen'
 +    - '!cracklib_accounts_password_pam_dcredit'
 +    - '!ensure_oracle_gpgkey_installed'
++    - '!package_kea_removed'
 +    # disable R45: Enable AppArmor security profiles
 +    - '!apparmor_configured'
 +    - '!all_apparmor_profiles_enforced'
@@ -13040,10 +12416,10 @@ index 000000000..228289214
 +    - '!package_pam_apparmor_installed'
 diff --git a/products/almalinux9/profiles/anssi_bp28_intermediary.profile b/products/almalinux9/profiles/anssi_bp28_intermediary.profile
 new file mode 100644
-index 000000000..3444fb828
+index 000000000..0f250fda3
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_intermediary.profile
-@@ -0,0 +1,42 @@
+@@ -0,0 +1,43 @@
 +documentation_complete: true
 +
 +metadata:
@@ -13086,12 +12462,13 @@ index 000000000..3444fb828
 +  - '!sudo_add_ignore_dot'
 +  - '!sudo_add_env_reset'
 +  - '!ensure_oracle_gpgkey_installed'
++  - '!package_kea_removed'
 diff --git a/products/almalinux9/profiles/anssi_bp28_minimal.profile b/products/almalinux9/profiles/anssi_bp28_minimal.profile
 new file mode 100644
-index 000000000..9d739a5c0
+index 000000000..da8084569
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_minimal.profile
-@@ -0,0 +1,35 @@
+@@ -0,0 +1,36 @@
 +documentation_complete: true
 +
 +metadata:
@@ -13127,6 +12504,7 @@ index 000000000..9d739a5c0
 +  - '!cracklib_accounts_password_pam_ocredit'
 +  - '!accounts_passwords_pam_tally2_unlock_time'
 +  - '!ensure_oracle_gpgkey_installed'
++  - '!package_kea_removed'
 diff --git a/products/almalinux9/profiles/ccn_advanced.profile b/products/almalinux9/profiles/ccn_advanced.profile
 new file mode 100644
 index 000000000..0563e5c0c
@@ -13375,10 +12753,10 @@ index 000000000..686ee2c43
 +    - var_system_crypto_policy=fips
 diff --git a/products/almalinux9/profiles/default.profile b/products/almalinux9/profiles/default.profile
 new file mode 100644
-index 000000000..d1f6c1c9c
+index 000000000..901e337ab
 --- /dev/null
 +++ b/products/almalinux9/profiles/default.profile
-@@ -0,0 +1,561 @@
+@@ -0,0 +1,573 @@
 +documentation_complete: true
 +
 +hidden: true
@@ -13940,6 +13318,18 @@ index 000000000..d1f6c1c9c
 +    - set_nftables_table
 +    - sshd_use_approved_ciphers
 +    - configure_bashrc_exec_tmux
++    - agent_mfetpd_running
++    - package_mcafeetp_installed
++    - configure_bashrc_tmux
++    - configure_tmux_lock_after_time
++    - configure_tmux_lock_command
++    - configure_tmux_lock_keybinding
++    - mount_option_krb_sec_remote_filesystems
++    - no_tmux_in_shells
++    - package_tmux_installed
++    - set_password_hashing_min_rounds_logindefs
++    - sshd_use_priv_separation
++    - tftpd_uses_secure_mode
 diff --git a/products/almalinux9/profiles/e8.profile b/products/almalinux9/profiles/e8.profile
 new file mode 100644
 index 000000000..b8e703fcc
@@ -14264,7 +13654,7 @@ index 000000000..7fd934311
 +    - audit_rules_usergroup_modification_shadow
 diff --git a/products/almalinux9/profiles/ism_o.profile b/products/almalinux9/profiles/ism_o.profile
 new file mode 100644
-index 000000000..8c86a5552
+index 000000000..eace750ae
 --- /dev/null
 +++ b/products/almalinux9/profiles/ism_o.profile
 @@ -0,0 +1,138 @@
@@ -14371,7 +13761,7 @@ index 000000000..8c86a5552
 +
 +  ## Events to be logged
 +  ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957
-+  - display_login_attempts
++  - sshd_print_last_log
 +  - sebool_auditadm_exec_content
 +  - audit_rules_privileged_commands
 +  - audit_rules_session_events
@@ -14757,22 +14147,22 @@ index 000000000..87ab9d31b
 +    - zipl_systemd_debug-shell_argument_absent
 diff --git a/products/almalinux9/profiles/pci-dss.profile b/products/almalinux9/profiles/pci-dss.profile
 new file mode 100644
-index 000000000..7b7940245
+index 000000000..63e40ce0b
 --- /dev/null
 +++ b/products/almalinux9/profiles/pci-dss.profile
 @@ -0,0 +1,70 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: '4.0'
++    version: '4.0.1'
 +    SMEs:
 +        - marcusburghardt
 +        - mab879
 +        - vojtapolasek
 +
-+reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0.pdf
++reference: https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard/PCI-DSS-v4_0_1.pdf
 +
-+title: 'PCI-DSS v4.0 Control Baseline for Red Hat Enterprise Linux 9'
++title: 'PCI-DSS v4.0.1 Control Baseline for Red Hat Enterprise Linux 9'
 +
 +description: |-
 +    Payment Card Industry - Data Security Standard (PCI-DSS) is a set of
@@ -14781,7 +14171,7 @@ index 000000000..7b7940245
 +    financial information.
 +
 +    This profile ensures Red Hat Enterprise Linux 9 is configured in alignment
-+    with PCI-DSS v4.0 requirements.
++    with PCI-DSS v4.0.1 requirements.
 +
 +selections:
 +    - pcidss_4:all
@@ -14833,14 +14223,14 @@ index 000000000..7b7940245
 +    - '!service_timesyncd_enabled'
 diff --git a/products/almalinux9/profiles/stig.profile b/products/almalinux9/profiles/stig.profile
 new file mode 100644
-index 000000000..252a98c5f
+index 000000000..1ab6b2a63
 --- /dev/null
 +++ b/products/almalinux9/profiles/stig.profile
 @@ -0,0 +1,30 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: V1R3
++    version: V2R2
 +    SMEs:
 +        - mab879
 +        - ggbecker
@@ -14851,7 +14241,7 @@ index 000000000..252a98c5f
 +
 +description: |-
 +    This profile contains configuration checks that align to the
-+    DISA STIG for Red Hat Enterprise Linux 9 V1R3.
++    DISA STIG for Red Hat Enterprise Linux 9 V2R2.
 +
 +    In addition to being applicable to Red Hat Enterprise Linux 9, DISA recognizes this
 +    configuration baseline as applicable to the operating system tier of
@@ -14869,14 +14259,14 @@ index 000000000..252a98c5f
 +  - '!audit_rules_immutable_login_uids'
 diff --git a/products/almalinux9/profiles/stig_gui.profile b/products/almalinux9/profiles/stig_gui.profile
 new file mode 100644
-index 000000000..095b16dc1
+index 000000000..507cd07cb
 --- /dev/null
 +++ b/products/almalinux9/profiles/stig_gui.profile
 @@ -0,0 +1,51 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: V1R3
++    version: V2R2
 +    SMEs:
 +        - mab879
 +        - ggbecker
@@ -14887,7 +14277,7 @@ index 000000000..095b16dc1
 +
 +description: |-
 +    This profile contains configuration checks that align to the
-+    DISA STIG for Red Hat Enterprise Linux 9 V1R3.
++    DISA STIG for Red Hat Enterprise Linux 9 V2R2.
 +
 +
 +    In addition to being applicable to Red Hat Enterprise Linux 9, DISA recognizes this
@@ -15041,10 +14431,10 @@ index 000000000..168031ef5
 +
 +</def-group>
 diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
-index 14a64dbbd..21d46b509 100644
+index 19129cc69..683721b2b 100644
 --- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
 +++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
-@@ -14,6 +14,7 @@
+@@ -15,6 +15,7 @@
  	<platform>multi_platform_ol</platform>
  	<platform>multi_platform_rhcos</platform>
  	<platform>multi_platform_rhel</platform>
@@ -15052,36 +14442,36 @@ index 14a64dbbd..21d46b509 100644
  	<platform>multi_platform_rhv</platform>
  	<platform>multi_platform_sle</platform>
      <platform>multi_platform_slmicro5</platform>
-diff --git a/shared/references/disa-stig-almalinux9-v1r1-xccdf-scap.xml b/shared/references/disa-stig-almalinux9-v1r1-xccdf-scap.xml
+diff --git a/shared/references/disa-stig-almalinux9-v2r1-xccdf-scap.xml b/shared/references/disa-stig-almalinux9-v2r1-xccdf-scap.xml
 new file mode 120000
-index 000000000..6f97d155d
+index 000000000..50d6aa2ae
 --- /dev/null
-+++ b/shared/references/disa-stig-almalinux9-v1r1-xccdf-scap.xml
++++ b/shared/references/disa-stig-almalinux9-v2r1-xccdf-scap.xml
 @@ -0,0 +1 @@
-+disa-stig-rhel9-v1r1-xccdf-scap.xml
++disa-stig-rhel9-v2r1-xccdf-scap.xml
 \ No newline at end of file
-diff --git a/shared/references/disa-stig-almalinux9-v1r3-xccdf-manual.xml b/shared/references/disa-stig-almalinux9-v1r3-xccdf-manual.xml
+diff --git a/shared/references/disa-stig-almalinux9-v2r2-xccdf-manual.xml b/shared/references/disa-stig-almalinux9-v2r2-xccdf-manual.xml
 new file mode 120000
-index 000000000..bf80a7731
+index 000000000..c75dee24b
 --- /dev/null
-+++ b/shared/references/disa-stig-almalinux9-v1r3-xccdf-manual.xml
++++ b/shared/references/disa-stig-almalinux9-v2r2-xccdf-manual.xml
 @@ -0,0 +1 @@
-+disa-stig-rhel9-v1r3-xccdf-manual.xml
++disa-stig-rhel9-v2r2-xccdf-manual.xml
 \ No newline at end of file
-diff --git a/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml b/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml
-index 1d087be21..306818938 100644
---- a/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml
-+++ b/shared/references/disa-stig-ol7-v2r14-xccdf-manual.xml
-@@ -934,7 +934,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
+diff --git a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml b/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
+index e83699662..1efabcf62 100644
+--- a/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol7-v3r1-xccdf-manual.xml
+@@ -917,7 +917,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
  $ sudo grep -iw grub2_password /boot/grub2/user.cfg
  GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
  
--If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221702"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221702r744074_rule" weight="10.0" severity="high"><version>OL07-00-010491</version><title>Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99143</ident><ident system="http://cyber.mil/legacy">SV-108247</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-23406r744073_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
-+If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221702"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221702r744074_rule" weight="10.0" severity="high"><version>OL07-00-010491</version><title>Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99143</ident><ident system="http://cyber.mil/legacy">SV-108247</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-23406r744073_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221702"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221702r958472_rule" weight="10.0" severity="high"><version>OL07-00-010491</version><title>Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99143</ident><ident system="http://cyber.mil/legacy">SV-108247</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-23406r744073_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221702"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221702r958472_rule" weight="10.0" severity="high"><version>OL07-00-010491</version><title>Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">V-99143</ident><ident system="http://cyber.mil/legacy">SV-108247</ident><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-23406r744073_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
  
  Generate an encrypted grub2 password for the grub superusers account with the following command:
  
-@@ -946,7 +946,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not
+@@ -929,7 +929,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not
  
  Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
  
@@ -15089,8 +14479,8 @@ index 1d087be21..306818938 100644
 +$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
  GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
  
- If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221703"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221703r818811_rule" weight="10.0" severity="medium"><version>OL07-00-010500</version><title>The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.</title><description>&lt;VulnDiscussion&gt;To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
-@@ -1838,7 +1838,7 @@ On BIOS-based machines, use the following command:
+ If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.</check-content></check></Rule></Group><Group id="V-221703"><title>SRG-OS-000104-GPOS-00051</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221703r1015186_rule" weight="10.0" severity="medium"><version>OL07-00-010500</version><title>The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.</title><description>&lt;VulnDiscussion&gt;To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
+@@ -1809,7 +1809,7 @@ On BIOS-based machines, use the following command:
  
  On UEFI-based machines, use the following command:
  
@@ -15099,7 +14489,7 @@ index 1d087be21..306818938 100644
  
  If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
  
-@@ -1869,7 +1869,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
+@@ -1840,7 +1840,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
  
  If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
  
@@ -15108,9 +14498,9 @@ index 1d087be21..306818938 100644
  
  # grep fips /boot/grub2/grub.cfg
  /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
-@@ -1941,23 +1941,23 @@ An example rule that includes the "sha512" rule follows:
+@@ -1912,23 +1912,23 @@ An example rule that includes the "sha512" rule follows:
  
- If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.</check-content></check></Rule></Group><Group id="V-221762"><title>SRG-OS-000364-GPOS-00151</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221762r928542_rule" weight="10.0" severity="medium"><version>OL07-00-021700</version><title>The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.</title><description>&lt;VulnDiscussion&gt;Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-108367</ident><ident system="http://cyber.mil/legacy">V-99263</ident><ident system="http://cyber.mil/cci">CCI-001813</ident><fixtext fixref="F-23466r419359_fix">Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.</fixtext><fix id="F-23466r419359_fix" /><check system="C-23477r928541_chk"><check-content-ref href="Oracle_Linux_7_STIG.xml" name="M" /><check-content>Verify the system is not configured to use a boot loader on removable media.
+ If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.</check-content></check></Rule></Group><Group id="V-221762"><title>SRG-OS-000364-GPOS-00151</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-221762r958796_rule" weight="10.0" severity="medium"><version>OL07-00-021700</version><title>The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.</title><description>&lt;VulnDiscussion&gt;Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Oracle Linux 7</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Oracle Linux 7</dc:subject><dc:identifier>4089</dc:identifier></reference><ident system="http://cyber.mil/legacy">SV-108367</ident><ident system="http://cyber.mil/legacy">V-99263</ident><ident system="http://cyber.mil/cci">CCI-001813</ident><fixtext fixref="F-23466r419359_fix">Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.</fixtext><fix id="F-23466r419359_fix" /><check system="C-23477r928541_chk"><check-content-ref href="Oracle_Linux_7_STIG.xml" name="M" /><check-content>Verify the system is not configured to use a boot loader on removable media.
  
 -Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
 +Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
@@ -15137,7 +14527,7 @@ index 1d087be21..306818938 100644
       set root='hd0,gpt2'
       set root='hd0,gpt2'
       set root='hd0,gpt2'
-@@ -4481,12 +4481,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
+@@ -4453,12 +4453,12 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
  
  Generate a new grub.cfg file with the following command:
  
@@ -15152,10 +14542,10 @@ index 1d087be21..306818938 100644
  set superusers="[someuniquestringhere]"
  export superusers
  
-diff --git a/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml
-index eb33a0297..deb9b8ec3 100644
---- a/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml
-+++ b/shared/references/disa-stig-ol8-v2r1-xccdf-manual.xml
+diff --git a/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml b/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml
+index e159256ef..4939cfe13 100644
+--- a/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml
++++ b/shared/references/disa-stig-ol8-v2r2-xccdf-manual.xml
 @@ -425,7 +425,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</fixtext><fix id="F-51923r818600_fix" /><check system=
  
  If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
@@ -15188,11 +14578,47 @@ index eb33a0297..deb9b8ec3 100644
  set superusers="[someuniqueUserNamehere]"
  export superusers
  
-diff --git a/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml
-index 2bb4af3b9..3b4e256f4 100644
---- a/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml
-@@ -2584,7 +2584,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</xccdf:fixtext>
+diff --git a/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml
+index 662cf8848..6dc6f2517 100644
+--- a/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml
++++ b/shared/references/disa-stig-rhel8-v2r1-xccdf-manual.xml
+@@ -374,7 +374,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</fixtext><fix id="F-32877r809272_fix" /><check system=
+ 
+ If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
+ 
+-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-230234"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230234r1017053_rule" weight="10.0" severity="high"><version>RHEL-08-010140</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-230234"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230234r1017053_rule" weight="10.0" severity="high"><version>RHEL-08-010140</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
+ 
+ Generate an encrypted grub2 password for the grub superusers account with the following command:
+ 
+@@ -384,7 +384,7 @@ Confirm password:</fixtext><fix id="F-32878r743921_fix" /><check system="C-32903
+ 
+ Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
+ 
+-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
++$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
+ 
+ GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
+ 
+@@ -6372,11 +6372,11 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
+ 
+ Generate a new grub.cfg file with the following command:
+ 
+-$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
++$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
+ 
+ Verify that a unique name is set as the "superusers" account:
+ 
+-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
++$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
+ set superusers="[someuniquestringhere]"
+ export superusers
+ 
+diff --git a/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml
+index 4b581f4a0..987e46615 100644
+--- a/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel8-v2r1-xccdf-scap.xml
+@@ -2548,7 +2548,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</xccdf:fixtext>
              <dc:identifier>2921</dc:identifier>
            </xccdf:reference>
            <xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
@@ -15201,7 +14627,7 @@ index 2bb4af3b9..3b4e256f4 100644
  
  Generate an encrypted grub2 password for the grub superusers account with the following command:
  
-@@ -10400,11 +10400,11 @@ Passwords need to be protected at all times, and encryption is the standard meth
+@@ -10262,11 +10262,11 @@ Passwords need to be protected at all times, and encryption is the standard meth
              </affected>
              <description>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</description>
            </metadata>
@@ -15217,7 +14643,7 @@ index 2bb4af3b9..3b4e256f4 100644
              </criteria>
            </criteria>
          </definition>
-@@ -11040,7 +11040,7 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -10902,7 +10902,7 @@ Configuration settings are the set of parameters that can be changed in hardware
              <description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</description>
            </metadata>
            <criteria operator="OR" comment="The system is UEFI or /boot is mounted and configured with the nosuid option">
@@ -15226,7 +14652,7 @@ index 2bb4af3b9..3b4e256f4 100644
              <criteria>
                <criterion test_ref="oval:mil.disa.stig.rhel8:tst:16200" comment="/boot is mounted an configured with the nosuid option." />
                <criterion test_ref="oval:mil.disa.stig.rhel8:tst:16201" comment="If /boot is configured in /etc/fstab it is with the nosuid option." />
-@@ -14645,15 +14645,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+@@ -14439,15 +14439,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            <object object_ref="oval:mil.disa.stig.rhel8:obj:10501" />
            <state state_ref="oval:mil.disa.stig.rhel8:ste:10500" />
          </textfilecontent54_test>
@@ -15245,7 +14671,7 @@ index 2bb4af3b9..3b4e256f4 100644
            <object object_ref="oval:mil.disa.stig.rhel8:obj:10602" />
          </file_test>
          <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel8:tst:10700" version="1" check_existence="all_exist" check="all" comment="/boot/grub2/grub.cfg:superusers exists and has a name.">
-@@ -16481,18 +16481,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+@@ -16259,18 +16259,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            <pattern operation="pattern match">^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b</pattern>
            <instance datatype="int" operation="greater than or equal">1</instance>
          </textfilecontent54_object>
@@ -15270,47 +14696,11 @@ index 2bb4af3b9..3b4e256f4 100644
          </file_object>
          <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel8:obj:10700" version="1" comment="/boot/grub2/grub.cfg:superusers">
            <filepath datatype="string">/boot/grub2/grub.cfg</filepath>
-diff --git a/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml
-index 89b69d69d..cf9365113 100644
---- a/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml
-+++ b/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml
-@@ -374,7 +374,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</fixtext><fix id="F-32877r809272_fix" /><check system=
- 
- If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
- 
--If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-230234"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230234r743922_rule" weight="10.0" severity="high"><version>RHEL-08-010140</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
-+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.</check-content></check></Rule></Group><Group id="V-230234"><title>SRG-OS-000080-GPOS-00048</title><description>&lt;GroupDescription&gt;&lt;/GroupDescription&gt;</description><Rule id="SV-230234r743922_rule" weight="10.0" severity="high"><version>RHEL-08-010140</version><title>RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.</title><description>&lt;VulnDiscussion&gt;If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.&lt;/VulnDiscussion&gt;&lt;FalsePositives&gt;&lt;/FalsePositives&gt;&lt;FalseNegatives&gt;&lt;/FalseNegatives&gt;&lt;Documentable&gt;false&lt;/Documentable&gt;&lt;Mitigations&gt;&lt;/Mitigations&gt;&lt;SeverityOverrideGuidance&gt;&lt;/SeverityOverrideGuidance&gt;&lt;PotentialImpacts&gt;&lt;/PotentialImpacts&gt;&lt;ThirdPartyTools&gt;&lt;/ThirdPartyTools&gt;&lt;MitigationControl&gt;&lt;/MitigationControl&gt;&lt;Responsibility&gt;&lt;/Responsibility&gt;&lt;IAControls&gt;&lt;/IAControls&gt;</description><reference><dc:title>DPMS Target Red Hat Enterprise Linux 8</dc:title><dc:publisher>DISA</dc:publisher><dc:type>DPMS Target</dc:type><dc:subject>Red Hat Enterprise Linux 8</dc:subject><dc:identifier>2921</dc:identifier></reference><ident system="http://cyber.mil/cci">CCI-000213</ident><fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
- 
- Generate an encrypted grub2 password for the grub superusers account with the following command:
- 
-@@ -384,7 +384,7 @@ Confirm password:</fixtext><fix id="F-32878r743921_fix" /><check system="C-32903
- 
- Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
- 
--$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
-+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
- 
- GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
- 
-@@ -6468,11 +6468,11 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
- 
- Generate a new grub.cfg file with the following command:
- 
--$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
-+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg</fixtext><fix id="F-47753r743811_fix" /><check system="C-47796r792981_chk"><check-content-ref href="Red_Hat_Enterprise_Linux_8_STIG.xml" name="M" /><check-content>For systems that use BIOS, this is Not Applicable.
- 
- Verify that a unique name is set as the "superusers" account:
- 
--$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
-+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
- set superusers="[someuniquestringhere]"
- export superusers
- 
-diff --git a/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml b/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml
-index c14013393..8b6269729 100644
---- a/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel9-v1r1-xccdf-scap.xml
-@@ -16849,7 +16849,8 @@ include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
+diff --git a/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml b/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml
+index 1c187bcb8..a494e13c3 100644
+--- a/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel9-v2r1-xccdf-scap.xml
+@@ -16677,7 +16677,8 @@ include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
            <metadata>
              <title>The operating system must use a Linux Security Module configured to enforce limits on system services.</title>
              <affected family="unix">
@@ -15320,7 +14710,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>SELINUX is active, enforcing, and configured to enforce</description>
            </metadata>
-@@ -20991,7 +20992,7 @@ include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
+@@ -20786,7 +20787,7 @@ include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
            </metadata>
            <criteria operator="OR">
              <criteria operator="AND">
@@ -15329,7 +14719,7 @@ index c14013393..8b6269729 100644
                <criteria operator="OR" comment="System is RHEL7, RHEL 8, OL7, OL8, TOSS, SLES12, SLES15, Ubuntu18, or Ubuntu20">
                  <extend_definition definition_ref="oval:mil.disa.stig.ubuntu1804:def:1" />
                  <extend_definition definition_ref="oval:mil.disa.stig.ubuntu2004:def:1" />
-@@ -21114,7 +21115,8 @@ include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
+@@ -20909,7 +20910,8 @@ include "/etc/crypto-policies/back-ends/bind.config";</xccdf:fixtext>
            <metadata>
              <title>RHEL-09-211010 - RHEL 9 must be a vendor-supported release.</title>
              <affected family="unix">
@@ -15339,17 +14729,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>An operating system release is considered "supported" if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software.
  
-@@ -21128,7 +21130,8 @@ Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise
-           <metadata>
-             <title>RHEL-09-211025 - RHEL 9 must implement the Endpoint Security for Linux Threat Prevention tool.</title>
-             <affected family="unix">
--              <platform>Red Hat Enterprise Linux 9</platform>
-+              <platform>Red Hat Enterprise Linux 9</platform>
-+<platform>AlmaLinux 9</platform>
-             </affected>
-             <description>Without the use of automated mechanisms to scan for security flaws on a continuous and/or periodic basis, the operating system or other system components may remain vulnerable to the exploits presented by undetected software flaws.
- 
-@@ -21142,7 +21145,8 @@ To support this requirement, the operating system may have an integrated solutio
+@@ -20923,7 +20925,8 @@ Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise
            <metadata>
              <title>RHEL-09-211030 - The graphical display manager must not be the default target on RHEL 9 unless approved.</title>
              <affected family="unix">
@@ -15359,7 +14739,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.</description>
            </metadata>
-@@ -21154,7 +21158,8 @@ To support this requirement, the operating system may have an integrated solutio
+@@ -20935,7 +20938,8 @@ Red Hat offers the Extended Update Support (EUS) add-on to a Red Hat Enterprise
            <metadata>
              <title>RHEL-09-211035 - RHEL 9 must enable the hardware random number generator entropy gatherer service.</title>
              <affected family="unix">
@@ -15369,7 +14749,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict. Entropy in computer security is associated with the unpredictability of a source of randomness. The random source with high entropy tends to achieve a uniform distribution of random values. Random number generators are one of the most important building blocks of cryptosystems.  
  
-@@ -21168,7 +21173,8 @@ The rngd service feeds random data from hardware device to kernel random device.
+@@ -20949,7 +20953,8 @@ The rngd service feeds random data from hardware device to kernel random device.
            <metadata>
              <title>RHEL-09-211040 - RHEL 9 systemd-journald service must be enabled.</title>
              <affected family="unix">
@@ -15379,7 +14759,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>In the event of a system failure, RHEL 9 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.</description>
            </metadata>
-@@ -21180,7 +21186,8 @@ The rngd service feeds random data from hardware device to kernel random device.
+@@ -20961,7 +20966,8 @@ The rngd service feeds random data from hardware device to kernel random device.
            <metadata>
              <title>RHEL-09-211045 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 9 must be disabled.</title>
              <affected family="unix">
@@ -15389,7 +14769,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
  
-@@ -21194,7 +21201,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</description>
+@@ -20975,7 +20981,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-211050 - The x86 Ctrl-Alt-Delete key sequence must be disabled on RHEL 9.</title>
              <affected family="unix">
@@ -15399,7 +14779,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
  
-@@ -21208,7 +21216,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</description>
+@@ -20989,7 +20996,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-211055 - RHEL 9 debug-shell systemd service must be disabled.</title>
              <affected family="unix">
@@ -15409,7 +14789,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine. While this feature is disabled by default, masking it adds an additional layer of assurance that it will not be enabled via a dependency in systemd. This also prevents attackers with physical access from trivially bypassing security on the machine through valid troubleshooting configurations and gaining root access when the system is rebooted.
  
-@@ -21222,7 +21231,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</description>
+@@ -21003,7 +21011,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-212010 - RHEL 9 must require a boot loader superuser password.</title>
              <affected family="unix">
@@ -15419,7 +14799,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
  
-@@ -21236,7 +21246,8 @@ Password protection on the boot loader configuration ensures users with physical
+@@ -21017,7 +21026,8 @@ Password protection on the boot loader configuration ensures users with physical
            <metadata>
              <title>RHEL-09-212015 - RHEL 9 must disable the ability of systemd to spawn an interactive boot process.</title>
              <affected family="unix">
@@ -15429,7 +14809,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Using interactive or recovery boot, the console user could disable auditing, firewalls, or other services, weakening system security.</description>
            </metadata>
-@@ -21248,7 +21259,8 @@ Password protection on the boot loader configuration ensures users with physical
+@@ -21029,7 +21039,8 @@ Password protection on the boot loader configuration ensures users with physical
            <metadata>
              <title>RHEL-09-212025 - RHEL 9 /boot/grub2/grub.cfg file must be group-owned by root.</title>
              <affected family="unix">
@@ -15439,7 +14819,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "root" group is a highly privileged group. Furthermore, the group-owner of this file should not have any access privileges anyway.</description>
            </metadata>
-@@ -21260,7 +21272,8 @@ Password protection on the boot loader configuration ensures users with physical
+@@ -21041,7 +21052,8 @@ Password protection on the boot loader configuration ensures users with physical
            <metadata>
              <title>RHEL-09-212030 - RHEL 9 /boot/grub2/grub.cfg file must be owned by root.</title>
              <affected family="unix">
@@ -15449,7 +14829,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The " /boot/grub2/grub.cfg" file stores sensitive system configuration. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -21272,7 +21285,8 @@ Password protection on the boot loader configuration ensures users with physical
+@@ -21053,7 +21065,8 @@ Password protection on the boot loader configuration ensures users with physical
            <metadata>
              <title>RHEL-09-212035 - RHEL 9 must disable virtual system calls.</title>
              <affected family="unix">
@@ -15459,7 +14839,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>System calls are special routines in the Linux kernel, which userspace applications ask to do privileged tasks. Invoking a system call is an expensive operation because the processor must interrupt the currently executing task and switch context to kernel mode and then back to userspace after the system call completes. Virtual system calls map into user space a page that contains some variables and the implementation of some system calls. This allows the system calls to be executed in userspace to alleviate the context switching expense.
  
-@@ -21288,7 +21302,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
+@@ -21069,7 +21082,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
            <metadata>
              <title>RHEL-09-212040 - RHEL 9 must clear the page allocator to prevent use-after-free attacks.</title>
              <affected family="unix">
@@ -15469,7 +14849,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Poisoning writes an arbitrary value to freed pages, so any modification or reference to that page after being freed or before being initialized will be detected and prevented. This prevents many types of use-after-free vulnerabilities at little performance cost. Also prevents leak of data and detection of corrupted memory.
  
-@@ -21302,7 +21317,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
+@@ -21083,7 +21097,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
            <metadata>
              <title>RHEL-09-212045 - RHEL 9 must clear SLUB/SLAB objects to prevent use-after-free attacks.</title>
              <affected family="unix">
@@ -15479,7 +14859,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Some adversaries launch attacks with the intent of executing code in nonexecutable regions of memory or in memory locations that are prohibited. Security safeguards employed to protect memory include, for example, data execution prevention and address space layout randomization. Data execution prevention safeguards can be either hardware-enforced or software-enforced with hardware providing the greater strength of mechanism.
  
-@@ -21320,7 +21336,8 @@ Satisfies: SRG-OS-000433-GPOS-00192, SRG-OS-000134-GPOS-00068</description>
+@@ -21101,7 +21116,8 @@ Satisfies: SRG-OS-000433-GPOS-00192, SRG-OS-000134-GPOS-00068</description>
            <metadata>
              <title>RHEL-09-212050 - RHEL 9 must enable mitigations against processor-based vulnerabilities.</title>
              <affected family="unix">
@@ -15489,7 +14869,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Kernel page-table isolation is a kernel feature that mitigates the Meltdown security vulnerability and hardens the kernel against attempts to bypass kernel address space layout randomization (KASLR).
  
-@@ -21334,7 +21351,8 @@ Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000095-GPOS-00049</description>
+@@ -21115,7 +21131,8 @@ Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-212055 - RHEL 9 must enable auditing of processes that start prior to the audit daemon.</title>
              <affected family="unix">
@@ -15499,7 +14879,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -21350,7 +21368,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -21131,7 +21148,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-213010 - RHEL 9 must restrict access to the kernel message buffer.</title>
              <affected family="unix">
@@ -15509,7 +14889,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
  
-@@ -21370,7 +21389,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069</description>
+@@ -21151,7 +21169,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069</description>
            <metadata>
              <title>RHEL-09-213015 - RHEL 9 must prevent kernel profiling by nonprivileged users.</title>
              <affected family="unix">
@@ -15519,7 +14899,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
  
-@@ -21390,7 +21410,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069</description>
+@@ -21171,7 +21190,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000138-GPOS-00069</description>
            <metadata>
              <title>RHEL-09-213020 - RHEL 9 must prevent the loading of a new kernel for later execution.</title>
              <affected family="unix">
@@ -15529,7 +14909,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
  
-@@ -21406,7 +21427,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000366-GPOS-00153</description>
+@@ -21187,7 +21207,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000366-GPOS-00153</description>
            <metadata>
              <title>RHEL-09-213025 - RHEL 9 must restrict exposed kernel pointer addresses access.</title>
              <affected family="unix">
@@ -15539,7 +14919,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Exposing kernel pointers (through procfs or "seq_printf()") exposes kernel writeable structures, which may contain functions pointers. If a write vulnerability occurs in the kernel, allowing write access to any of this structure, the kernel can be compromised. This option disallows any program without the CAP_SYSLOG capability to get the addresses of kernel pointers by replacing them with "0".
  
-@@ -21420,7 +21442,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192, SRG-OS-000480-GPO
+@@ -21201,7 +21222,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000433-GPOS-00192, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-213030 - RHEL 9 must enable kernel parameters to enforce discretionary access control on hardlinks.</title>
              <affected family="unix">
@@ -15549,7 +14929,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>By enabling the fs.protected_hardlinks kernel parameter, users can no longer create soft or hard links to files they do not own. Disallowing such hardlinks mitigates vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
  
-@@ -21434,7 +21457,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
+@@ -21215,7 +21237,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
            <metadata>
              <title>RHEL-09-213035 - RHEL 9 must enable kernel parameters to enforce discretionary access control on symlinks.</title>
              <affected family="unix">
@@ -15559,7 +14939,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>By enabling the fs.protected_symlinks kernel parameter, symbolic links are permitted to be followed only when outside a sticky world-writable directory, or when the user identifier (UID) of the link and follower match, or when the directory owner matches the symlink's owner. Disallowing such symlinks helps mitigate vulnerabilities based on insecure file system accessed by privileged programs, avoiding an exploitation vector exploiting unsafe use of open() or creat().
  
-@@ -21448,7 +21472,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
+@@ -21229,7 +21252,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
            <metadata>
              <title>RHEL-09-213040 - RHEL 9 must disable the kernel.core_pattern.</title>
              <affected family="unix">
@@ -15569,7 +14949,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.</description>
            </metadata>
-@@ -21460,7 +21485,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
+@@ -21241,7 +21265,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
            <metadata>
              <title>RHEL-09-213045 - RHEL 9 must be configured to disable the Asynchronous Transfer Mode kernel module.</title>
              <affected family="unix">
@@ -15579,7 +14959,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Disabling Asynchronous Transfer Mode (ATM) protects the system against exploitation of any flaws in its implementation.</description>
            </metadata>
-@@ -21472,7 +21498,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
+@@ -21253,7 +21278,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
            <metadata>
              <title>RHEL-09-213050 - RHEL 9 must be configured to disable the Controller Area Network kernel module.</title>
              <affected family="unix">
@@ -15589,7 +14969,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Disabling Controller Area Network (CAN) protects the system against exploitation of any flaws in its implementation.</description>
            </metadata>
-@@ -21484,7 +21511,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
+@@ -21265,7 +21291,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
            <metadata>
              <title>RHEL-09-213055 - RHEL 9 must be configured to disable the FireWire kernel module.</title>
              <affected family="unix">
@@ -15599,7 +14979,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Disabling firewire protects the system against exploitation of any flaws in its implementation.</description>
            </metadata>
-@@ -21496,7 +21524,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
+@@ -21277,7 +21304,8 @@ Satisfies: SRG-OS-000312-GPOS-00123, SRG-OS-000324-GPOS-00125</description>
            <metadata>
              <title>RHEL-09-213060 - RHEL 9 must disable the Stream Control Transmission Protocol (SCTP) kernel module.</title>
              <affected family="unix">
@@ -15609,7 +14989,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -21512,7 +21541,8 @@ The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, d
+@@ -21293,7 +21321,8 @@ The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, d
            <metadata>
              <title>RHEL-09-213065 - RHEL 9 must disable the Transparent Inter Process Communication (TIPC) kernel module.</title>
              <affected family="unix">
@@ -15619,7 +14999,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -21528,7 +21558,8 @@ The Transparent Inter Process Communication (TIPC) is a protocol that is special
+@@ -21309,7 +21338,8 @@ The Transparent Inter Process Communication (TIPC) is a protocol that is special
            <metadata>
              <title>RHEL-09-213070 - RHEL 9 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution.</title>
              <affected family="unix">
@@ -15629,7 +15009,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Address space layout randomization (ASLR) makes it more difficult for an attacker to predict the location of attack code they have introduced into a process' address space during an attempt at exploitation. Additionally, ASLR makes it more difficult for an attacker to know the location of existing code in order to repurpose it using return oriented programming (ROP) techniques.
  
-@@ -21542,7 +21573,8 @@ Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227</description>
+@@ -21323,7 +21353,8 @@ Satisfies: SRG-OS-000433-GPOS-00193, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-213075 - RHEL 9 must disable access to network bpf system call from nonprivileged processes.</title>
              <affected family="unix">
@@ -15639,7 +15019,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Loading and accessing the packet filters programs and maps using the bpf() system call has the potential of revealing sensitive information about the kernel state.
  
-@@ -21556,7 +21588,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227</description>
+@@ -21337,7 +21368,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-213080 - RHEL 9 must restrict usage of ptrace to descendant processes.</title>
              <affected family="unix">
@@ -15649,7 +15029,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unrestricted usage of ptrace allows compromised binaries to run ptrace on other processes of the user. Like this, the attacker can steal sensitive information from the target processes (e.g., SSH sessions, web browser, etc.) without any additional assistance from the user (i.e., without resorting to phishing).
  
-@@ -21570,7 +21603,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227</description>
+@@ -21351,7 +21383,8 @@ Satisfies: SRG-OS-000132-GPOS-00067, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-213085 - RHEL 9 must disable core dump backtraces.</title>
              <affected family="unix">
@@ -15659,7 +15039,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers or system operators trying to debug problems.
  
-@@ -21584,7 +21618,8 @@ Enabling core dumps on production systems is not recommended; however, there may
+@@ -21365,7 +21398,8 @@ Enabling core dumps on production systems is not recommended; however, there may
            <metadata>
              <title>RHEL-09-213090 - RHEL 9 must disable storing core dumps.</title>
              <affected family="unix">
@@ -15669,7 +15049,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers or system operators trying to debug problems. Enabling core dumps on production systems is not recommended; however, there may be overriding operational requirements to enable advanced debugging. Permitting temporary enablement of core dumps during such situations must be reviewed through local needs and policy.</description>
            </metadata>
-@@ -21596,7 +21631,8 @@ Enabling core dumps on production systems is not recommended; however, there may
+@@ -21377,7 +21411,8 @@ Enabling core dumps on production systems is not recommended; however, there may
            <metadata>
              <title>RHEL-09-213095 - RHEL 9 must disable core dumps for all users.</title>
              <affected family="unix">
@@ -15679,7 +15059,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.</description>
            </metadata>
-@@ -21608,7 +21644,8 @@ Enabling core dumps on production systems is not recommended; however, there may
+@@ -21389,7 +21424,8 @@ Enabling core dumps on production systems is not recommended; however, there may
            <metadata>
              <title>RHEL-09-213100 - RHEL 9 must disable acquiring, saving, and processing core dumps.</title>
              <affected family="unix">
@@ -15689,7 +15069,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A core dump includes a memory image taken at the time the operating system terminates an application. The memory image could contain sensitive data and is generally useful only for developers trying to debug problems.</description>
            </metadata>
-@@ -21620,7 +21657,8 @@ Enabling core dumps on production systems is not recommended; however, there may
+@@ -21401,7 +21437,8 @@ Enabling core dumps on production systems is not recommended; however, there may
            <metadata>
              <title>RHEL-09-213105 - RHEL 9 must disable the use of user namespaces.</title>
              <affected family="unix">
@@ -15699,7 +15079,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>User namespaces are used primarily for Linux containers. The value "0" disallows the use of user namespaces.</description>
            </metadata>
-@@ -21632,7 +21670,8 @@ Enabling core dumps on production systems is not recommended; however, there may
+@@ -21413,7 +21450,8 @@ Enabling core dumps on production systems is not recommended; however, there may
            <metadata>
              <title>RHEL-09-213115 - The kdump service on RHEL 9 must be disabled.</title>
              <affected family="unix">
@@ -15709,7 +15089,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Kernel core dumps may contain the full contents of system memory at the time of the crash. Kernel core dumps consume a considerable amount of disk space and may result in denial of service by exhausting the available space on the target file system partition. Unless the system is used for kernel development or testing, there is little need to run the kdump service.</description>
            </metadata>
-@@ -21644,7 +21683,8 @@ Enabling core dumps on production systems is not recommended; however, there may
+@@ -21425,7 +21463,8 @@ Enabling core dumps on production systems is not recommended; however, there may
            <metadata>
              <title>RHEL-09-214015 - RHEL 9 must check the GPG signature of software packages originating from external software repositories before installation.</title>
              <affected family="unix">
@@ -15719,7 +15099,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
  
-@@ -21660,7 +21700,8 @@ Verifying the authenticity of software prior to installation validates the integ
+@@ -21441,7 +21480,8 @@ Verifying the authenticity of software prior to installation validates the integ
            <metadata>
              <title>RHEL-09-214020 - RHEL 9 must check the GPG signature of locally installed software packages before installation.</title>
              <affected family="unix">
@@ -15729,7 +15109,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
  
-@@ -21676,7 +21717,8 @@ Verifying the authenticity of software prior to installation validates the integ
+@@ -21457,7 +21497,8 @@ Verifying the authenticity of software prior to installation validates the integ
            <metadata>
              <title>RHEL-09-214025 - RHEL 9 must have GPG signature verification enabled for all software repositories.</title>
              <affected family="unix">
@@ -15739,7 +15119,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
  
-@@ -21692,7 +21734,8 @@ Verifying the authenticity of software prior to installation validates the integ
+@@ -21473,7 +21514,8 @@ Verifying the authenticity of software prior to installation validates the integ
            <metadata>
              <title>RHEL-09-214035 - RHEL 9 must remove all software components after updated versions have been installed.</title>
              <affected family="unix">
@@ -15749,7 +15129,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by some adversaries.</description>
            </metadata>
-@@ -21704,7 +21747,8 @@ Verifying the authenticity of software prior to installation validates the integ
+@@ -21485,7 +21527,8 @@ Verifying the authenticity of software prior to installation validates the integ
            <metadata>
              <title>RHEL-09-215010 - RHEL 9 subscription-manager package must be installed.</title>
              <affected family="unix">
@@ -15759,7 +15139,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The Red Hat Subscription Manager application manages software subscriptions and software repositories for installed software products on the local system. It communicates with backend servers, such as the Red Hat Customer Portal or an on-premise instance of Subscription Asset Manager, to register the local system and grant access to software resources determined by the subscription entitlement.</description>
            </metadata>
-@@ -21716,7 +21760,8 @@ Verifying the authenticity of software prior to installation validates the integ
+@@ -21497,7 +21540,8 @@ Verifying the authenticity of software prior to installation validates the integ
            <metadata>
              <title>RHEL-09-215015 - RHEL 9 must not have a File Transfer Protocol (FTP) server package installed.</title>
              <affected family="unix">
@@ -15769,7 +15149,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The FTP service provides an unencrypted remote access that does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised. SSH or other encrypted file transfer methods must be used in place of this service.
  
-@@ -21732,7 +21777,8 @@ Satisfies: SRG-OS-000074-GPOS-00042, SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPO
+@@ -21513,7 +21557,8 @@ Satisfies: SRG-OS-000074-GPOS-00042, SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-215020 - RHEL 9 must not have the sendmail package installed.</title>
              <affected family="unix">
@@ -15779,7 +15159,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The sendmail software was not developed with security in mind, and its design prevents it from being effectively contained by SELinux. Postfix must be used instead.
  
-@@ -21746,7 +21792,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000095-GPOS-00049</description>
+@@ -21527,7 +21572,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-215025 - RHEL 9 must not have the nfs-utils package installed.</title>
              <affected family="unix">
@@ -15789,7 +15169,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>"nfs-utils" provides a daemon for the kernel NFS server and related tools. This package also contains the "showmount" program. "showmount" queries the mount daemon on a remote host for information about the Network File System (NFS) server on the remote host. For example, "showmount" can display the clients that are mounted on that host.</description>
            </metadata>
-@@ -21758,7 +21805,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000095-GPOS-00049</description>
+@@ -21539,7 +21585,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-215030 - RHEL 9 must not have the ypserv package installed.</title>
              <affected family="unix">
@@ -15799,7 +15179,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The NIS service provides an unencrypted authentication service, which does not provide for the confidentiality and integrity of user passwords or the remote session.
  
-@@ -21772,7 +21820,8 @@ Removing the "ypserv" package decreases the risk of the accidental (or intention
+@@ -21553,7 +21600,8 @@ Removing the "ypserv" package decreases the risk of the accidental (or intention
            <metadata>
              <title>RHEL-09-215035 - RHEL 9 must not have the rsh-server package installed.</title>
              <affected family="unix">
@@ -15809,7 +15189,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "rsh-server" service provides unencrypted remote access service, which does not provide for the confidentiality and integrity of user passwords or the remote session and has very weak authentication. If a privileged user were to login using this service, the privileged user password could be compromised. The "rsh-server" package provides several obsolete and insecure network services. Removing it decreases the risk of accidental (or intentional) activation of those services.</description>
            </metadata>
-@@ -21784,7 +21833,8 @@ Removing the "ypserv" package decreases the risk of the accidental (or intention
+@@ -21565,7 +21613,8 @@ Removing the "ypserv" package decreases the risk of the accidental (or intention
            <metadata>
              <title>RHEL-09-215040 - RHEL 9 must not have the telnet-server package installed.</title>
              <affected family="unix">
@@ -15819,7 +15199,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities are often overlooked and therefore, may remain unsecure. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -21800,7 +21850,8 @@ Removing the "telnet-server" package decreases the risk of accidental (or intent
+@@ -21581,7 +21630,8 @@ Removing the "telnet-server" package decreases the risk of accidental (or intent
            <metadata>
              <title>RHEL-09-215045 - RHEL 9 must not have the gssproxy package installed.</title>
              <affected family="unix">
@@ -15829,7 +15209,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore, may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -21818,7 +21869,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</description>
+@@ -21599,7 +21649,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-215050 - RHEL 9 must not have the iprutils package installed.</title>
              <affected family="unix">
@@ -15839,7 +15219,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -21836,7 +21888,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</description>
+@@ -21617,7 +21668,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-215055 - RHEL 9 must not have the tuned package installed.</title>
              <affected family="unix">
@@ -15849,7 +15229,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -21854,7 +21907,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</description>
+@@ -21635,7 +21687,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-215060 - RHEL 9 must not have a Trivial File Transfer Protocol (TFTP) server package installed.</title>
              <affected family="unix">
@@ -15859,7 +15239,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Removing the "tftp-server" package decreases the risk of the accidental (or intentional) activation of tftp services.
  
-@@ -21868,7 +21922,8 @@ If TFTP is required for operational support (such as transmission of router conf
+@@ -21649,7 +21702,8 @@ If TFTP is required for operational support (such as transmission of router conf
            <metadata>
              <title>RHEL-09-215065 - RHEL 9 must not have the quagga package installed.</title>
              <affected family="unix">
@@ -15869,7 +15249,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Quagga is a network routing software suite providing implementations of Open Shortest Path First (OSPF), Routing Information Protocol (RIP), Border Gateway Protocol (BGP) for Unix and Linux platforms.
  
-@@ -21882,7 +21937,8 @@ If there is no need to make the router software available, removing it provides
+@@ -21663,7 +21717,8 @@ If there is no need to make the router software available, removing it provides
            <metadata>
              <title>RHEL-09-215070 - A graphical display manager must not be installed on RHEL 9 unless approved.</title>
              <affected family="unix">
@@ -15879,7 +15259,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unnecessary service packages must not be installed to decrease the attack surface of the system. Graphical display managers have a long history of security vulnerabilities and must not be used, unless approved and documented.</description>
            </metadata>
-@@ -21894,7 +21950,8 @@ If there is no need to make the router software available, removing it provides
+@@ -21675,7 +21730,8 @@ If there is no need to make the router software available, removing it provides
            <metadata>
              <title>RHEL-09-215075 - RHEL 9 must have the openssl-pkcs11 package installed.</title>
              <affected family="unix">
@@ -15889,7 +15269,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD CAC with DOD-approved PKI is an example of multifactor authentication.
  
-@@ -21908,7 +21965,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21689,7 +21745,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-215080 - RHEL 9 must have the gnutls-utils package installed.</title>
              <affected family="unix">
@@ -15899,7 +15279,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>GnuTLS is a secure communications library implementing the SSL, TLS and DTLS protocols and technologies around them. It provides a simple C language application programming interface (API) to access the secure communications protocols as well as APIs to parse and write X.509, PKCS #12, OpenPGP and other required structures. This package contains command line TLS client and server and certificate manipulation tools.</description>
            </metadata>
-@@ -21920,7 +21978,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21701,7 +21758,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-215085 - RHEL 9 must have the nss-tools package installed.</title>
              <affected family="unix">
@@ -15909,7 +15289,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and server applications. Install the "nss-tools" package to install command-line tools to manipulate the NSS certificate and key database.</description>
            </metadata>
-@@ -21932,7 +21991,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21713,7 +21771,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-215090 - RHEL 9 must have the rng-tools package installed.</title>
              <affected family="unix">
@@ -15919,7 +15299,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>"rng-tools" provides hardware random number generator tools, such as those used in the formation of x509/PKI certificates.</description>
            </metadata>
-@@ -21944,7 +22004,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21725,7 +21784,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-215095 - RHEL 9 must have the s-nail package installed.</title>
              <affected family="unix">
@@ -15929,7 +15309,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "s-nail" package provides the mail command required to allow sending email notifications of unauthorized configuration changes to designated personnel.</description>
            </metadata>
-@@ -21956,7 +22017,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21737,7 +21797,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-231010 - A separate RHEL 9 file system must be used for user home directories (such as /home or an equivalent).</title>
              <affected family="unix">
@@ -15939,7 +15319,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Ensuring that "/home" is mounted on its own partition enables the setting of more restrictive mount options, and also helps ensure that users cannot trivially fill partitions used for log or audit data storage.</description>
            </metadata>
-@@ -21968,7 +22030,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21749,7 +21810,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-231015 - RHEL 9 must use a separate file system for /tmp.</title>
              <affected family="unix">
@@ -15949,7 +15329,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/tmp" partition is used as temporary storage by many programs. Placing "/tmp" in its own partition enables the setting of more restrictive mount options, which can help protect programs that use it.</description>
            </metadata>
-@@ -21980,7 +22043,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21761,7 +21823,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-231020 - RHEL 9 must use a separate file system for /var.</title>
              <affected family="unix">
@@ -15959,7 +15339,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Ensuring that "/var" is mounted on its own partition enables the setting of more restrictive mount options. This helps protect system services such as daemons or other programs which use it. It is not uncommon for the "/var" directory to contain world-writable directories installed by other software packages.</description>
            </metadata>
-@@ -21992,7 +22056,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21773,7 +21836,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-231025 - RHEL 9 must use a separate file system for /var/log.</title>
              <affected family="unix">
@@ -15969,7 +15349,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Placing "/var/log" in its own partition enables better separation between log files and other files in "/var/".</description>
            </metadata>
-@@ -22004,7 +22069,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
+@@ -21785,7 +21849,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPO
            <metadata>
              <title>RHEL-09-231030 - RHEL 9 must use a separate file system for the system audit data path.</title>
              <affected family="unix">
@@ -15979,7 +15359,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Placing "/var/log/audit" in its own partition enables better separation between audit files and other system files, and helps ensure that auditing cannot be halted due to the partition running out of space.
  
-@@ -22018,7 +22084,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227</description>
+@@ -21799,7 +21864,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231035 - RHEL 9 must use a separate file system for /var/tmp.</title>
              <affected family="unix">
@@ -15989,7 +15369,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/var/tmp" partition is used as temporary storage by many programs. Placing "/var/tmp" in its own partition enables the setting of more restrictive mount options, which can help protect programs that use it.</description>
            </metadata>
-@@ -22030,7 +22097,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227</description>
+@@ -21811,7 +21877,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231040 - RHEL 9 file system automount function must be disabled unless required.</title>
              <affected family="unix">
@@ -15999,7 +15379,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>An authentication process resists replay attacks if it is impractical to achieve a successful authentication by recording and replaying a previous authentication message.
  
-@@ -22044,7 +22112,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
+@@ -21825,7 +21892,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-231045 - RHEL 9 must prevent device files from being interpreted on file systems that contain user home directories.</title>
              <affected family="unix">
@@ -16009,7 +15389,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22058,7 +22127,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -21839,7 +21907,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231050 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that contain user home directories.</title>
              <affected family="unix">
@@ -16019,7 +15399,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22072,7 +22142,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21853,7 +21922,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231055 - RHEL 9 must prevent code from being executed on file systems that contain user home directories.</title>
              <affected family="unix">
@@ -16029,7 +15409,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22084,7 +22155,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21865,7 +21935,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231060 - RHEL 9 must be configured so that the Network File System (NFS) is configured to use RPCSEC_GSS.</title>
              <affected family="unix">
@@ -16039,7 +15419,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>When an NFS server is configured to use RPCSEC_SYS, a selected userid and groupid are used to handle requests from the remote user. The userid and groupid could mistakenly or maliciously be set incorrectly. The RPCSEC_GSS method of authentication uses certificates on the server and client systems to more securely authenticate the remote mount request.</description>
            </metadata>
-@@ -22096,7 +22168,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21877,7 +21948,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231065 - RHEL 9 must prevent special devices on file systems that are imported via Network File System (NFS).</title>
              <affected family="unix">
@@ -16049,7 +15429,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22108,7 +22181,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21889,7 +21961,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231070 - RHEL 9  must prevent code from being executed on file systems that are imported via Network File System (NFS).</title>
              <affected family="unix">
@@ -16059,7 +15439,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "noexec" mount option causes the system not to execute binary files. This option must be used for mounting any file system not containing approved binary as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22120,7 +22194,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21901,7 +21974,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231075 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS).</title>
              <affected family="unix">
@@ -16069,7 +15449,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22132,7 +22207,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21913,7 +21987,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231095 - RHEL 9 must mount /boot with the nodev option.</title>
              <affected family="unix">
@@ -16079,7 +15459,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The only legitimate location for device files is the "/dev" directory located on the root partition. The only exception to this is chroot jails.</description>
            </metadata>
-@@ -22144,7 +22220,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21925,7 +22000,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231100 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.</title>
              <affected family="unix">
@@ -16089,7 +15469,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22158,7 +22235,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21939,7 +22015,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231105 - RHEL 9 must prevent files with the setuid and setgid bit set from being executed on the /boot/efi directory.</title>
              <affected family="unix">
@@ -16099,7 +15479,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22172,7 +22250,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
+@@ -21953,7 +22030,8 @@ Satisfies: SRG-OS-000368-GPOS-00154, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-231110 - RHEL 9 must mount /dev/shm with the nodev option.</title>
              <affected family="unix">
@@ -16109,7 +15489,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22186,7 +22265,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -21967,7 +22045,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231115 - RHEL 9 must mount /dev/shm with the noexec option.</title>
              <affected family="unix">
@@ -16119,7 +15499,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22198,7 +22278,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -21979,7 +22058,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231120 - RHEL 9 must mount /dev/shm with the nosuid option.</title>
              <affected family="unix">
@@ -16129,7 +15509,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22210,7 +22291,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -21991,7 +22071,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231125 - RHEL 9 must mount /tmp with the nodev option.</title>
              <affected family="unix">
@@ -16139,7 +15519,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22224,7 +22306,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22005,7 +22086,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231130 - RHEL 9 must mount /tmp with the noexec option.</title>
              <affected family="unix">
@@ -16149,7 +15529,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22236,7 +22319,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22017,7 +22099,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231135 - RHEL 9 must mount /tmp with the nosuid option.</title>
              <affected family="unix">
@@ -16159,7 +15539,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22248,7 +22332,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22029,7 +22112,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231140 - RHEL 9 must mount /var with the nodev option.</title>
              <affected family="unix">
@@ -16169,7 +15549,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22262,7 +22347,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22043,7 +22127,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231145 - RHEL 9 must mount /var/log with the nodev option.</title>
              <affected family="unix">
@@ -16179,7 +15559,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22276,7 +22362,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22057,7 +22142,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231150 - RHEL 9 must mount /var/log with the noexec option.</title>
              <affected family="unix">
@@ -16189,7 +15569,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22288,7 +22375,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22069,7 +22155,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231155 - RHEL 9 must mount /var/log with the nosuid option.</title>
              <affected family="unix">
@@ -16199,7 +15579,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22300,7 +22388,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22081,7 +22168,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231160 - RHEL 9 must mount /var/log/audit with the nodev option.</title>
              <affected family="unix">
@@ -16209,7 +15589,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22314,7 +22403,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22095,7 +22183,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231165 - RHEL 9 must mount /var/log/audit with the noexec option.</title>
              <affected family="unix">
@@ -16219,7 +15599,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22326,7 +22416,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22107,7 +22196,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231170 - RHEL 9 must mount /var/log/audit with the nosuid option.</title>
              <affected family="unix">
@@ -16229,7 +15609,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22338,7 +22429,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22119,7 +22209,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231175 - RHEL 9 must mount /var/tmp with the nodev option.</title>
              <affected family="unix">
@@ -16239,7 +15619,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22352,7 +22444,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22133,7 +22224,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231180 - RHEL 9 must mount /var/tmp with the noexec option.</title>
              <affected family="unix">
@@ -16249,7 +15629,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "noexec" mount option causes the system to not execute binary files. This option must be used for mounting any file system not containing approved binary files, as they may be incompatible. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22364,7 +22457,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22145,7 +22237,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231185 - RHEL 9 must mount /var/tmp with the nosuid option.</title>
              <affected family="unix">
@@ -16259,7 +15639,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nosuid" mount option causes the system to not execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.</description>
            </metadata>
-@@ -22376,7 +22470,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22157,7 +22250,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-231195 - RHEL 9 must disable mounting of cramfs.</title>
              <affected family="unix">
@@ -16269,7 +15649,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
  
-@@ -22392,7 +22487,8 @@ Compressed ROM/RAM file system (or cramfs) is a read-only file system designed f
+@@ -22173,7 +22267,8 @@ Compressed ROM/RAM file system (or cramfs) is a read-only file system designed f
            <metadata>
              <title>RHEL-09-231200 - RHEL 9 must prevent special devices on non-root local partitions.</title>
              <affected family="unix">
@@ -16279,7 +15659,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for nonprivileged users to attain unauthorized administrative access.
  
-@@ -22406,7 +22502,8 @@ The only legitimate location for device files is the "/dev" directory located on
+@@ -22187,7 +22282,8 @@ The only legitimate location for device files is the "/dev" directory located on
            <metadata>
              <title>RHEL-09-232010 - RHEL 9 system commands must have mode 755 or less permissive.</title>
              <affected family="unix">
@@ -16289,7 +15669,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22420,7 +22517,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22201,7 +22297,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232015 - RHEL 9 library directories must have mode 755 or less permissive.</title>
              <affected family="unix">
@@ -16299,7 +15679,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22434,7 +22532,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22215,7 +22312,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232020 - RHEL 9 library files must have mode 755 or less permissive.</title>
              <affected family="unix">
@@ -16309,7 +15689,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22448,7 +22547,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22229,7 +22327,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232025 - RHEL 9 /var/log directory must have mode 0755 or less permissive.</title>
              <affected family="unix">
@@ -16319,7 +15699,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -22462,7 +22562,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -22243,7 +22342,8 @@ The structure and content of error messages must be carefully considered by the
            <metadata>
              <title>RHEL-09-232030 - RHEL 9 /var/log/messages file must have mode 0640 or less permissive.</title>
              <affected family="unix">
@@ -16329,7 +15709,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -22476,7 +22577,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -22257,7 +22357,8 @@ The structure and content of error messages must be carefully considered by the
            <metadata>
              <title>RHEL-09-232035 - RHEL 9 audit tools must have a mode of 0755 or less permissive.</title>
              <affected family="unix">
@@ -16339,7 +15719,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
  
-@@ -22492,7 +22594,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22273,7 +22374,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232040 - RHEL 9 cron configuration directories must have a mode of 0700 or less permissive.</title>
              <affected family="unix">
@@ -16349,7 +15729,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files should have the correct access rights to prevent unauthorized changes.</description>
            </metadata>
-@@ -22504,7 +22607,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22285,7 +22387,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232045 - All RHEL 9 local initialization files must have mode 0740 or less permissive.</title>
              <affected family="unix">
@@ -16359,7 +15739,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Local initialization files are used to configure the user's shell environment upon logon. Malicious modification of these files could compromise accounts upon logon.</description>
            </metadata>
-@@ -22516,7 +22620,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22297,7 +22400,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232050 - All RHEL 9 local interactive user home directories must have mode 0750 or less permissive.</title>
              <affected family="unix">
@@ -16369,7 +15749,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Excessive permissions on local interactive user home directories may allow unauthorized access to user files by other users.</description>
            </metadata>
-@@ -22528,7 +22633,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22309,7 +22413,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232055 - RHEL 9 /etc/group file must have mode 0644 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16379,7 +15759,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.</description>
            </metadata>
-@@ -22540,7 +22646,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22321,7 +22426,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232060 - RHEL 9 /etc/group- file must have mode 0644 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16389,7 +15769,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/group-" file is a backup file of "/etc/group", and as such, contains information regarding groups that are configured on the system. Protection of this file is important for system security.</description>
            </metadata>
-@@ -22552,7 +22659,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22333,7 +22439,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232065 - RHEL 9 /etc/gshadow file must have mode 0000 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16399,7 +15779,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/gshadow" file contains group password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22564,7 +22672,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22345,7 +22452,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232070 - RHEL 9 /etc/gshadow- file must have mode 0000 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16409,7 +15789,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/gshadow-" file is a backup of "/etc/gshadow", and as such, contains group password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22576,7 +22685,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22357,7 +22465,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232075 - RHEL 9 /etc/passwd file must have mode 0644 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16419,7 +15799,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If the "/etc/passwd" file is writable by a group-owner or the world the risk of its compromise is increased. The file contains the list of accounts on the system and associated information, and protection of this file is critical for system security.</description>
            </metadata>
-@@ -22588,7 +22698,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22369,7 +22478,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232080 - RHEL 9 /etc/passwd- file must have mode 0644 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16429,7 +15809,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/passwd-" file is a backup file of "/etc/passwd", and as such, contains information about the users that are configured on the system. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22600,7 +22711,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22381,7 +22491,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232085 - RHEL 9 /etc/shadow- file must have mode 0000 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16439,7 +15819,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/shadow-" file is a backup file of "/etc/shadow", and as such, contains the list of local system accounts and password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22612,7 +22724,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22393,7 +22504,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232090 - RHEL 9 /etc/group file must be owned by root.</title>
              <affected family="unix">
@@ -16449,7 +15829,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.</description>
            </metadata>
-@@ -22624,7 +22737,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22405,7 +22517,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232095 - RHEL 9 /etc/group file must be group-owned by root.</title>
              <affected family="unix">
@@ -16459,7 +15839,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/group" file contains information regarding groups that are configured on the system. Protection of this file is important for system security.</description>
            </metadata>
-@@ -22636,7 +22750,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22417,7 +22530,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232100 - RHEL 9 /etc/group- file must be owned by root.</title>
              <affected family="unix">
@@ -16469,7 +15849,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/group-" file is a backup file of "/etc/group", and as such, contains information regarding groups that are configured on the system. Protection of this file is important for system security.</description>
            </metadata>
-@@ -22648,7 +22763,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22429,7 +22543,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232105 - RHEL 9 /etc/group- file must be group-owned by root.</title>
              <affected family="unix">
@@ -16479,7 +15859,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/group-" file is a backup file of "/etc/group", and as such, contains information regarding groups that are configured on the system. Protection of this file is important for system security.</description>
            </metadata>
-@@ -22660,7 +22776,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22441,7 +22556,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232110 - RHEL 9 /etc/gshadow file must be owned by root.</title>
              <affected family="unix">
@@ -16489,7 +15869,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/gshadow" file contains group password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22672,7 +22789,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22453,7 +22569,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232115 - RHEL 9 /etc/gshadow file must be group-owned by root.</title>
              <affected family="unix">
@@ -16499,7 +15879,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/gshadow" file contains group password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22684,7 +22802,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22465,7 +22582,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232120 - RHEL 9 /etc/gshadow- file must be owned by root.</title>
              <affected family="unix">
@@ -16509,7 +15889,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/gshadow-" file is a backup of "/etc/gshadow", and as such, contains group password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22696,7 +22815,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22477,7 +22595,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232125 - RHEL 9 /etc/gshadow- file must be group-owned by root.</title>
              <affected family="unix">
@@ -16519,7 +15899,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/gshadow-" file is a backup of "/etc/gshadow", and as such, contains group password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22708,7 +22828,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22489,7 +22608,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232130 - RHEL 9 /etc/passwd file must be owned by root.</title>
              <affected family="unix">
@@ -16529,7 +15909,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/passwd" file contains information about the users that are configured on the system. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22720,7 +22841,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22501,7 +22621,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232135 - RHEL 9 /etc/passwd file must be group-owned by root.</title>
              <affected family="unix">
@@ -16539,7 +15919,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/passwd" file contains information about the users that are configured on the system. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22732,7 +22854,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22513,7 +22634,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232140 - RHEL 9 /etc/passwd- file must be owned by root.</title>
              <affected family="unix">
@@ -16549,7 +15929,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/passwd-" file is a backup file of "/etc/passwd", and as such, contains information about the users that are configured on the system. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22744,7 +22867,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22525,7 +22647,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232145 - RHEL 9 /etc/passwd- file must be group-owned by root.</title>
              <affected family="unix">
@@ -16559,7 +15939,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/passwd-" file is a backup file of "/etc/passwd", and as such, contains information about the users that are configured on the system. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22756,7 +22880,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22537,7 +22660,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232150 - RHEL 9 /etc/shadow file must be owned by root.</title>
              <affected family="unix">
@@ -16569,7 +15949,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/shadow" file contains the list of local system accounts and stores password hashes. Protection of this file is critical for system security. Failure to give ownership of this file to root provides the designated owner with access to sensitive information, which could weaken the system security posture.</description>
            </metadata>
-@@ -22768,7 +22893,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22549,7 +22673,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232155 - RHEL 9 /etc/shadow file must be group-owned by root.</title>
              <affected family="unix">
@@ -16579,7 +15959,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/shadow" file stores password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22780,7 +22906,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22561,7 +22686,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232160 - RHEL 9 /etc/shadow- file must be owned by root.</title>
              <affected family="unix">
@@ -16589,7 +15969,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/shadow-" file is a backup file of "/etc/shadow", and as such, contains the list of local system accounts and password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22792,7 +22919,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22573,7 +22699,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232165 - RHEL 9 /etc/shadow- file must be group-owned by root.</title>
              <affected family="unix">
@@ -16599,7 +15979,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/shadow-" file is a backup file of "/etc/shadow", and as such, contains the list of local system accounts and password hashes. Protection of this file is critical for system security.</description>
            </metadata>
-@@ -22804,7 +22932,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22585,7 +22712,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232170 - RHEL 9 /var/log directory must be owned by root.</title>
              <affected family="unix">
@@ -16609,7 +15989,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -22818,7 +22947,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -22599,7 +22727,8 @@ The structure and content of error messages must be carefully considered by the
            <metadata>
              <title>RHEL-09-232175 - RHEL 9 /var/log directory must be group-owned by root.</title>
              <affected family="unix">
@@ -16619,7 +15999,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -22832,7 +22962,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -22613,7 +22742,8 @@ The structure and content of error messages must be carefully considered by the
            <metadata>
              <title>RHEL-09-232180 - RHEL 9 /var/log/messages file must be owned by root.</title>
              <affected family="unix">
@@ -16629,7 +16009,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -22846,7 +22977,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -22627,7 +22757,8 @@ The structure and content of error messages must be carefully considered by the
            <metadata>
              <title>RHEL-09-232185 - RHEL 9 /var/log/messages file must be group-owned by root.</title>
              <affected family="unix">
@@ -16639,7 +16019,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, personally identifiable information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -22860,7 +22992,8 @@ The structure and content of error messages must be carefully considered by the
+@@ -22641,7 +22772,8 @@ The structure and content of error messages must be carefully considered by the
            <metadata>
              <title>RHEL-09-232190 - RHEL 9 system commands must be owned by root.</title>
              <affected family="unix">
@@ -16649,7 +16029,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22874,7 +23007,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22655,7 +22787,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232195 - RHEL 9 system commands must be group-owned by root or a system account.</title>
              <affected family="unix">
@@ -16659,7 +16039,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22888,7 +23022,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22669,7 +22802,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232200 - RHEL 9 library files must be owned by root.</title>
              <affected family="unix">
@@ -16669,7 +16049,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22902,7 +23037,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22683,7 +22817,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232205 - RHEL 9 library files must be group-owned by root or a system account.</title>
              <affected family="unix">
@@ -16679,7 +16059,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22916,7 +23052,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22697,7 +22832,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232210 - RHEL 9 library directories must be owned by root.</title>
              <affected family="unix">
@@ -16689,7 +16069,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22930,7 +23067,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22711,7 +22847,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232215 - RHEL 9 library directories must be group-owned by root or a system account.</title>
              <affected family="unix">
@@ -16699,7 +16079,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If RHEL 9 allowed any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
  
-@@ -22944,7 +23082,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
+@@ -22725,7 +22862,8 @@ This requirement applies to RHEL 9 with software libraries that are accessible a
            <metadata>
              <title>RHEL-09-232220 - RHEL 9 audit tools must be owned by root.</title>
              <affected family="unix">
@@ -16709,7 +16089,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
  
-@@ -22960,7 +23099,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22741,7 +22879,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232225 - RHEL 9 audit tools must be group-owned by root.</title>
              <affected family="unix">
@@ -16719,7 +16099,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data; therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
  
-@@ -22976,7 +23116,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22757,7 +22896,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232230 - RHEL 9 cron configuration files directory must be owned by root.</title>
              <affected family="unix">
@@ -16729,7 +16109,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations; therefore, service configuration files must be owned by the correct group to prevent unauthorized changes.</description>
            </metadata>
-@@ -22988,7 +23129,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22769,7 +22909,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232235 - RHEL 9 cron configuration files directory must be group-owned by root.</title>
              <affected family="unix">
@@ -16739,7 +16119,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations; therefore, service configuration files should be owned by the correct group to prevent unauthorized changes.</description>
            </metadata>
-@@ -23000,7 +23142,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22781,7 +22922,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232265 - RHEL 9 /etc/crontab file must have mode 0600.</title>
              <affected family="unix">
@@ -16749,7 +16129,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations; therefore, service configuration files must have the correct access rights to prevent unauthorized changes.</description>
            </metadata>
-@@ -23012,7 +23155,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22793,7 +22935,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-232270 - RHEL 9 /etc/shadow file must have mode 0000 to prevent unauthorized access.</title>
              <affected family="unix">
@@ -16759,7 +16139,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "/etc/shadow" file contains the list of local system accounts and stores password hashes. Protection of this file is critical for system security. Failure to give ownership of this file to root provides the designated owner with access to sensitive information, which could weaken the system security posture.</description>
            </metadata>
-@@ -23024,7 +23168,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
+@@ -22805,7 +22948,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
            <metadata>
              <title>RHEL-09-251010 - RHEL 9 must have the firewalld package installed.</title>
              <affected family="unix">
@@ -16769,7 +16149,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>"Firewalld" provides an easy and effective way to block/limit remote access to the system via ports, services, and protocols.
  
-@@ -23052,7 +23197,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000297-GPOS-00115, SRG-OS-000298-GPO
+@@ -22833,7 +22977,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000297-GPOS-00115, SRG-OS-000298-GPO
            <metadata>
              <title>RHEL-09-251015 - The firewalld service on RHEL 9 must be active.</title>
              <affected family="unix">
@@ -16779,7 +16159,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>"Firewalld" provides an easy and effective way to block/limit remote access to the system via ports, services, and protocols.
  
-@@ -23072,7 +23218,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000297-GPOS-00115, SRG-OS-000480-GPO
+@@ -22853,7 +22998,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000297-GPOS-00115, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-251030 - RHEL 9 must protect against or limit the effects of denial-of-service (DoS) attacks by ensuring rate-limiting measures on impacted network interfaces are implemented.</title>
              <affected family="unix">
@@ -16789,7 +16169,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>DoS is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity.
  
-@@ -23086,7 +23233,8 @@ This requirement addresses the configuration of RHEL 9 to mitigate the impact of
+@@ -22867,7 +23013,8 @@ This requirement addresses the configuration of RHEL 9 to mitigate the impact of
            <metadata>
              <title>RHEL-09-251040 - RHEL 9 network interfaces must not be in promiscuous mode.</title>
              <affected family="unix">
@@ -16799,7 +16179,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Network interfaces in promiscuous mode allow for the capture of all network traffic visible to the system. If unauthorized individuals can access these applications, it may allow them to collect information such as logon IDs, passwords, and key exchanges between systems.
  
-@@ -23100,7 +23248,8 @@ If the system is being used to perform a network troubleshooting function, the u
+@@ -22881,7 +23028,8 @@ If the system is being used to perform a network troubleshooting function, the u
            <metadata>
              <title>RHEL-09-251045 - RHEL 9 must enable hardening for the Berkeley Packet Filter just-in-time compiler.</title>
              <affected family="unix">
@@ -16809,7 +16189,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>When hardened, the extended Berkeley Packet Filter (BPF) just-in-time (JIT) compiler will randomize any kernel addresses in the BPF programs and maps, and will not expose the JIT addresses in "/proc/kallsyms".</description>
            </metadata>
-@@ -23112,7 +23261,8 @@ If the system is being used to perform a network troubleshooting function, the u
+@@ -22893,7 +23041,8 @@ If the system is being used to perform a network troubleshooting function, the u
            <metadata>
              <title>RHEL-09-252010 - RHEL 9 must have the chrony package installed.</title>
              <affected family="unix">
@@ -16819,7 +16199,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.</description>
            </metadata>
-@@ -23124,7 +23274,8 @@ If the system is being used to perform a network troubleshooting function, the u
+@@ -22905,7 +23054,8 @@ If the system is being used to perform a network troubleshooting function, the u
            <metadata>
              <title>RHEL-09-252015 - RHEL 9 chronyd service must be enabled.</title>
              <affected family="unix">
@@ -16829,7 +16209,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
  
-@@ -23138,7 +23289,8 @@ Synchronizing internal information system clocks provides uniformity of time sta
+@@ -22919,7 +23069,8 @@ Synchronizing internal information system clocks provides uniformity of time sta
            <metadata>
              <title>RHEL-09-252025 - RHEL 9 must disable the chrony daemon from acting as a server.</title>
              <affected family="unix">
@@ -16839,7 +16219,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Minimizing the exposure of the server functionality of the chrony daemon diminishes the attack surface.
  
-@@ -23152,7 +23304,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
+@@ -22933,7 +23084,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-252030 - RHEL 9 must disable network management of the chrony daemon.</title>
              <affected family="unix">
@@ -16849,7 +16229,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Not exposing the management interface of the chrony daemon on the network diminishes the attack space.
  
-@@ -23166,7 +23319,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
+@@ -22947,7 +23099,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-252035 - RHEL 9 systems using Domain Name Servers (DNS) resolution must have at least two name servers configured.</title>
              <affected family="unix">
@@ -16859,7 +16239,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>To provide availability for name resolution services, multiple redundant name servers are mandated. A failure in name resolution could lead to the failure of security functions requiring name resolution, which may include time synchronization, centralized authentication, and remote system logging.</description>
            </metadata>
-@@ -23178,7 +23332,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
+@@ -22959,7 +23112,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-252040 - RHEL 9 must configure a DNS processing mode set be Network Manager.</title>
              <affected family="unix">
@@ -16869,7 +16249,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>In order to ensure that DNS resolver settings are respected, a DNS mode in Network Manager must be configured.</description>
            </metadata>
-@@ -23190,7 +23345,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
+@@ -22971,7 +23125,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-252050 - RHEL 9 must be configured to prevent unrestricted mail relaying.</title>
              <affected family="unix">
@@ -16879,7 +16259,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.</description>
            </metadata>
-@@ -23202,7 +23358,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
+@@ -22983,7 +23138,8 @@ Satisfies: SRG-OS-000096-GPOS-00050, SRG-OS-000095-GPOS-00049</description>
            <metadata>
              <title>RHEL-09-252060 - RHEL 9 must forward mail from postmaster to the root account using a postfix alias.</title>
              <affected family="unix">
@@ -16889,7 +16269,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
  
-@@ -23216,7 +23373,8 @@ Audit processing failures include software/hardware errors, failures in the audi
+@@ -22997,7 +23153,8 @@ Audit processing failures include software/hardware errors, failures in the audi
            <metadata>
              <title>RHEL-09-252065 - RHEL 9 libreswan package must be installed.</title>
              <affected family="unix">
@@ -16899,7 +16279,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Providing the ability for remote users or systems to initiate a secure VPN connection protects information when it is transmitted over a wide area network.
  
-@@ -23230,7 +23388,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
+@@ -23011,7 +23168,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-252070 - There must be no shosts.equiv files on RHEL 9.</title>
              <affected family="unix">
@@ -16909,7 +16289,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The shosts.equiv files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.</description>
            </metadata>
-@@ -23242,7 +23401,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
+@@ -23023,7 +23181,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-252075 - There must be no .shosts files on RHEL 9.</title>
              <affected family="unix">
@@ -16919,7 +16299,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The .shosts files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.</description>
            </metadata>
-@@ -23254,7 +23414,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
+@@ -23035,7 +23194,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-253010 - RHEL 9 must be configured to use TCP syncookies.</title>
              <affected family="unix">
@@ -16929,7 +16309,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Denial of service (DoS) is a condition when a resource is not available for legitimate users. When this occurs, the organization either cannot accomplish its mission or must operate at degraded capacity. 
  
-@@ -23270,7 +23431,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPO
+@@ -23051,7 +23211,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000420-GPOS-00186, SRG-OS-000142-GPO
            <metadata>
              <title>RHEL-09-253015 - RHEL 9 must ignore Internet Protocol version 4 (IPv4) Internet Control Message Protocol (ICMP) redirect messages.</title>
              <affected family="unix">
@@ -16939,7 +16319,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
  
-@@ -23284,7 +23446,8 @@ This feature of the IPv4 protocol has few legitimate uses. It should be disabled
+@@ -23065,7 +23226,8 @@ This feature of the IPv4 protocol has few legitimate uses. It should be disabled
            <metadata>
              <title>RHEL-09-253020 - RHEL 9 must not forward Internet Protocol version 4 (IPv4) source-routed packets.</title>
              <affected family="unix">
@@ -16949,7 +16329,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routerd traffic, such as when IPv4 forwarding is enabled and the system is functioning as a router.
  
-@@ -23298,7 +23461,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
+@@ -23079,7 +23241,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
            <metadata>
              <title>RHEL-09-253025 - RHEL 9 must log IPv4 packets with impossible addresses.</title>
              <affected family="unix">
@@ -16959,7 +16339,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.</description>
            </metadata>
-@@ -23310,7 +23474,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
+@@ -23091,7 +23254,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
            <metadata>
              <title>RHEL-09-253030 - RHEL 9 must log IPv4 packets with impossible addresses by default.</title>
              <affected family="unix">
@@ -16969,7 +16349,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The presence of "martian" packets (which have impossible addresses) as well as spoofed packets, source-routed packets, and redirects could be a sign of nefarious network activity. Logging these packets enables this activity to be detected.</description>
            </metadata>
-@@ -23322,7 +23487,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
+@@ -23103,7 +23267,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
            <metadata>
              <title>RHEL-09-253035 - RHEL 9 must use reverse path filtering on all IPv4 interfaces.</title>
              <affected family="unix">
@@ -16979,7 +16359,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.</description>
            </metadata>
-@@ -23334,7 +23500,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
+@@ -23115,7 +23280,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
            <metadata>
              <title>RHEL-09-253040 - RHEL 9 must prevent IPv4 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
              <affected family="unix">
@@ -16989,7 +16369,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
  
-@@ -23348,7 +23515,8 @@ This feature of the IPv4 protocol has few legitimate uses. It must be disabled u
+@@ -23129,7 +23295,8 @@ This feature of the IPv4 protocol has few legitimate uses. It must be disabled u
            <metadata>
              <title>RHEL-09-253045 - RHEL 9 must not forward IPv4 source-routed packets by default.</title>
              <affected family="unix">
@@ -16999,7 +16379,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Source-routed packets allow the source of the packet to suggest routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures.
  
-@@ -23362,7 +23530,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
+@@ -23143,7 +23310,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
            <metadata>
              <title>RHEL-09-253050 - RHEL 9 must use a reverse-path filter for IPv4 network traffic when possible by default.</title>
              <affected family="unix">
@@ -17009,7 +16389,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Enabling reverse path filtering drops packets with source addresses that should not have been able to be received on the interface on which they were received. It must not be used on systems that are routers for complicated networks, but is helpful for end hosts and routers serving small networks.</description>
            </metadata>
-@@ -23374,7 +23543,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
+@@ -23155,7 +23323,8 @@ Accepting source-routed packets in the IPv4 protocol has few legitimate uses. It
            <metadata>
              <title>RHEL-09-253055 - RHEL 9 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.</title>
              <affected family="unix">
@@ -17019,7 +16399,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Responding to broadcast (ICMP) echoes facilitates network mapping and provides a vector for amplification attacks.
  
-@@ -23388,7 +23558,8 @@ Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses mak
+@@ -23169,7 +23338,8 @@ Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses mak
            <metadata>
              <title>RHEL-09-253060 - RHEL 9 must limit the number of bogus Internet Control Message Protocol (ICMP) response errors logs.</title>
              <affected family="unix">
@@ -17029,7 +16409,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Some routers will send responses to broadcast frames that violate RFC-1122, which fills up a log file system with many useless error messages. An attacker may take advantage of this and attempt to flood the logs with bogus error logs. Ignoring bogus ICMP error responses reduces log size, although some activity would not be logged.</description>
            </metadata>
-@@ -23400,7 +23571,8 @@ Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses mak
+@@ -23181,7 +23351,8 @@ Ignoring ICMP echo requests (pings) sent to broadcast or multicast addresses mak
            <metadata>
              <title>RHEL-09-253065 - RHEL 9 must not send Internet Control Message Protocol (ICMP) redirects.</title>
              <affected family="unix">
@@ -17039,7 +16419,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
  
-@@ -23414,7 +23586,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23195,7 +23366,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-253070 - RHEL 9 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.</title>
              <affected family="unix">
@@ -17049,7 +16429,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table possibly revealing portions of the network topology.
  
-@@ -23428,7 +23601,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23209,7 +23381,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-253075 - RHEL 9 must not enable IPv4 packet forwarding unless the system is a router.</title>
              <affected family="unix">
@@ -17059,7 +16439,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this capability is used when not required, system network information may be unnecessarily transmitted across the network.</description>
            </metadata>
-@@ -23440,7 +23614,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23221,7 +23394,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-254010 - RHEL 9 must not accept router advertisements on all IPv6 interfaces.</title>
              <affected family="unix">
@@ -17069,7 +16449,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>An illicit router advertisement message could result in a man-in-the-middle attack.</description>
            </metadata>
-@@ -23452,7 +23627,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23233,7 +23407,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-254015 - RHEL 9 must ignore IPv6 Internet Control Message Protocol (ICMP) redirect messages.</title>
              <affected family="unix">
@@ -17079,7 +16459,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>An illicit ICMP redirect message could result in a man-in-the-middle attack.</description>
            </metadata>
-@@ -23464,7 +23640,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23245,7 +23420,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-254020 - RHEL 9 must not forward IPv6 source-routed packets.</title>
              <affected family="unix">
@@ -17089,7 +16469,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.</description>
            </metadata>
-@@ -23476,7 +23653,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23257,7 +23433,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-254025 - RHEL 9 must not enable IPv6 packet forwarding unless the system is a router.</title>
              <affected family="unix">
@@ -17099,7 +16479,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>IP forwarding permits the kernel to forward packets from one network interface to another. The ability to forward packets between two networks is only appropriate for systems acting as routers.</description>
            </metadata>
-@@ -23488,7 +23666,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23269,7 +23446,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-254030 - RHEL 9 must not accept router advertisements on all IPv6 interfaces by default.</title>
              <affected family="unix">
@@ -17109,7 +16489,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>An illicit router advertisement message could result in a man-in-the-middle attack.</description>
            </metadata>
-@@ -23500,7 +23679,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23281,7 +23459,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-254035 - RHEL 9 must prevent IPv6 Internet Control Message Protocol (ICMP) redirect messages from being accepted.</title>
              <affected family="unix">
@@ -17119,7 +16499,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.</description>
            </metadata>
-@@ -23512,7 +23692,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
+@@ -23293,7 +23472,8 @@ The ability to send ICMP redirects is only appropriate for systems acting as rou
            <metadata>
              <title>RHEL-09-254040 - RHEL 9 must not forward IPv6 source-routed packets by default.</title>
              <affected family="unix">
@@ -17129,7 +16509,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
  
-@@ -23526,7 +23707,8 @@ Accepting source-routed packets in the IPv6 protocol has few legitimate uses. It
+@@ -23307,7 +23487,8 @@ Accepting source-routed packets in the IPv6 protocol has few legitimate uses. It
            <metadata>
              <title>RHEL-09-255010 - All RHEL 9 networked systems must have SSH installed.</title>
              <affected family="unix">
@@ -17139,7 +16519,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
  
-@@ -23544,7 +23726,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
+@@ -23325,7 +23506,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
            <metadata>
              <title>RHEL-09-255015 - All RHEL 9 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.</title>
              <affected family="unix">
@@ -17149,7 +16529,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
  
-@@ -23562,7 +23745,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
+@@ -23343,7 +23525,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
            <metadata>
              <title>RHEL-09-255020 - RHEL 9 must have the openssh-clients package installed.</title>
              <affected family="unix">
@@ -17159,7 +16539,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>This package includes utilities to make encrypted connections and transfer files securely to SSH servers.</description>
            </metadata>
-@@ -23574,7 +23758,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
+@@ -23355,7 +23538,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000424-GPOS-00188, SRG-OS-000425-GPO
            <metadata>
              <title>RHEL-09-255025 - RHEL 9 must display the Standard Mandatory DOD Notice and Consent Banner before granting local or remote access to the system via a SSH logon.</title>
              <affected family="unix">
@@ -17169,7 +16549,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The warning message reinforces policy awareness during the logon process and facilitates possible legal action against attackers. Alternatively, systems whose ownership should not be obvious should ensure usage of a banner that does not provide easy attribution.
  
-@@ -23588,7 +23773,8 @@ Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088</description>
+@@ -23369,7 +23553,8 @@ Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088</description>
            <metadata>
              <title>RHEL-09-255030 - RHEL 9 must log SSH connection attempts and failures to the server.</title>
              <affected family="unix">
@@ -17179,7 +16559,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>SSH provides several logging levels with varying amounts of verbosity. "DEBUG" is specifically not recommended other than strictly for debugging SSH communications since it provides so much data that it is difficult to identify important security information. "INFO" or "VERBOSE" level is the basic level that only records login activity of SSH users. In many situations, such as Incident Response, it is important to determine when a particular user was active on a system. The logout record can eliminate those users who disconnected, which helps narrow the field.</description>
            </metadata>
-@@ -23600,7 +23786,8 @@ Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088</description>
+@@ -23381,7 +23566,8 @@ Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088</description>
            <metadata>
              <title>RHEL-09-255035 - RHEL 9 SSHD must accept public key authentication.</title>
              <affected family="unix">
@@ -17189,7 +16569,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. A DOD CAC with DOD-approved PKI is an example of multifactor authentication.
  
-@@ -23614,7 +23801,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPO
+@@ -23395,7 +23581,8 @@ Satisfies: SRG-OS-000105-GPOS-00052, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPO
            <metadata>
              <title>RHEL-09-255040 - RHEL 9 SSHD must not allow blank passwords.</title>
              <affected family="unix">
@@ -17199,7 +16579,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
  
-@@ -23628,7 +23816,8 @@ Satisfies: SRG-OS-000106-GPOS-00053, SRG-OS-000480-GPOS-00229, SRG-OS-000480-GPO
+@@ -23409,7 +23596,8 @@ Satisfies: SRG-OS-000106-GPOS-00053, SRG-OS-000480-GPOS-00229, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-255045 - RHEL 9 must not permit direct logons to the root account using remote access via SSH.</title>
              <affected family="unix">
@@ -17209,7 +16589,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging directly on as root. In addition, logging in with a user-specific account provides individual accountability of actions performed on the system and also helps to minimize direct attack attempts on root's password.
  
-@@ -23644,7 +23833,8 @@ Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000480-GPOS-00227</description>
+@@ -23425,7 +23613,8 @@ Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255050 - RHEL 9 must enable the Pluggable Authentication Module (PAM) interface for SSHD.</title>
              <affected family="unix">
@@ -17219,7 +16599,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>When UsePAM is set to "yes", PAM runs through account and session types properly. This is important when restricted access to services based off of IP, time, or other factors of the account is needed. Additionally, this ensures users can inherit certain environment variables on login or disallow access to the server.</description>
            </metadata>
-@@ -23656,7 +23846,8 @@ Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000480-GPOS-00227</description>
+@@ -23437,7 +23626,8 @@ Satisfies: SRG-OS-000109-GPOS-00056, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255055 - RHEL 9 SSH daemon must be configured to use system-wide crypto policies.</title>
              <affected family="unix">
@@ -17229,7 +16609,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -23672,7 +23863,8 @@ Cryptographic mechanisms used for protecting the integrity of information includ
+@@ -23453,7 +23643,8 @@ Cryptographic mechanisms used for protecting the integrity of information includ
            <metadata>
              <title>RHEL-09-255060 - RHEL 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH client connections.</title>
              <affected family="unix">
@@ -17239,7 +16619,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -23690,7 +23882,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
+@@ -23471,7 +23662,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
            <metadata>
              <title>RHEL-09-255065 - RHEL 9 must implement DOD-approved encryption ciphers to protect the confidentiality of SSH server connections.</title>
              <affected family="unix">
@@ -17249,17 +16629,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -23708,7 +23901,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
-           <metadata>
-             <title>RHEL-09-255070 - RHEL 9 SSH client must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.</title>
-             <affected family="unix">
--              <platform>Red Hat Enterprise Linux 9</platform>
-+              <platform>Red Hat Enterprise Linux 9</platform>
-+<platform>AlmaLinux 9</platform>
-             </affected>
-             <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
- 
-@@ -23726,7 +23920,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
+@@ -23489,7 +23681,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
            <metadata>
              <title>RHEL-09-255075 - RHEL 9 SSH server must be configured to use only Message Authentication Codes (MACs) employing FIPS 140-3 validated cryptographic hash algorithms.</title>
              <affected family="unix">
@@ -17269,7 +16639,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -23744,7 +23939,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
+@@ -23507,7 +23700,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
            <metadata>
              <title>RHEL-09-255080 - RHEL 9 must not allow a noncertificate trusted host SSH logon to the system.</title>
              <affected family="unix">
@@ -17279,7 +16649,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.</description>
            </metadata>
-@@ -23756,7 +23952,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
+@@ -23519,7 +23713,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
            <metadata>
              <title>RHEL-09-255085 - RHEL 9 must not allow users to override SSH environment variables.</title>
              <affected family="unix">
@@ -17289,7 +16659,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>SSH environment options potentially allow users to bypass access restriction in some configurations.</description>
            </metadata>
-@@ -23768,7 +23965,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
+@@ -23531,7 +23726,8 @@ RHEL 9 incorporates system-wide crypto policies by default. The SSH configuratio
            <metadata>
              <title>RHEL-09-255090 - RHEL 9 must force a frequent session key renegotiation for SSH connections to the server.</title>
              <affected family="unix">
@@ -17299,7 +16669,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
  
-@@ -23788,7 +23986,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000033-GPOS-00014, SRG-OS-000424-GPO
+@@ -23551,7 +23747,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000033-GPOS-00014, SRG-OS-000424-GPO
            <metadata>
              <title>RHEL-09-255095 - RHEL 9 must be configured so that all network connections associated with SSH traffic terminate after becoming unresponsive.</title>
              <affected family="unix">
@@ -17309,7 +16679,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
  
-@@ -23806,7 +24005,8 @@ Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPOS-00109</description>
+@@ -23569,7 +23766,8 @@ Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPOS-00109</description>
            <metadata>
              <title>RHEL-09-255100 - RHEL 9 must be configured so that all network connections associated with SSH traffic are terminated after 10 minutes of becoming unresponsive.</title>
              <affected family="unix">
@@ -17319,7 +16689,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Terminating an unresponsive SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
  
-@@ -23824,7 +24024,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
+@@ -23587,7 +23785,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
            <metadata>
              <title>RHEL-09-255105 - RHEL 9 SSH server configuration file must be group-owned by root.</title>
              <affected family="unix">
@@ -17329,7 +16699,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Service configuration files enable or disable features of their respective services, which if configured incorrectly, can lead to insecure and vulnerable configurations. Therefore, service configuration files must be owned by the correct group to prevent unauthorized changes.</description>
            </metadata>
-@@ -23836,7 +24037,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
+@@ -23599,7 +23798,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
            <metadata>
              <title>RHEL-09-255110 - RHEL 9 SSH server configuration file must be owned by root.</title>
              <affected family="unix">
@@ -17339,7 +16709,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Service configuration files enable or disable features of their respective services, which if configured incorrectly, can lead to insecure and vulnerable configurations. Therefore, service configuration files must be owned by the correct group to prevent unauthorized changes.</description>
            </metadata>
-@@ -23848,7 +24050,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
+@@ -23611,7 +23811,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
            <metadata>
              <title>RHEL-09-255115 - RHEL 9 SSH server configuration file must have mode 0600 or less permissive.</title>
              <affected family="unix">
@@ -17349,7 +16719,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Service configuration files enable or disable features of their respective services that if configured incorrectly can lead to insecure and vulnerable configurations. Therefore, service configuration files should be owned by the correct group to prevent unauthorized changes.</description>
            </metadata>
-@@ -23860,7 +24063,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
+@@ -23623,7 +23824,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
            <metadata>
              <title>RHEL-09-255120 - RHEL 9 SSH private host key files must have mode 0640 or less permissive.</title>
              <affected family="unix">
@@ -17359,7 +16729,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If an unauthorized user obtains the private SSH host key file, the host could be impersonated.</description>
            </metadata>
-@@ -23872,7 +24076,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
+@@ -23635,7 +23837,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
            <metadata>
              <title>RHEL-09-255125 - RHEL 9 SSH public host key files must have mode 0644 or less permissive.</title>
              <affected family="unix">
@@ -17369,7 +16739,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If a public host key file is modified by an unauthorized user, the SSH service may be compromised.</description>
            </metadata>
-@@ -23884,7 +24089,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
+@@ -23647,7 +23850,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
            <metadata>
              <title>RHEL-09-255130 - RHEL 9 SSH daemon must not allow compression or must only allow compression after successful authentication.</title>
              <affected family="unix">
@@ -17379,7 +16749,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.</description>
            </metadata>
-@@ -23896,7 +24102,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
+@@ -23659,7 +23863,8 @@ Satisfies: SRG-OS-000126-GPOS-00066, SRG-OS-000163-GPOS-00072, SRG-OS-000279-GPO
            <metadata>
              <title>RHEL-09-255135 - RHEL 9 SSH daemon must not allow GSSAPI authentication.</title>
              <affected family="unix">
@@ -17389,7 +16759,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Generic Security Service Application Program Interface (GSSAPI) authentication is used to provide additional authentication mechanisms to applications. Allowing GSSAPI authentication through SSH exposes the system's GSSAPI to remote hosts, increasing the attack surface of the system.
  
-@@ -23910,7 +24117,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23673,7 +23878,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255140 - RHEL 9 SSH daemon must not allow Kerberos authentication.</title>
              <affected family="unix">
@@ -17399,7 +16769,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Kerberos authentication for SSH is often implemented using Generic Security Service Application Program Interface (GSSAPI). If Kerberos is enabled through SSH, the SSH daemon provides a means of access to the system's Kerberos implementation. Vulnerabilities in the system's Kerberos implementations may be subject to exploitation.
  
-@@ -23924,7 +24132,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23687,7 +23893,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255145 - RHEL 9 SSH daemon must not allow rhosts authentication.</title>
              <affected family="unix">
@@ -17409,7 +16779,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>SSH trust relationships mean a compromise on one host can allow an attacker to move trivially to other hosts.</description>
            </metadata>
-@@ -23936,7 +24145,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23699,7 +23906,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255150 - RHEL 9 SSH daemon must not allow known hosts authentication.</title>
              <affected family="unix">
@@ -17419,7 +16789,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Configuring the IgnoreUserKnownHosts setting for the SSH daemon provides additional assurance that remote login via SSH will require a password, even in the event of misconfiguration elsewhere.</description>
            </metadata>
-@@ -23948,7 +24158,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23711,7 +23919,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255155 - RHEL 9 SSH daemon must disable remote X connections for interactive users.</title>
              <affected family="unix">
@@ -17429,7 +16799,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address.  By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DISPLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.</description>
            </metadata>
-@@ -23960,7 +24171,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23723,7 +23932,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255160 - RHEL 9 SSH daemon must perform strict mode checking of home directory configuration files.</title>
              <affected family="unix">
@@ -17439,7 +16809,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If other users have access to modify user-specific SSH configuration files, they may be able to log into the system as another user.</description>
            </metadata>
-@@ -23972,7 +24184,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23735,7 +23945,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255165 - RHEL 9 SSH daemon must display the date and time of the last successful account logon upon an SSH logon.</title>
              <affected family="unix">
@@ -17449,7 +16819,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Providing users feedback on when account accesses last occurred facilitates user recognition and reporting of unauthorized account use.</description>
            </metadata>
-@@ -23984,7 +24197,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23747,7 +23958,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255170 - RHEL 9 SSH daemon must be configured to use privilege separation.</title>
              <affected family="unix">
@@ -17459,7 +16829,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>SSH daemon privilege separation causes the SSH process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the nonprivileged section.</description>
            </metadata>
-@@ -23996,7 +24210,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23759,7 +23971,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-255175 - RHEL 9 SSH daemon must prevent remote hosts from connecting to the proxy display.</title>
              <affected family="unix">
@@ -17469,7 +16839,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the "DISPLAY" environment variable to localhost. This prevents remote hosts from connecting to the proxy display.</description>
            </metadata>
-@@ -24008,7 +24223,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
+@@ -23771,7 +23984,8 @@ Satisfies: SRG-OS-000364-GPOS-00151, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-271015 - RHEL 9 must prevent a user from overriding the banner-message-enable setting for the graphical user interface.</title>
              <affected family="unix">
@@ -17479,7 +16849,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Display of a standardized and approved use notification before granting access to the operating system ensures privacy and security notification verbiage used is consistent with applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance.
  
-@@ -24024,7 +24240,8 @@ Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088</description>
+@@ -23787,7 +24001,8 @@ Satisfies: SRG-OS-000023-GPOS-00006, SRG-OS-000228-GPOS-00088</description>
            <metadata>
              <title>RHEL-09-271020 - RHEL 9 must disable the graphical user interface automount function unless required.</title>
              <affected family="unix">
@@ -17489,7 +16859,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Automatically mounting file systems permits easy introduction of unknown devices, thereby facilitating malicious activity.
  
-@@ -24038,7 +24255,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
+@@ -23801,7 +24016,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-271025 - RHEL 9 must prevent a user from overriding the disabling of the graphical user interface automount function.</title>
              <affected family="unix">
@@ -17499,7 +16869,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A nonprivileged account is any operating system account with authorizations of a nonprivileged user.
  
-@@ -24052,7 +24270,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
+@@ -23815,7 +24031,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-271035 - RHEL 9 must prevent a user from overriding the disabling of the graphical user interface autorun function.</title>
              <affected family="unix">
@@ -17509,7 +16879,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Techniques used to address this include protocols using nonces (e.g., numbers generated for a specific one-time use) or challenges (e.g., TLS, WS_Security). Additional techniques include time-synchronous or challenge-response one-time authenticators.
  
-@@ -24066,7 +24285,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
+@@ -23829,7 +24046,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-271040 - RHEL 9 must not allow unattended or automatic logon via the graphical user interface.</title>
              <affected family="unix">
@@ -17519,7 +16889,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Failure to restrict system access to authenticated users negatively impacts operating system security.</description>
            </metadata>
-@@ -24078,7 +24298,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
+@@ -23841,7 +24059,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-271045 - RHEL 9 must be able to initiate directly a session lock for all connection types using smart card when the smart card is removed.</title>
              <affected family="unix">
@@ -17529,7 +16899,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
  
-@@ -24094,7 +24315,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
+@@ -23857,7 +24076,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
            <metadata>
              <title>RHEL-09-271050 - RHEL 9 must prevent a user from overriding the disabling of the graphical user smart card removal action.</title>
              <affected family="unix">
@@ -17539,7 +16909,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
  
-@@ -24110,7 +24332,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
+@@ -23873,7 +24093,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
            <metadata>
              <title>RHEL-09-271055 - RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for graphical user sessions.</title>
              <affected family="unix">
@@ -17549,7 +16919,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
  
-@@ -24128,7 +24351,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
+@@ -23891,7 +24112,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
            <metadata>
              <title>RHEL-09-271060 - RHEL 9 must prevent a user from overriding the screensaver lock-enabled setting for the graphical user interface.</title>
              <affected family="unix">
@@ -17559,7 +16929,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not log out because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, operating systems need to be able to identify when a user's session has idled and take action to initiate the session lock.
  
-@@ -24146,7 +24370,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
+@@ -23909,7 +24131,8 @@ Satisfies: SRG-OS-000028-GPOS-00009, SRG-OS-000030-GPOS-00011</description>
            <metadata>
              <title>RHEL-09-271065 - RHEL 9 must automatically lock graphical user sessions after 15 minutes of inactivity.</title>
              <affected family="unix">
@@ -17569,7 +16939,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate a session lock.
  
-@@ -24160,7 +24385,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -23923,7 +24146,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-271070 - RHEL 9 must prevent a user from overriding the session idle-delay setting for the graphical user interface.</title>
              <affected family="unix">
@@ -17579,7 +16949,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate the session lock. As such, users should not be allowed to change session settings.
  
-@@ -24174,7 +24400,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -23937,7 +24161,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-271080 - RHEL 9 must prevent a user from overriding the session lock-delay setting for the graphical user interface.</title>
              <affected family="unix">
@@ -17589,7 +16959,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, the GNOME desktop can be configured to identify when a user's session has idled and take action to initiate the session lock. As such, users should not be allowed to change session settings.</description>
            </metadata>
-@@ -24186,7 +24413,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -23949,7 +24174,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-271085 - RHEL 9 must conceal, via the session lock, information previously visible on the display with a publicly viewable image.</title>
              <affected family="unix">
@@ -17599,7 +16969,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Setting the screensaver mode to blank-only conceals the contents of the display from passersby.</description>
            </metadata>
-@@ -24198,7 +24426,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -23961,7 +24187,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-271095 - RHEL 9 must disable the ability of a user to restart the system from the login screen.</title>
              <affected family="unix">
@@ -17609,7 +16979,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A user who is at the console can reboot the system at the login screen. If restart or shutdown buttons are pressed at the login screen, this can create the risk of short-term loss of availability of systems due to reboot.</description>
            </metadata>
-@@ -24210,7 +24439,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -23973,7 +24200,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-271100 - RHEL 9 must prevent a user from overriding the disable-restart-buttons setting for the graphical user interface.</title>
              <affected family="unix">
@@ -17619,7 +16989,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A user who is at the console can reboot the system at the login screen. If restart or shutdown buttons are pressed at the login screen, this can create the risk of short-term loss of availability of systems due to reboot.</description>
            </metadata>
-@@ -24222,7 +24452,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -23985,7 +24213,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-271110 - RHEL 9 must prevent a user from overriding the Ctrl-Alt-Del sequence settings for the graphical user interface.</title>
              <affected family="unix">
@@ -17629,7 +16999,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A locally logged-in user who presses Ctrl-Alt-Del, when at the console, can reboot the system. If accidentally pressed, as could happen in the case of mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot.</description>
            </metadata>
-@@ -24234,7 +24465,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -23997,7 +24226,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-271115 - RHEL 9 must disable the user list at logon for graphical user interfaces.</title>
              <affected family="unix">
@@ -17639,7 +17009,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Leaving the user list enabled is a security risk since it allows anyone with physical access to the system to enumerate known user accounts without authenticated access to the system.</description>
            </metadata>
-@@ -24246,7 +24478,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -24009,7 +24239,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-291010 - RHEL 9 must be configured to disable USB mass storage.</title>
              <affected family="unix">
@@ -17649,7 +17019,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity.
  
-@@ -24260,7 +24493,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
+@@ -24023,7 +24254,8 @@ Satisfies: SRG-OS-000114-GPOS-00059, SRG-OS-000378-GPOS-00163, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-291015 - RHEL 9 must have the USBGuard package installed.</title>
              <affected family="unix">
@@ -17659,7 +17029,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The USBguard-daemon is the main component of the USBGuard software framework. It runs as a service in the background and enforces the USB device authorization policy for all USB devices. The policy is defined by a set of rules using a rule language described in the usbguard-rules.conf file. The policy and the authorization state of USB devices can be modified during runtime using the usbguard tool.
  
-@@ -24274,7 +24508,8 @@ The system administrator (SA) must work with the site information system securit
+@@ -24037,7 +24269,8 @@ The system administrator (SA) must work with the site information system securit
            <metadata>
              <title>RHEL-09-291020 - RHEL 9 must have the USBGuard package enabled.</title>
              <affected family="unix">
@@ -17669,7 +17039,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The USBguard-daemon is the main component of the USBGuard software framework. It runs as a service in the background and enforces the USB device authorization policy for all USB devices. The policy is defined by a set of rules using a rule language described in the usbguard-rules.conf file. The policy and the authorization state of USB devices can be modified during runtime using the usbguard tool.
  
-@@ -24288,7 +24523,8 @@ The system administrator (SA) must work with the site information system securit
+@@ -24051,7 +24284,8 @@ The system administrator (SA) must work with the site information system securit
            <metadata>
              <title>RHEL-09-291025 - RHEL 9 must enable Linux audit logging for the USBGuard daemon.</title>
              <affected family="unix">
@@ -17679,7 +17049,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -24316,7 +24552,8 @@ DOD has defined the list of events for which RHEL 9 will provide an audit record
+@@ -24079,7 +24313,8 @@ DOD has defined the list of events for which RHEL 9 will provide an audit record
            <metadata>
              <title>RHEL-09-291035 - RHEL 9 Bluetooth must be disabled.</title>
              <affected family="unix">
@@ -17689,7 +17059,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>This requirement applies to wireless peripheral technologies (e.g., wireless mice, keyboards, displays, etc.) used with RHEL 9 systems. Wireless peripherals (e.g., Wi-Fi/Bluetooth/IR keyboards, mice and pointing devices, and near field communications [NFC]) present a unique challenge by creating an open, unsecured port on a computer. Wireless peripherals must meet DOD requirements for wireless data transmission and be approved for use by the Authorizing Official (AO). Even though some wireless peripherals, such as mice and pointing devices, do not ordinarily carry information that need to be protected, modification of communications with these wireless peripherals may be used to compromise the RHEL 9 operating system.
  
-@@ -24330,7 +24567,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000300-GPOS-00118</description>
+@@ -24093,7 +24328,8 @@ Satisfies: SRG-OS-000095-GPOS-00049, SRG-OS-000300-GPOS-00118</description>
            <metadata>
              <title>RHEL-09-411010 - RHEL 9 user account passwords for new users or password changes must have a 60-day maximum password lifetime restriction in /etc/login.defs.</title>
              <affected family="unix">
@@ -17699,7 +17069,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Any password, no matter how complex, can eventually be cracked; therefore, passwords need to be changed periodically. If the operating system does not limit the lifetime of passwords and force users to change their passwords, there is the risk that the operating system passwords could be compromised.
  
-@@ -24344,7 +24582,8 @@ Setting the password maximum age ensures users are required to periodically chan
+@@ -24107,7 +24343,8 @@ Setting the password maximum age ensures users are required to periodically chan
            <metadata>
              <title>RHEL-09-411015 - RHEL 9 user account passwords must have a 60-day maximum password lifetime restriction.</title>
              <affected family="unix">
@@ -17709,7 +17079,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Any password, no matter how complex, can eventually be cracked; therefore, passwords need to be changed periodically. If RHEL 9 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 9 passwords could be compromised.</description>
            </metadata>
-@@ -24356,7 +24595,8 @@ Setting the password maximum age ensures users are required to periodically chan
+@@ -24119,7 +24356,8 @@ Setting the password maximum age ensures users are required to periodically chan
            <metadata>
              <title>RHEL-09-411020 - All RHEL 9 local interactive user accounts must be assigned a home directory upon creation.</title>
              <affected family="unix">
@@ -17719,7 +17089,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.</description>
            </metadata>
-@@ -24368,7 +24608,8 @@ Setting the password maximum age ensures users are required to periodically chan
+@@ -24131,7 +24369,8 @@ Setting the password maximum age ensures users are required to periodically chan
            <metadata>
              <title>RHEL-09-411030 - RHEL 9 duplicate User IDs (UIDs) must not exist for interactive users.</title>
              <affected family="unix">
@@ -17729,7 +17099,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>To ensure accountability and prevent unauthenticated access, interactive users must be identified and authenticated to prevent potential misuse and compromise of the system.
  
-@@ -24382,7 +24623,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPO
+@@ -24145,7 +24384,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-411035 - RHEL 9 system accounts must not have an interactive login shell.</title>
              <affected family="unix">
@@ -17739,7 +17109,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Ensuring shells are not given to system accounts upon login makes it more difficult for attackers to make use of system accounts.</description>
            </metadata>
-@@ -24394,7 +24636,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPO
+@@ -24157,7 +24397,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-411045 - All RHEL 9 interactive users must have a primary group that exists.</title>
              <affected family="unix">
@@ -17749,7 +17119,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If a user is assigned the Group Identifier (GID) of a group that does not exist on the system, and a group with the GID is subsequently created, the user may have unintended rights to any files associated with the group.</description>
            </metadata>
-@@ -24406,7 +24649,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPO
+@@ -24169,7 +24410,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000121-GPOS-00062, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-411050 - RHEL 9 must disable account identifiers (individuals, groups, roles, and devices) after 35 days of inactivity.</title>
              <affected family="unix">
@@ -17759,7 +17129,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system.
  
-@@ -24422,7 +24666,8 @@ Owners of inactive accounts will not notice if unauthorized access to their user
+@@ -24185,7 +24427,8 @@ Owners of inactive accounts will not notice if unauthorized access to their user
            <metadata>
              <title>RHEL-09-411060 - All RHEL 9 local interactive users must have a home directory assigned in the /etc/passwd file.</title>
              <affected family="unix">
@@ -17769,7 +17139,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.</description>
            </metadata>
-@@ -24434,7 +24679,8 @@ Owners of inactive accounts will not notice if unauthorized access to their user
+@@ -24197,7 +24440,8 @@ Owners of inactive accounts will not notice if unauthorized access to their user
            <metadata>
              <title>RHEL-09-411075 - RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur.</title>
              <affected family="unix">
@@ -17779,7 +17149,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
  
-@@ -24448,7 +24694,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
+@@ -24211,7 +24455,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
            <metadata>
              <title>RHEL-09-411080 - RHEL 9 must automatically lock the root account until the root account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.</title>
              <affected family="unix">
@@ -17789,7 +17159,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, also known as brute-forcing, is reduced. Limits are imposed by locking the account.
  
-@@ -24462,7 +24709,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
+@@ -24225,7 +24470,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
            <metadata>
              <title>RHEL-09-411085 - RHEL 9 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.</title>
              <affected family="unix">
@@ -17799,7 +17169,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>By limiting the number of failed logon attempts the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
  
-@@ -24476,7 +24724,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
+@@ -24239,7 +24485,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
            <metadata>
              <title>RHEL-09-411090 - RHEL 9 must maintain an account lock until the locked account is released by an administrator.</title>
              <affected family="unix">
@@ -17809,7 +17179,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>By limiting the number of failed logon attempts the risk of unauthorized system access via user password guessing, otherwise known as brute-forcing, is reduced. Limits are imposed by locking the account.
  
-@@ -24490,7 +24739,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
+@@ -24253,7 +24500,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
            <metadata>
              <title>RHEL-09-411100 - The root account must be the only account having unrestricted access to RHEL 9 system.</title>
              <affected family="unix">
@@ -17819,7 +17189,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>An account has root authority if it has a user identifier (UID) of "0". Multiple accounts with a UID of "0" afford more opportunity for potential intruders to guess a password for a privileged account. Proper configuration of sudo is recommended to afford multiple system administrators access to root privileges in an accountable manner.</description>
            </metadata>
-@@ -24502,7 +24752,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
+@@ -24265,7 +24513,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
            <metadata>
              <title>RHEL-09-411105 - RHEL 9 must ensure account lockouts persist.</title>
              <affected family="unix">
@@ -17829,7 +17199,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Having lockouts persist across reboots ensures that account is only unlocked by an administrator. If the lockouts did not persist across reboots, an attacker could simply reboot the system to continue brute force attacks against the accounts on the system.</description>
            </metadata>
-@@ -24514,7 +24765,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
+@@ -24277,7 +24526,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
            <metadata>
              <title>RHEL-09-411110 - RHEL 9 groups must have unique Group ID (GID).</title>
              <affected family="unix">
@@ -17839,7 +17209,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>To ensure accountability and prevent unauthenticated access, groups must be identified uniquely to prevent potential misuse and compromise of the system.</description>
            </metadata>
-@@ -24526,7 +24778,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
+@@ -24289,7 +24539,8 @@ Satisfies: SRG-OS-000329-GPOS-00128, SRG-OS-000021-GPOS-00005</description>
            <metadata>
              <title>RHEL-09-412010 - RHEL 9 must have the tmux package installed.</title>
              <affected family="unix">
@@ -17849,7 +17219,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Tmux is a terminal multiplexer that enables a number of terminals to be created, accessed, and controlled from a single screen. Red Hat endorses tmux as the recommended session controlling package.
  
-@@ -24540,7 +24793,8 @@ Satisfies: SRG-OS-000030-GPOS-00011, SRG-OS-000028-GPOS-00009</description>
+@@ -24303,7 +24554,8 @@ Satisfies: SRG-OS-000030-GPOS-00011, SRG-OS-000028-GPOS-00009</description>
            <metadata>
              <title>RHEL-09-412020 - RHEL 9 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.</title>
              <affected family="unix">
@@ -17859,7 +17229,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
  
-@@ -24554,7 +24808,8 @@ The session lock is implemented at the point where session activity can be deter
+@@ -24317,7 +24569,8 @@ The session lock is implemented at the point where session activity can be deter
            <metadata>
              <title>RHEL-09-412025 - RHEL 9 must automatically lock command line user sessions after 15 minutes of inactivity.</title>
              <affected family="unix">
@@ -17869,7 +17239,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>A session time-out lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not logout because of the temporary nature of the absence. Rather than relying on the user to manually lock their operating system session prior to vacating the vicinity, tmux can be configured to identify when a user's session has idled and take action to initiate a session lock.
  
-@@ -24568,7 +24823,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
+@@ -24331,7 +24584,8 @@ Satisfies: SRG-OS-000029-GPOS-00010, SRG-OS-000031-GPOS-00012</description>
            <metadata>
              <title>RHEL-09-412030 - RHEL 9 must prevent users from disabling session control mechanisms.</title>
              <affected family="unix">
@@ -17879,7 +17249,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The session lock is implemented at the point where session activity can be determined. Rather than be forced to wait for a period of time to expire before the user session can be locked, RHEL 9 must provide users with the ability to manually invoke a session lock so users can secure their session if it is necessary to temporarily vacate the immediate physical vicinity.
  
-@@ -24582,7 +24838,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000028-GPOS-00009</description>
+@@ -24345,7 +24599,8 @@ Satisfies: SRG-OS-000324-GPOS-00125, SRG-OS-000028-GPOS-00009</description>
            <metadata>
              <title>RHEL-09-412035 - RHEL 9 must automatically exit interactive command shell user sessions after 15 minutes of inactivity.</title>
              <affected family="unix">
@@ -17889,7 +17259,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Terminating an idle interactive command shell user session within a short time period reduces the window of opportunity for unauthorized personnel to take control of it when left unattended in a virtual terminal or physical console.
  
-@@ -24596,7 +24853,8 @@ Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010</description>
+@@ -24359,7 +24614,8 @@ Satisfies: SRG-OS-000163-GPOS-00072, SRG-OS-000029-GPOS-00010</description>
            <metadata>
              <title>RHEL-09-412040 - RHEL 9 must limit the number of concurrent sessions to ten for all accounts and/or account types.</title>
              <affected family="unix">
@@ -17899,7 +17269,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to denial-of-service (DoS) attacks.
  
-@@ -24610,7 +24868,8 @@ This requirement addresses concurrent sessions for information system accounts a
+@@ -24373,7 +24629,8 @@ This requirement addresses concurrent sessions for information system accounts a
            <metadata>
              <title>RHEL-09-412045 - RHEL 9 must log username information when unsuccessful logon attempts occur.</title>
              <affected family="unix">
@@ -17909,7 +17279,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without auditing of these events, it may be harder or impossible to identify what an attacker did after an attack.</description>
            </metadata>
-@@ -24622,7 +24881,8 @@ This requirement addresses concurrent sessions for information system accounts a
+@@ -24385,7 +24642,8 @@ This requirement addresses concurrent sessions for information system accounts a
            <metadata>
              <title>RHEL-09-412050 - RHEL 9 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.</title>
              <affected family="unix">
@@ -17919,7 +17289,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Increasing the time between a failed authentication attempt and reprompting to enter credentials helps to slow a single-threaded brute force attack.</description>
            </metadata>
-@@ -24634,7 +24894,8 @@ This requirement addresses concurrent sessions for information system accounts a
+@@ -24397,7 +24655,8 @@ This requirement addresses concurrent sessions for information system accounts a
            <metadata>
              <title>RHEL-09-412055 - RHEL 9 must define default permissions for the bash shell.</title>
              <affected family="unix">
@@ -17929,7 +17299,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be "0". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.
  
-@@ -24648,7 +24909,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
+@@ -24411,7 +24670,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-412060 - RHEL 9 must define default permissions for the c shell.</title>
              <affected family="unix">
@@ -17939,7 +17309,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be "0". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.
  
-@@ -24662,7 +24924,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
+@@ -24425,7 +24685,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-412065 - RHEL 9 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.</title>
              <affected family="unix">
@@ -17949,7 +17319,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.</description>
            </metadata>
-@@ -24674,7 +24937,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
+@@ -24437,7 +24698,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-412070 - RHEL 9 must define default permissions for the system default profile.</title>
              <affected family="unix">
@@ -17959,7 +17329,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The umask controls the default access mode assigned to newly created files. A umask of 077 limits new files to mode 600 or less permissive. Although umask can be represented as a four-digit number, the first digit representing special access modes is typically ignored or required to be "0". This requirement applies to the globally configured system defaults and the local interactive user defaults for each account on the system.
  
-@@ -24688,7 +24952,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
+@@ -24451,7 +24713,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-412075 - RHEL 9 must display the date and time of the last successful account logon upon logon.</title>
              <affected family="unix">
@@ -17969,7 +17339,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Users need to be aware of activity that occurs regarding their account. Providing users with information regarding the number of unsuccessful attempts that were made to login to their account allows the user to determine if any unauthorized activity has occurred and gives them an opportunity to notify administrators.</description>
            </metadata>
-@@ -24700,7 +24965,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
+@@ -24463,7 +24726,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-412080 - RHEL 9 must terminate idle user sessions.</title>
              <affected family="unix">
@@ -17979,7 +17349,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended.</description>
            </metadata>
-@@ -24712,7 +24978,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
+@@ -24475,7 +24739,8 @@ Satisfies: SRG-OS-000480-GPOS-00228, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-431010 - RHEL 9 must use a Linux Security Module configured to enforce limits on system services.</title>
              <affected family="unix">
@@ -17989,7 +17359,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
  
-@@ -24728,7 +24995,8 @@ Satisfies: SRG-OS-000445-GPOS-00199, SRG-OS-000134-GPOS-00068</description>
+@@ -24491,7 +24756,8 @@ Satisfies: SRG-OS-000445-GPOS-00199, SRG-OS-000134-GPOS-00068</description>
            <metadata>
              <title>RHEL-09-431015 - RHEL 9 must enable the SELinux targeted policy.</title>
              <affected family="unix">
@@ -17999,7 +17369,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Setting the SELinux policy to "targeted" or a more specialized policy ensures the system will confine processes that are likely to be targeted for exploitation, such as network or system services.
  
-@@ -24742,7 +25010,8 @@ Note: During the development or debugging of SELinux modules, it is common to te
+@@ -24505,7 +24771,8 @@ Note: During the development or debugging of SELinux modules, it is common to te
            <metadata>
              <title>RHEL-09-431025 - RHEL 9 must have policycoreutils package installed.</title>
              <affected family="unix">
@@ -18009,7 +17379,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
  
-@@ -24758,7 +25027,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
+@@ -24521,7 +24788,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
            <metadata>
              <title>RHEL-09-431030 - RHEL 9 policycoreutils-python-utils package must be installed.</title>
              <affected family="unix">
@@ -18019,7 +17389,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The policycoreutils-python-utils package is required to operate and manage an SELinux environment and its policies. It provides utilities such as semanage, audit2allow, audit2why, chcat, and sandbox.</description>
            </metadata>
-@@ -24770,7 +25040,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
+@@ -24533,7 +24801,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
            <metadata>
              <title>RHEL-09-432010 - RHEL 9 must have the sudo package installed.</title>
              <affected family="unix">
@@ -18029,7 +17399,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>"sudo" is a program designed to allow a system administrator to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow system users to get their work done.</description>
            </metadata>
-@@ -24782,7 +25053,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
+@@ -24545,7 +24814,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000134-GPOS-00068</description>
            <metadata>
              <title>RHEL-09-432015 - RHEL 9 must require reauthentication when using the "sudo" command.</title>
              <affected family="unix">
@@ -18039,7 +17409,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without reauthentication, users may access resources or perform tasks for which they do not have authorization. 
  
-@@ -24798,7 +25070,8 @@ If the value is set to an integer less than "0", the user's time stamp will not
+@@ -24561,7 +24831,8 @@ If the value is set to an integer less than "0", the user's time stamp will not
            <metadata>
              <title>RHEL-09-432020 - RHEL 9 must use the invoking user's password for privilege escalation when using "sudo".</title>
              <affected family="unix">
@@ -18049,7 +17419,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password.</description>
            </metadata>
-@@ -24810,7 +25083,8 @@ If the value is set to an integer less than "0", the user's time stamp will not
+@@ -24573,7 +24844,8 @@ If the value is set to an integer less than "0", the user's time stamp will not
            <metadata>
              <title>RHEL-09-432025 - RHEL 9 must require users to reauthenticate for privilege escalation.</title>
              <affected family="unix">
@@ -18059,7 +17429,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
  
-@@ -24826,7 +25100,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
+@@ -24589,7 +24861,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
            <metadata>
              <title>RHEL-09-432030 - RHEL 9 must restrict privilege elevation to authorized personnel.</title>
              <affected family="unix">
@@ -18069,7 +17439,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.</description>
            </metadata>
-@@ -24838,7 +25113,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
+@@ -24601,7 +24874,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
            <metadata>
              <title>RHEL-09-432035 - RHEL 9 must restrict the use of the "su" command.</title>
              <affected family="unix">
@@ -18079,7 +17449,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "su" program allows to run commands with a substitute user and group ID. It is commonly used to run commands as the root user. Limiting access to such commands is considered a good security practice.
  
-@@ -24852,7 +25128,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000312-GPOS-00123</description>
+@@ -24615,7 +24889,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000312-GPOS-00123</description>
            <metadata>
              <title>RHEL-09-433010 - RHEL 9 fapolicy module must be installed.</title>
              <affected family="unix">
@@ -18089,7 +17459,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as allowlisting.
  
-@@ -24874,7 +25151,8 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154</description>
+@@ -24637,7 +24912,8 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154</description>
            <metadata>
              <title>RHEL-09-433015 - RHEL 9 fapolicy module must be enabled.</title>
              <affected family="unix">
@@ -18099,7 +17469,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as allowlisting.
  
-@@ -24896,7 +25174,8 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154</description>
+@@ -24659,7 +24935,8 @@ Satisfies: SRG-OS-000370-GPOS-00155, SRG-OS-000368-GPOS-00154</description>
            <metadata>
              <title>RHEL-09-611010 - RHEL 9 must ensure the password complexity module in the system-auth file is configured for three retries or less.</title>
              <affected family="unix">
@@ -18109,27 +17479,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
  
-@@ -24914,7 +25193,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
-           <metadata>
-             <title>RHEL-09-611015 - RHEL 9 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.</title>
-             <affected family="unix">
--              <platform>Red Hat Enterprise Linux 9</platform>
-+              <platform>Red Hat Enterprise Linux 9</platform>
-+<platform>AlmaLinux 9</platform>
-             </affected>
-             <description>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
- 
-@@ -24932,7 +25212,8 @@ Note that manual changes to the listed files may be overwritten by the "authsele
-           <metadata>
-             <title>RHEL-09-611020 - RHEL 9 must be configured in the system-auth file to prohibit password reuse for a minimum of five generations.</title>
-             <affected family="unix">
--              <platform>Red Hat Enterprise Linux 9</platform>
-+              <platform>Red Hat Enterprise Linux 9</platform>
-+<platform>AlmaLinux 9</platform>
-             </affected>
-             <description>Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
- 
-@@ -24950,7 +25231,8 @@ Note that manual changes to the listed files may be overwritten by the "authsele
+@@ -24677,7 +24954,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            <metadata>
              <title>RHEL-09-611025 - RHEL 9 must not allow blank or null passwords.</title>
              <affected family="unix">
@@ -18139,7 +17489,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</description>
            </metadata>
-@@ -24963,7 +25245,8 @@ Note that manual changes to the listed files may be overwritten by the "authsele
+@@ -24690,7 +24968,8 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            <metadata>
              <title>RHEL-09-611040 - RHEL 9 must ensure the password complexity module is enabled in the password-auth file.</title>
              <affected family="unix">
@@ -18149,7 +17499,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Enabling PAM password complexity permits enforcement of strong passwords and consequently makes the system less prone to dictionary attacks.
  
-@@ -24977,7 +25260,8 @@ Satisfies: SRG-OS-000069-GPOS-00037, SRG-OS-000070-GPOS-00038, SRG-OS-000480-GPO
+@@ -24704,7 +24983,8 @@ Satisfies: SRG-OS-000069-GPOS-00037, SRG-OS-000070-GPOS-00038, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-611045 - RHEL 9 must ensure the password complexity module is enabled in the system-auth file.</title>
              <affected family="unix">
@@ -18159,7 +17509,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Enabling PAM password complexity permits enforcement of strong passwords and consequently makes the system less prone to dictionary attacks.</description>
            </metadata>
-@@ -24989,7 +25273,8 @@ Satisfies: SRG-OS-000069-GPOS-00037, SRG-OS-000070-GPOS-00038, SRG-OS-000480-GPO
+@@ -24716,7 +24996,8 @@ Satisfies: SRG-OS-000069-GPOS-00037, SRG-OS-000070-GPOS-00038, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-611050 - RHEL 9 password-auth must be configured to use a sufficient number of hashing rounds.</title>
              <affected family="unix">
@@ -18169,7 +17519,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Passwords that are encrypted with a weak algorithm are no more protected than if they are kept in plain text.
  
-@@ -25005,7 +25290,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
+@@ -24732,7 +25013,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-611055 - RHEL 9 system-auth must be configured to use a sufficient number of hashing rounds.</title>
              <affected family="unix">
@@ -18179,7 +17529,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Passwords that are encrypted with a weak algorithm are no more protected than if they are kept in plain text.
  
-@@ -25021,7 +25307,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
+@@ -24748,7 +25030,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-611060 - RHEL 9 must enforce password complexity rules for the root account.</title>
              <affected family="unix">
@@ -18189,7 +17539,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -25037,7 +25324,8 @@ Satisfies: SRG-OS-000072-GPOS-00040, SRG-OS-000071-GPOS-00039, SRG-OS-000070-GPO
+@@ -24764,7 +25047,8 @@ Satisfies: SRG-OS-000072-GPOS-00040, SRG-OS-000071-GPOS-00039, SRG-OS-000070-GPO
            <metadata>
              <title>RHEL-09-611065 - RHEL 9 must enforce password complexity by requiring that at least one lowercase character be used.</title>
              <affected family="unix">
@@ -18199,7 +17549,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. 
  
-@@ -25051,7 +25339,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -24778,7 +25062,8 @@ Password complexity is one factor of several that determines how long it takes t
            <metadata>
              <title>RHEL-09-611070 - RHEL 9 must enforce password complexity by requiring that at least one numeric character be used.</title>
              <affected family="unix">
@@ -18209,7 +17559,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -25065,7 +25354,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -24792,7 +25077,8 @@ Password complexity is one factor of several that determines how long it takes t
            <metadata>
              <title>RHEL-09-611075 - RHEL 9 passwords for new users or password changes must have a 24 hours minimum password lifetime restriction in /etc/login.defs.</title>
              <affected family="unix">
@@ -18219,7 +17569,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, then the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
  
-@@ -25079,7 +25369,8 @@ Setting the minimum password age protects against users cycling back to a favori
+@@ -24806,7 +25092,8 @@ Setting the minimum password age protects against users cycling back to a favori
            <metadata>
              <title>RHEL-09-611080 - RHEL 9 passwords must have a 24 hours minimum password lifetime restriction in /etc/shadow.</title>
              <affected family="unix">
@@ -18229,7 +17579,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.</description>
            </metadata>
-@@ -25091,7 +25382,8 @@ Setting the minimum password age protects against users cycling back to a favori
+@@ -24818,7 +25105,8 @@ Setting the minimum password age protects against users cycling back to a favori
            <metadata>
              <title>RHEL-09-611085 - RHEL 9 must require users to provide a password for privilege escalation.</title>
              <affected family="unix">
@@ -18239,7 +17589,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
  
-@@ -25107,7 +25399,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
+@@ -24834,7 +25122,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
            <metadata>
              <title>RHEL-09-611090 - RHEL 9 passwords must be created with a minimum of 15 characters.</title>
              <affected family="unix">
@@ -18249,7 +17599,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
  
-@@ -25127,7 +25420,8 @@ The DOD minimum password requirement is 15 characters.</description>
+@@ -24854,7 +25143,8 @@ The DOD minimum password requirement is 15 characters.</description>
            <metadata>
              <title>RHEL-09-611095 - RHEL 9 passwords for new users must have a minimum of 15 characters.</title>
              <affected family="unix">
@@ -18259,7 +17609,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
  
-@@ -25143,7 +25437,8 @@ The DOD minimum password requirement is 15 characters.</description>
+@@ -24870,7 +25160,8 @@ The DOD minimum password requirement is 15 characters.</description>
            <metadata>
              <title>RHEL-09-611100 - RHEL 9 must enforce password complexity by requiring that at least one special character be used.</title>
              <affected family="unix">
@@ -18269,7 +17619,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised. RHEL 9 utilizes "pwquality" as a mechanism to enforce password complexity. Note that to require special characters without degrading the "minlen" value, the credit value must be expressed as a negative number in "/etc/security/pwquality.conf".</description>
            </metadata>
-@@ -25155,7 +25450,8 @@ The DOD minimum password requirement is 15 characters.</description>
+@@ -24882,7 +25173,8 @@ The DOD minimum password requirement is 15 characters.</description>
            <metadata>
              <title>RHEL-09-611105 - RHEL 9 must prevent the use of dictionary words for passwords.</title>
              <affected family="unix">
@@ -18279,7 +17629,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If RHEL 9 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses, and brute-force attacks.</description>
            </metadata>
-@@ -25167,7 +25463,8 @@ The DOD minimum password requirement is 15 characters.</description>
+@@ -24894,7 +25186,8 @@ The DOD minimum password requirement is 15 characters.</description>
            <metadata>
              <title>RHEL-09-611110 - RHEL 9 must enforce password complexity by requiring that at least one uppercase character be used.</title>
              <affected family="unix">
@@ -18289,7 +17639,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. Password complexity is one factor of several that determines how long it takes to crack a password. The more complex the password, the greater the number of possible combinations that need to be tested before the password is compromised. Requiring a minimum number of uppercase characters makes password guessing attacks more difficult by ensuring a larger search space.</description>
            </metadata>
-@@ -25179,7 +25476,8 @@ The DOD minimum password requirement is 15 characters.</description>
+@@ -24906,7 +25199,8 @@ The DOD minimum password requirement is 15 characters.</description>
            <metadata>
              <title>RHEL-09-611115 - RHEL 9 must require the change of at least eight characters when passwords are changed.</title>
              <affected family="unix">
@@ -18299,7 +17649,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute–force attacks. 
  
-@@ -25193,7 +25491,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -24920,7 +25214,8 @@ Password complexity is one factor of several that determines how long it takes t
            <metadata>
              <title>RHEL-09-611120 - RHEL 9 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.</title>
              <affected family="unix">
@@ -18309,7 +17659,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -25207,7 +25506,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -24934,7 +25229,8 @@ Password complexity is one factor of several that determines how long it takes t
            <metadata>
              <title>RHEL-09-611125 - RHEL 9 must require the maximum number of repeating characters be limited to three when passwords are changed.</title>
              <affected family="unix">
@@ -18319,7 +17669,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -25221,7 +25521,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -24948,7 +25244,8 @@ Password complexity is one factor of several that determines how long it takes t
            <metadata>
              <title>RHEL-09-611130 - RHEL 9 must require the change of at least four character classes when passwords are changed.</title>
              <affected family="unix">
@@ -18329,7 +17679,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
  
-@@ -25235,7 +25536,8 @@ Password complexity is one factor of several that determines how long it takes t
+@@ -24962,7 +25259,8 @@ Password complexity is one factor of several that determines how long it takes t
            <metadata>
              <title>RHEL-09-611135 - RHEL 9 must be configured so that user and group account administration utilities are configured to store only encrypted representations of passwords.</title>
              <affected family="unix">
@@ -18339,7 +17689,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Passwords that are encrypted with a weak algorithm are no more protected than if they are kept in plain text.
  
-@@ -25249,7 +25551,8 @@ This setting ensures user and group account administration utilities are configu
+@@ -24976,7 +25274,8 @@ This setting ensures user and group account administration utilities are configu
            <metadata>
              <title>RHEL-09-611140 - RHEL 9 must be configured to use the shadow file to store only encrypted representations of passwords.</title>
              <affected family="unix">
@@ -18349,7 +17699,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Passwords that are encrypted with a weak algorithm are no more protected than if they are kept in plain text.
  
-@@ -25263,7 +25566,8 @@ This setting ensures user and group account administration utilities are configu
+@@ -24990,7 +25289,8 @@ This setting ensures user and group account administration utilities are configu
            <metadata>
              <title>RHEL-09-611145 - RHEL 9 must not be configured to bypass password requirements for privilege escalation.</title>
              <affected family="unix">
@@ -18359,7 +17709,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without reauthentication, users may access resources or perform tasks for which they do not have authorization. When operating systems provide the capability to escalate a functional capability, it is critical the user reauthenticate.
  
-@@ -25277,7 +25581,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
+@@ -25004,7 +25304,8 @@ Satisfies: SRG-OS-000373-GPOS-00156, SRG-OS-000373-GPOS-00157, SRG-OS-000373-GPO
            <metadata>
              <title>RHEL-09-611150 - RHEL 9 shadow password suite must be configured to use a sufficient number of hashing rounds.</title>
              <affected family="unix">
@@ -18369,7 +17719,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised. Passwords that are encrypted with a weak algorithm are no more protected than if they are kept in plain text.
  
-@@ -25293,7 +25598,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
+@@ -25020,7 +25321,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-611155 - RHEL 9 must not have accounts configured with blank or null passwords.</title>
              <affected family="unix">
@@ -18379,7 +17729,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If an account has an empty password, anyone could log in and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.</description>
            </metadata>
-@@ -25305,7 +25611,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
+@@ -25032,7 +25334,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-611160 - RHEL 9 must use the CAC smart card driver.</title>
              <affected family="unix">
@@ -18389,7 +17739,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Smart card login provides two-factor authentication stronger than that provided by a username and password combination. Smart cards leverage public key infrastructure to provide and verify credentials. Configuring the smart card driver in use by the organization helps to prevent users from using unauthorized smart cards.
  
-@@ -25319,7 +25626,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPO
+@@ -25046,7 +25349,8 @@ Satisfies: SRG-OS-000104-GPOS-00051, SRG-OS-000106-GPOS-00053, SRG-OS-000107-GPO
            <metadata>
              <title>RHEL-09-611165 - RHEL 9 must enable certificate based smart card authentication.</title>
              <affected family="unix">
@@ -18399,7 +17749,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the use of multifactor authentication, the ease of access to privileged functions is greatly increased. Multifactor authentication requires using two or more factors to achieve authentication. A privileged account is defined as an information system account with authorizations of a privileged user. The DOD Common Access Card (CAC) with DOD-approved PKI is an example of multifactor authentication.
  
-@@ -25333,7 +25641,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000105-GPOS-00052</description>
+@@ -25060,7 +25364,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000105-GPOS-00052</description>
            <metadata>
              <title>RHEL-09-611170 - RHEL 9 must implement certificate status checking for multifactor authentication.</title>
              <affected family="unix">
@@ -18409,7 +17759,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Using an authentication device, such as a DOD Common Access Card (CAC) or token that is separate from the information system, ensures that even if the information system is compromised, credentials stored on the authentication device will not be affected.
  
-@@ -25351,7 +25660,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000377-GPOS-00162</description>
+@@ -25078,7 +25383,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000377-GPOS-00162</description>
            <metadata>
              <title>RHEL-09-611175 - RHEL 9 must have the pcsc-lite package installed.</title>
              <affected family="unix">
@@ -18419,7 +17769,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The pcsc-lite package must be installed if it is to be available for multifactor authentication using smart cards.</description>
            </metadata>
-@@ -25363,7 +25673,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000377-GPOS-00162</description>
+@@ -25090,7 +25396,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000377-GPOS-00162</description>
            <metadata>
              <title>RHEL-09-611180 - The pcscd service on RHEL 9 must be active.</title>
              <affected family="unix">
@@ -18429,7 +17779,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The information system ensures that even if the information system is compromised, that compromise will not affect credentials stored on the authentication device.
  
-@@ -25377,7 +25688,8 @@ The daemon program for pcsc-lite and the MuscleCard framework is pcscd. It is a
+@@ -25104,7 +25411,8 @@ The daemon program for pcsc-lite and the MuscleCard framework is pcscd. It is a
            <metadata>
              <title>RHEL-09-611185 - RHEL 9 must have the opensc package installed.</title>
              <affected family="unix">
@@ -18439,7 +17789,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The use of PIV credentials facilitates standardization and reduces the risk of unauthorized access.
  
-@@ -25393,7 +25705,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161</description>
+@@ -25120,7 +25428,8 @@ Satisfies: SRG-OS-000375-GPOS-00160, SRG-OS-000376-GPOS-00161</description>
            <metadata>
              <title>RHEL-09-611195 - RHEL 9 must require authentication to access emergency mode.</title>
              <affected family="unix">
@@ -18449,7 +17799,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
  
-@@ -25407,7 +25720,8 @@ This requirement prevents attackers with physical access from trivially bypassin
+@@ -25134,7 +25443,8 @@ This requirement prevents attackers with physical access from trivially bypassin
            <metadata>
              <title>RHEL-09-611200 - RHEL 9 must require authentication to access single-user mode.</title>
              <affected family="unix">
@@ -18459,7 +17809,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>To mitigate the risk of unauthorized access to sensitive information by entities that have been issued certificates by DOD-approved PKIs, all DOD systems (e.g., web servers and web portals) must be properly configured to incorporate access control methods that do not rely solely on the possession of a certificate for access. Successful authentication must not automatically give an entity access to an asset or security boundary. Authorization procedures and controls must be implemented to ensure each authenticated entity also has a validated and current authorization. Authorization is the process of determining whether an entity, once authenticated, is permitted to access a specific asset. Information systems use access control policies and enforcement mechanisms to implement this requirement.
  
-@@ -25421,7 +25735,8 @@ This requirement prevents attackers with physical access from trivially bypassin
+@@ -25148,7 +25458,8 @@ This requirement prevents attackers with physical access from trivially bypassin
            <metadata>
              <title>RHEL-09-611205 - RHEL 9 must prevent system daemons from using Kerberos for authentication.</title>
              <affected family="unix">
@@ -18469,7 +17819,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unapproved mechanisms used for authentication to the cryptographic module are not verified; therefore, cannot be relied upon to provide confidentiality or integrity and DOD data may be compromised.
  
-@@ -25439,7 +25754,8 @@ FIPS 140-3 is the current standard for validating that mechanisms used to access
+@@ -25166,7 +25477,8 @@ FIPS 140-3 is the current standard for validating that mechanisms used to access
            <metadata>
              <title>RHEL-09-631020 - RHEL 9 must prohibit the use of cached authenticators after one day.</title>
              <affected family="unix">
@@ -18479,7 +17829,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If cached authentication information is out-of-date, the validity of the authentication information may be questionable.</description>
            </metadata>
-@@ -25451,7 +25767,8 @@ FIPS 140-3 is the current standard for validating that mechanisms used to access
+@@ -25178,7 +25490,8 @@ FIPS 140-3 is the current standard for validating that mechanisms used to access
            <metadata>
              <title>RHEL-09-651010 - RHEL 9 must have the AIDE package installed.</title>
              <affected family="unix">
@@ -18489,7 +17839,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without verification of the security functions, security functions may not operate correctly, and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
  
-@@ -25465,7 +25782,8 @@ Satisfies: SRG-OS-000363-GPOS-00150, SRG-OS-000445-GPOS-00199</description>
+@@ -25192,7 +25505,8 @@ Satisfies: SRG-OS-000363-GPOS-00150, SRG-OS-000445-GPOS-00199</description>
            <metadata>
              <title>RHEL-09-651025 - RHEL 9 must use cryptographic mechanisms to protect the integrity of audit tools.</title>
              <affected family="unix">
@@ -18499,7 +17849,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Protecting the integrity of the tools used for auditing purposes is a critical step toward ensuring the integrity of audit information. Audit information includes all information (e.g., audit records, audit settings, and audit reports) needed to successfully audit information system activity.
  
-@@ -25485,7 +25803,8 @@ Satisfies: SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPO
+@@ -25212,7 +25526,8 @@ Satisfies: SRG-OS-000256-GPOS-00097, SRG-OS-000257-GPOS-00098, SRG-OS-000258-GPO
            <metadata>
              <title>RHEL-09-652010 - RHEL 9 must have the rsyslog package installed.</title>
              <affected family="unix">
@@ -18509,7 +17859,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>rsyslogd is a system utility providing support for message logging. Support for both internet and Unix domain sockets enables this utility to support both local and remote logging. Couple this utility with "gnutls" (which is a secure communications library implementing the SSL, TLS, and DTLS protocols), to create a method to securely encrypt and offload auditing.
  
-@@ -25499,7 +25818,8 @@ Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000051-GPOS-00024, SRG-OS-000480-GPO
+@@ -25226,7 +25541,8 @@ Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000051-GPOS-00024, SRG-OS-000480-GPO
            <metadata>
              <title>RHEL-09-652015 - RHEL 9 must have the packages required for encrypting offloaded audit logs installed.</title>
              <affected family="unix">
@@ -18519,7 +17869,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The rsyslog-gnutls package provides Transport Layer Security (TLS) support for the rsyslog daemon, which enables secure remote logging.
  
-@@ -25513,7 +25833,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
+@@ -25240,7 +25556,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-652020 - The rsyslog service on RHEL 9 must be active.</title>
              <affected family="unix">
@@ -18529,7 +17879,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The "rsyslog" service must be running to provide logging services, which are essential to system administration.</description>
            </metadata>
-@@ -25525,7 +25846,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
+@@ -25252,7 +25569,8 @@ Satisfies: SRG-OS-000480-GPOS-00227, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-652025 - RHEL 9 must be configured so that the rsyslog daemon does not accept log messages from other servers unless the server is being used for log aggregation.</title>
              <affected family="unix">
@@ -18539,7 +17889,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unintentionally running a rsyslog server accepting remote messages puts the system at increased risk. Malicious rsyslog messages sent to the server could exploit vulnerabilities in the server software itself, could introduce misleading information into the system's logs, or could fill the system's storage leading to a denial of service.
  
-@@ -25539,7 +25861,8 @@ If the system is intended to be a log aggregation server, its use must be docume
+@@ -25266,7 +25584,8 @@ If the system is intended to be a log aggregation server, its use must be docume
            <metadata>
              <title>RHEL-09-652030 - All RHEL 9 remote access methods must be monitored.</title>
              <affected family="unix">
@@ -18549,7 +17899,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Logging remote access methods can be used to trace the decrease in the risks associated with remote user access management. It can also be used to spot cyberattacks and ensure ongoing compliance with organizational policies surrounding the use of remote access methods.</description>
            </metadata>
-@@ -25551,7 +25874,8 @@ If the system is intended to be a log aggregation server, its use must be docume
+@@ -25278,7 +25597,8 @@ If the system is intended to be a log aggregation server, its use must be docume
            <metadata>
              <title>RHEL-09-652035 - RHEL 9 must be configured to offload audit records onto a different system from the system being audited via syslog.</title>
              <affected family="unix">
@@ -18559,7 +17909,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The auditd service does not include the ability to send audit records to a centralized server for management directly. However, it can use a plug-in for audit event multiplexor (audispd) to pass audit records to the local syslog server.
  
-@@ -25565,7 +25889,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
+@@ -25292,7 +25612,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
            <metadata>
              <title>RHEL-09-652040 - RHEL 9 must authenticate the remote logging server for offloading audit logs via rsyslog.</title>
              <affected family="unix">
@@ -18569,7 +17919,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -25589,7 +25914,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
+@@ -25316,7 +25637,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
            <metadata>
              <title>RHEL-09-652045 - RHEL 9 must encrypt the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.</title>
              <affected family="unix">
@@ -18579,7 +17929,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -25613,7 +25939,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
+@@ -25340,7 +25662,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
            <metadata>
              <title>RHEL-09-652050 - RHEL 9 must encrypt via the gtls driver the transfer of audit records offloaded onto a different system or media from the system being audited via rsyslog.</title>
              <affected family="unix">
@@ -18589,7 +17939,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -25631,7 +25958,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
+@@ -25358,7 +25681,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
            <metadata>
              <title>RHEL-09-652055 - RHEL 9 must be configured to forward audit records via TCP to a different system or media from the system being audited via rsyslog.</title>
              <affected family="unix">
@@ -18599,7 +17949,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -25657,7 +25985,8 @@ Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000480-GPOS-00227, SRG-OS-000342-GPO
+@@ -25384,7 +25708,8 @@ Satisfies: SRG-OS-000479-GPOS-00224, SRG-OS-000480-GPOS-00227, SRG-OS-000342-GPO
            <metadata>
              <title>RHEL-09-653010 - RHEL 9 audit package must be installed.</title>
              <affected family="unix">
@@ -18609,7 +17959,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
  
-@@ -25675,7 +26004,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
+@@ -25402,7 +25727,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
            <metadata>
              <title>RHEL-09-653015 - RHEL 9 audit service must be enabled.</title>
              <affected family="unix">
@@ -18619,7 +17969,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without establishing what type of events occurred, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack. Ensuring the "auditd" service is active ensures audit records generated by the kernel are appropriately recorded.
  
-@@ -25691,7 +26021,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
+@@ -25418,7 +25744,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
            <metadata>
              <title>RHEL-09-653020 - RHEL 9 audit system must take appropriate action when an error writing to the audit storage volume occurs.</title>
              <affected family="unix">
@@ -18629,7 +17979,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.</description>
            </metadata>
-@@ -25703,7 +26034,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
+@@ -25430,7 +25757,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
            <metadata>
              <title>RHEL-09-653025 - RHEL 9 audit system must take appropriate action when the audit storage volume is full.</title>
              <affected family="unix">
@@ -18639,7 +17989,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.</description>
            </metadata>
-@@ -25715,7 +26047,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
+@@ -25442,7 +25770,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000038-GPO
            <metadata>
              <title>RHEL-09-653030 - RHEL 9 must allocate audit record storage capacity to store at least one week's worth of audit records.</title>
              <affected family="unix">
@@ -18649,7 +17999,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>To ensure RHEL 9 systems have a sufficient storage capacity in which to write the audit logs, RHEL 9 needs to be able to allocate audit record storage capacity.
  
-@@ -25731,7 +26064,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
+@@ -25458,7 +25787,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
            <metadata>
              <title>RHEL-09-653035 - RHEL 9 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.</title>
              <affected family="unix">
@@ -18659,7 +18009,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.</description>
            </metadata>
-@@ -25743,7 +26077,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
+@@ -25470,7 +25800,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
            <metadata>
              <title>RHEL-09-653040 - RHEL 9 must notify the system administrator (SA) and information system security officer (ISSO) (at a minimum) when allocated audit record storage volume 75 percent utilization.</title>
              <affected family="unix">
@@ -18669,7 +18019,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.</description>
            </metadata>
-@@ -25755,7 +26090,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
+@@ -25482,7 +25813,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
            <metadata>
              <title>RHEL-09-653045 - RHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the audit record storage capacity.</title>
              <affected family="unix">
@@ -18679,7 +18029,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If action is not taken when storage volume reaches 95 percent utilization, the auditing system may fail when the storage volume reaches capacity.</description>
            </metadata>
-@@ -25767,7 +26103,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
+@@ -25494,7 +25826,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
            <metadata>
              <title>RHEL-09-653050 - RHEL 9 must take action when allocated audit record storage volume reaches 95 percent of the repository maximum audit record storage capacity.</title>
              <affected family="unix">
@@ -18689,7 +18039,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If action is not taken when storage volume reaches 95 percent utilization, the auditing system may fail when the storage volume reaches capacity.</description>
            </metadata>
-@@ -25779,7 +26116,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
+@@ -25506,7 +25839,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
            <metadata>
              <title>RHEL-09-653055 - RHEL 9 audit system must take appropriate action when the audit files have reached maximum size.</title>
              <affected family="unix">
@@ -18699,7 +18049,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is critical that when the operating system is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.</description>
            </metadata>
-@@ -25791,7 +26129,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
+@@ -25518,7 +25852,8 @@ Satisfies: SRG-OS-000341-GPOS-00132, SRG-OS-000342-GPOS-00133</description>
            <metadata>
              <title>RHEL-09-653060 - RHEL 9 must label all offloaded audit logs before sending them to the central log server.</title>
              <affected family="unix">
@@ -18709,7 +18059,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Enriched logging is needed to determine who, what, and when events occur on a system. Without this, determining root cause of an event will be much more difficult.
  
-@@ -25807,7 +26146,8 @@ Satisfies: SRG-OS-000039-GPOS-00017, SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPO
+@@ -25534,7 +25869,8 @@ Satisfies: SRG-OS-000039-GPOS-00017, SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPO
            <metadata>
              <title>RHEL-09-653065 - RHEL 9 must take appropriate action when the internal event queue is full.</title>
              <affected family="unix">
@@ -18719,7 +18069,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The audit system should have an action setup in the event the internal event queue becomes full so that no data is lost.  Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
  
-@@ -25823,7 +26163,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
+@@ -25550,7 +25886,8 @@ Satisfies: SRG-OS-000342-GPOS-00133, SRG-OS-000479-GPOS-00224</description>
            <metadata>
              <title>RHEL-09-653070 - RHEL 9 System Administrator (SA) and/or information system security officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.</title>
              <affected family="unix">
@@ -18729,7 +18079,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
  
-@@ -25841,7 +26182,8 @@ Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000343-GPOS-00134</description>
+@@ -25568,7 +25905,8 @@ Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000343-GPOS-00134</description>
            <metadata>
              <title>RHEL-09-653075 - RHEL 9 audit system must audit local events.</title>
              <affected family="unix">
@@ -18739,7 +18089,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
  
-@@ -25857,7 +26199,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000480-GPOS-00227</description>
+@@ -25584,7 +25922,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-653080 - RHEL 9 audit logs must be group-owned by root or by a restricted logging group to prevent unauthorized read access.</title>
              <affected family="unix">
@@ -18749,7 +18099,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -25871,7 +26214,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
+@@ -25598,7 +25937,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
            <metadata>
              <title>RHEL-09-653085 - RHEL 9 audit log directory must be owned by root to prevent unauthorized read access.</title>
              <affected family="unix">
@@ -18759,7 +18109,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -25885,7 +26229,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
+@@ -25612,7 +25952,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
            <metadata>
              <title>RHEL-09-653090 - RHEL 9 audit logs file must have mode 0600 or less permissive to prevent unauthorized access to the audit log.</title>
              <affected family="unix">
@@ -18769,7 +18119,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 9 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
  
-@@ -25901,7 +26246,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
+@@ -25628,7 +25969,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
            <metadata>
              <title>RHEL-09-653095 - RHEL 9 must periodically flush audit records to disk to prevent the loss of audit records.</title>
              <affected family="unix">
@@ -18779,7 +18129,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If option "freq" is not set to a value that requires audit records being written to disk after a threshold number is reached, then audit records may be lost.</description>
            </metadata>
-@@ -25913,7 +26259,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
+@@ -25640,7 +25982,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
            <metadata>
              <title>RHEL-09-653100 - RHEL 9 must produce audit records containing information to establish the identity of any individual or process associated with the event.</title>
              <affected family="unix">
@@ -18789,7 +18139,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
  
-@@ -25931,7 +26278,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
+@@ -25658,7 +26001,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-653105 - RHEL 9 must write audit records to disk.</title>
              <affected family="unix">
@@ -18799,7 +18149,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Audit data should be synchronously written to disk to ensure log integrity. This setting assures that all audit event data is written disk.</description>
            </metadata>
-@@ -25943,7 +26291,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
+@@ -25670,7 +26014,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-653110 - RHEL 9 must allow only the information system security manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.</title>
              <affected family="unix">
@@ -18809,7 +18159,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.</description>
            </metadata>
-@@ -25955,7 +26304,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
+@@ -25682,7 +26027,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-653115 - RHEL 9 /etc/audit/auditd.conf file must have 0640 or less permissive to prevent unauthorized access.</title>
              <affected family="unix">
@@ -18819,7 +18169,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.</description>
            </metadata>
-@@ -25967,7 +26317,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
+@@ -25694,7 +26040,8 @@ Satisfies: SRG-OS-000255-GPOS-00096, SRG-OS-000480-GPOS-00227</description>
            <metadata>
              <title>RHEL-09-653120 - RHEL 9 must allocate an audit_backlog_limit of sufficient size to capture processes that start prior to the audit daemon.</title>
              <affected family="unix">
@@ -18829,7 +18179,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -25987,7 +26338,8 @@ Satisfies: SRG-OS-000254-GPOS-00095, SRG-OS-000341-GPOS-00132</description>
+@@ -25714,7 +26061,8 @@ Satisfies: SRG-OS-000254-GPOS-00095, SRG-OS-000341-GPOS-00132</description>
            <metadata>
              <title>RHEL-09-653130 - RHEL 9 audispd-plugins package must be installed.</title>
              <affected family="unix">
@@ -18839,7 +18189,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>"audispd-plugins" provides plugins for the real-time interface to the audit subsystem, "audispd". These plugins can do things like relay events to remote machines or analyze events for suspicious behavior.</description>
            </metadata>
-@@ -25999,7 +26351,8 @@ Satisfies: SRG-OS-000254-GPOS-00095, SRG-OS-000341-GPOS-00132</description>
+@@ -25726,7 +26074,8 @@ Satisfies: SRG-OS-000254-GPOS-00095, SRG-OS-000341-GPOS-00132</description>
            <metadata>
              <title>RHEL-09-654010 - RHEL 9 must audit uses of the "execve" system call.</title>
              <affected family="unix">
@@ -18849,7 +18199,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
  
-@@ -26013,7 +26366,8 @@ Satisfies: SRG-OS-000326-GPOS-00126, SRG-OS-000327-GPOS-00127</description>
+@@ -25740,7 +26089,8 @@ Satisfies: SRG-OS-000326-GPOS-00126, SRG-OS-000327-GPOS-00127</description>
            <metadata>
              <title>RHEL-09-654015 - RHEL 9 must audit all uses of the chmod, fchmod, and fchmodat system calls.</title>
              <affected family="unix">
@@ -18859,7 +18209,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26033,7 +26387,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25760,7 +26110,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654020 - RHEL 9 must audit all uses of the chown, fchown, fchownat, and lchown system calls.</title>
              <affected family="unix">
@@ -18869,7 +18219,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26053,7 +26408,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25780,7 +26131,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654025 - RHEL 9 must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr, and lremovexattr system calls.</title>
              <affected family="unix">
@@ -18879,7 +18229,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26073,7 +26429,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25800,7 +26152,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654030 - RHEL 9 must audit all uses of umount system calls.</title>
              <affected family="unix">
@@ -18889,7 +18239,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26093,7 +26450,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
+@@ -25820,7 +26173,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
            <metadata>
              <title>RHEL-09-654035 - RHEL 9 must audit all uses of the chacl command.</title>
              <affected family="unix">
@@ -18899,7 +18249,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26113,7 +26471,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25840,7 +26194,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654040 - RHEL 9 must audit all uses of the setfacl command.</title>
              <affected family="unix">
@@ -18909,7 +18259,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26133,7 +26492,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25860,7 +26215,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654045 - RHEL 9 must audit all uses of the chcon command.</title>
              <affected family="unix">
@@ -18919,7 +18269,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26153,7 +26513,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25880,7 +26236,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654050 - RHEL 9 must audit all uses of the semanage command.</title>
              <affected family="unix">
@@ -18929,7 +18279,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26173,7 +26534,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25900,7 +26257,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654055 - RHEL 9 must audit all uses of the setfiles command.</title>
              <affected family="unix">
@@ -18939,7 +18289,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26193,7 +26555,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25920,7 +26278,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654060 - RHEL 9 must audit all uses of the setsebool command.</title>
              <affected family="unix">
@@ -18949,7 +18299,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26213,7 +26576,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25940,7 +26299,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654065 - RHEL 9 must audit all uses of the rename, unlink, rmdir, renameat, and unlinkat system calls.</title>
              <affected family="unix">
@@ -18959,7 +18309,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26233,7 +26597,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25960,7 +26320,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654070 - RHEL 9 must audit all uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls.</title>
              <affected family="unix">
@@ -18969,7 +18319,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26253,7 +26618,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -25980,7 +26341,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654075 - RHEL 9 must audit all uses of the delete_module system call.</title>
              <affected family="unix">
@@ -18979,7 +18329,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26273,7 +26639,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26000,7 +26362,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654080 - RHEL 9 must audit all uses of the init_module and finit_module system calls.</title>
              <affected family="unix">
@@ -18989,7 +18339,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26293,7 +26660,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26020,7 +26383,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654085 - RHEL 9 must audit all uses of the chage command.</title>
              <affected family="unix">
@@ -18999,7 +18349,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26313,7 +26681,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26040,7 +26404,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654090 - RHEL 9 must audit all uses of the chsh command.</title>
              <affected family="unix">
@@ -19009,7 +18359,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26333,7 +26702,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26060,7 +26425,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654095 - RHEL 9 must audit all uses of the crontab command.</title>
              <affected family="unix">
@@ -19019,7 +18369,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26353,7 +26723,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26080,7 +26446,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654100 - RHEL 9 must audit all uses of the gpasswd command.</title>
              <affected family="unix">
@@ -19029,7 +18379,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26373,7 +26744,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26100,7 +26467,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654105 - RHEL 9 must audit all uses of the kmod command.</title>
              <affected family="unix">
@@ -19039,7 +18389,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26393,7 +26765,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26120,7 +26488,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654110 - RHEL 9 must audit all uses of the newgrp command.</title>
              <affected family="unix">
@@ -19049,7 +18399,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26413,7 +26786,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26140,7 +26509,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654115 - RHEL 9 must audit all uses of the pam_timestamp_check command.</title>
              <affected family="unix">
@@ -19059,7 +18409,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26433,7 +26807,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26160,7 +26530,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654120 - RHEL 9 must audit all uses of the passwd command.</title>
              <affected family="unix">
@@ -19069,7 +18419,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26453,7 +26828,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26180,7 +26551,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654125 - RHEL 9 must audit all uses of the postdrop command.</title>
              <affected family="unix">
@@ -19079,7 +18429,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26473,7 +26849,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26200,7 +26572,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654130 - RHEL 9 must audit all uses of the postqueue command.</title>
              <affected family="unix">
@@ -19089,7 +18439,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26493,7 +26870,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26220,7 +26593,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654135 - RHEL 9 must audit all uses of the ssh-agent command.</title>
              <affected family="unix">
@@ -19099,7 +18449,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26513,7 +26891,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26240,7 +26614,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654140 - RHEL 9 must audit all uses of the ssh-keysign command.</title>
              <affected family="unix">
@@ -19109,7 +18459,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26533,7 +26912,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26260,7 +26635,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654145 - RHEL 9 must audit all uses of the su command.</title>
              <affected family="unix">
@@ -19119,7 +18469,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26553,7 +26933,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26280,7 +26656,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654150 - RHEL 9 must audit all uses of the sudo command.</title>
              <affected family="unix">
@@ -19129,7 +18479,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26573,7 +26954,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26300,7 +26677,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654155 - RHEL 9 must audit all uses of the sudoedit command.</title>
              <affected family="unix">
@@ -19139,7 +18489,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26593,7 +26975,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26320,7 +26698,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654160 - RHEL 9 must audit all uses of the unix_chkpwd command.</title>
              <affected family="unix">
@@ -19149,7 +18499,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26613,7 +26996,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26340,7 +26719,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654165 - RHEL 9 must audit all uses of the unix_update command.</title>
              <affected family="unix">
@@ -19159,7 +18509,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26633,7 +27017,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26360,7 +26740,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654170 - RHEL 9 must audit all uses of the userhelper command.</title>
              <affected family="unix">
@@ -19169,7 +18519,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26653,7 +27038,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26380,7 +26761,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654175 - RHEL 9 must audit all uses of the usermod command.</title>
              <affected family="unix">
@@ -19179,7 +18529,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit record specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26673,7 +27059,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26400,7 +26782,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654180 - RHEL 9 must audit all uses of the mount command.</title>
              <affected family="unix">
@@ -19189,7 +18539,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26693,7 +27080,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26420,7 +26803,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654185 - Successful/unsuccessful uses of the init command in RHEL 9 must generate an audit record.</title>
              <affected family="unix">
@@ -19199,7 +18549,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Misuse of the init command may cause availability issues for the system.</description>
            </metadata>
-@@ -26705,7 +27093,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26432,7 +26816,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654190 - Successful/unsuccessful uses of the poweroff command in RHEL 9 must generate an audit record.</title>
              <affected family="unix">
@@ -19209,7 +18559,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Misuse of the poweroff command may cause availability issues for the system.</description>
            </metadata>
-@@ -26717,7 +27106,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26444,7 +26829,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654195 - Successful/unsuccessful uses of the reboot command in RHEL 9 must generate an audit record.</title>
              <affected family="unix">
@@ -19219,7 +18569,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Misuse of the reboot command may cause availability issues for the system.</description>
            </metadata>
-@@ -26729,7 +27119,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26456,7 +26842,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654200 - Successful/unsuccessful uses of the shutdown command in RHEL 9 must generate an audit record.</title>
              <affected family="unix">
@@ -19229,7 +18579,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Misuse of the shutdown command may cause availability issues for the system.</description>
            </metadata>
-@@ -26741,7 +27132,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26468,7 +26855,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654205 - Successful/unsuccessful uses of the umount system call in RHEL 9 must generate an audit record.</title>
              <affected family="unix">
@@ -19239,7 +18589,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
  
-@@ -26755,7 +27147,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
+@@ -26482,7 +26870,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
            <metadata>
              <title>RHEL-09-654210 - Successful/unsuccessful uses of the umount2 system call in RHEL 9 must generate an audit record.</title>
              <affected family="unix">
@@ -19249,7 +18599,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The changing of file permissions could indicate that a user is attempting to gain access to information that would otherwise be disallowed. Auditing DAC modifications can facilitate the identification of patterns of abuse among both authorized and unauthorized users.
  
-@@ -26769,7 +27162,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
+@@ -26496,7 +26885,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000062-GPOS-00031, SRG-OS-000392-GPO
            <metadata>
              <title>RHEL-09-654215 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.</title>
              <affected family="unix">
@@ -19259,7 +18609,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The actions taken by system administrators must be audited to keep a record of what was executed on the system, as well as for accountability purposes. Editing the sudoers file may be sign of an attacker trying to establish persistent methods to a system, auditing the editing of the sudoers files mitigates this risk.
  
-@@ -26783,7 +27177,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -26510,7 +26900,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-654220 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/ directory.</title>
              <affected family="unix">
@@ -19269,7 +18619,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The actions taken by system administrators must be audited to keep a record of what was executed on the system, as well as for accountability purposes. Editing the sudoers file may be sign of an attacker trying to establish persistent methods to a system, auditing the editing of the sudoers files mitigates this risk.
  
-@@ -26797,7 +27192,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -26524,7 +26915,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-654225 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.</title>
              <affected family="unix">
@@ -19279,7 +18629,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications must be investigated for legitimacy.
  
-@@ -26811,7 +27207,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -26538,7 +26930,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-654230 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.</title>
              <affected family="unix">
@@ -19289,7 +18639,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.
  
-@@ -26825,7 +27222,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -26552,7 +26945,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-654235 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/opasswd.</title>
              <affected family="unix">
@@ -19299,7 +18649,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.
  
-@@ -26839,7 +27237,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -26566,7 +26960,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-654240 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.</title>
              <affected family="unix">
@@ -19309,7 +18659,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.
  
-@@ -26853,7 +27252,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -26580,7 +26975,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-654245 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.</title>
              <affected family="unix">
@@ -19319,7 +18669,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>In addition to auditing new user and group accounts, these watches will alert the system administrator(s) to any modifications. Any unexpected users, groups, or modifications should be investigated for legitimacy.
  
-@@ -26867,7 +27267,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
+@@ -26594,7 +26990,8 @@ Satisfies: SRG-OS-000004-GPOS-00004, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
            <metadata>
              <title>RHEL-09-654250 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/faillock.</title>
              <affected family="unix">
@@ -19329,7 +18679,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26881,7 +27282,8 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000470-GPOS-00214, SRG-OS-000473-GPO
+@@ -26608,7 +27005,8 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000470-GPOS-00214, SRG-OS-000473-GPO
            <metadata>
              <title>RHEL-09-654255 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/lastlog.</title>
              <affected family="unix">
@@ -19339,7 +18689,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26895,7 +27297,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
+@@ -26622,7 +27020,8 @@ Satisfies: SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPOS-00020, SRG-OS-000062-GPO
            <metadata>
              <title>RHEL-09-654260 - RHEL 9 must generate audit records for all account creations, modifications, disabling, and termination events that affect /var/log/tallylog.</title>
              <affected family="unix">
@@ -19349,7 +18699,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without generating audit records specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
  
-@@ -26909,7 +27312,8 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000470-GPOS-00214, SRG-OS-000473-GPO
+@@ -26636,7 +27035,8 @@ Satisfies: SRG-OS-000392-GPOS-00172, SRG-OS-000470-GPOS-00214, SRG-OS-000473-GPO
            <metadata>
              <title>RHEL-09-654265 - RHEL 9 must take appropriate action when a critical audit processing failure occurs.</title>
              <affected family="unix">
@@ -19359,7 +18709,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
  
-@@ -26925,7 +27329,8 @@ Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000047-GPOS-00023</description>
+@@ -26652,7 +27052,8 @@ Satisfies: SRG-OS-000046-GPOS-00022, SRG-OS-000047-GPOS-00023</description>
            <metadata>
              <title>RHEL-09-654270 - RHEL 9 audit system must protect logon UIDs from unauthorized change.</title>
              <affected family="unix">
@@ -19369,7 +18719,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>If modification of login user identifiers (UIDs) is not prevented, they can be changed by nonprivileged users and make auditing complicated or impossible.
  
-@@ -26939,7 +27344,8 @@ Satisfies: SRG-OS-000462-GPOS-00206, SRG-OS-000475-GPOS-00220, SRG-OS-000057-GPO
+@@ -26666,7 +27067,8 @@ Satisfies: SRG-OS-000462-GPOS-00206, SRG-OS-000475-GPOS-00220, SRG-OS-000057-GPO
            <metadata>
              <title>RHEL-09-654275 - RHEL 9 audit system must protect auditing rules from unauthorized change.</title>
              <affected family="unix">
@@ -19379,7 +18729,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
  
-@@ -26957,7 +27363,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
+@@ -26684,7 +27086,8 @@ Satisfies: SRG-OS-000057-GPOS-00027, SRG-OS-000058-GPOS-00028, SRG-OS-000059-GPO
            <metadata>
              <title>RHEL-09-672582300 - RHEL 9 must enable FIPS mode.</title>
              <affected family="unix">
@@ -19389,7 +18739,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. This includes NIST FIPS-validated cryptography for the following: Provisioning digital signatures, generating cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
  
-@@ -26971,7 +27378,8 @@ Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPO
+@@ -26698,7 +27101,8 @@ Satisfies: SRG-OS-000033-GPOS-00014, SRG-OS-000125-GPOS-00065, SRG-OS-000396-GPO
            <metadata>
              <title>RHEL-09-671015 - RHEL 9 must employ FIPS 140-3 approved cryptographic hashing algorithms for all stored passwords.</title>
              <affected family="unix">
@@ -19399,7 +18749,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>The system must use a strong hashing algorithm to store the password.
  
-@@ -26987,7 +27395,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
+@@ -26714,7 +27118,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-671020 - RHEL 9 IP tunnels must use FIPS 140-2/140-3 approved cryptographic algorithms.</title>
              <affected family="unix">
@@ -19409,7 +18759,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Overriding the system crypto policy makes the behavior of the Libreswan service violate expectations, and makes system configuration more fragmented.</description>
            </metadata>
-@@ -26999,7 +27408,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
+@@ -26726,7 +27131,8 @@ Satisfies: SRG-OS-000073-GPOS-00041, SRG-OS-000120-GPOS-00061</description>
            <metadata>
              <title>RHEL-09-671025 - RHEL 9 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-3 approved cryptographic hashing algorithm for system authentication.</title>
              <affected family="unix">
@@ -19419,7 +18769,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and; therefore, cannot be relied upon to provide confidentiality or integrity, and DOD data may be compromised.
  
-@@ -27015,7 +27425,8 @@ FIPS 140-3 is the current standard for validating that mechanisms used to access
+@@ -26742,7 +27148,8 @@ FIPS 140-3 is the current standard for validating that mechanisms used to access
            <metadata>
              <title>RHEL-09-672010 - RHEL 9 must have the crypto-policies package installed.</title>
              <affected family="unix">
@@ -19429,7 +18779,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data.
  
-@@ -27029,7 +27440,8 @@ Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPO
+@@ -26756,7 +27163,8 @@ Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPO
            <metadata>
              <title>RHEL-09-672020 - RHEL 9 crypto policy must not be overridden.</title>
              <affected family="unix">
@@ -19439,7 +18789,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Centralized cryptographic policies simplify applying secure ciphers across an operating system and the applications that run on that operating system. Use of weak or untested encryption algorithms undermines the purposes of utilizing encryption to protect data.
  
-@@ -27043,7 +27455,8 @@ Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPO
+@@ -26770,7 +27178,8 @@ Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPO
            <metadata>
              <title>RHEL-09-672025 - RHEL 9 must use mechanisms meeting the requirements of applicable federal laws, executive orders, directives, policies, regulations, standards, and guidance for authentication to a cryptographic module.</title>
              <affected family="unix">
@@ -19449,7 +18799,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Overriding the system crypto policy makes the behavior of Kerberos violate expectations, and makes system configuration more fragmented.</description>
            </metadata>
-@@ -27055,7 +27468,8 @@ Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPO
+@@ -26782,7 +27191,8 @@ Satisfies: SRG-OS-000396-GPOS-00176, SRG-OS-000393-GPOS-00173, SRG-OS-000394-GPO
            <metadata>
              <title>RHEL-09-672030 - RHEL 9 must implement DOD-approved TLS encryption in the GnuTLS package.</title>
              <affected family="unix">
@@ -19459,7 +18809,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -27073,7 +27487,8 @@ Satisfies: SRG-OS-000250-GPOS-00093, SRG-OS-000423-GPOS-00187</description>
+@@ -26800,7 +27210,8 @@ Satisfies: SRG-OS-000250-GPOS-00093, SRG-OS-000423-GPOS-00187</description>
            <metadata>
              <title>RHEL-09-672035 - RHEL 9 must implement DOD-approved encryption in the OpenSSL package.</title>
              <affected family="unix">
@@ -19469,7 +18819,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -27091,7 +27506,8 @@ The employed algorithms can be viewed in the /etc/crypto-policies/back-ends/open
+@@ -26818,7 +27229,8 @@ The employed algorithms can be viewed in the /etc/crypto-policies/back-ends/open
            <metadata>
              <title>RHEL-09-672040 - RHEL 9 must implement DOD-approved TLS encryption in the OpenSSL package.</title>
              <affected family="unix">
@@ -19479,7 +18829,7 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -27109,7 +27525,8 @@ The employed algorithms can be viewed in the /etc/crypto-policies/back-ends/open
+@@ -26836,7 +27248,8 @@ The employed algorithms can be viewed in the /etc/crypto-policies/back-ends/open
            <metadata>
              <title>RHEL-09-672050 - RHEL 9 must implement DOD-approved encryption in the bind package.</title>
              <affected family="unix">
@@ -19489,16 +18839,16 @@ index c14013393..8b6269729 100644
              </affected>
              <description>Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
  
-@@ -29178,7 +29595,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190</description>
+@@ -28886,7 +29299,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190</description>
            <object object_ref="oval:mil.disa.stig.ubuntu2004:obj:100" />
            <state state_ref="oval:mil.disa.stig.ubuntu2004:ste:100" />
          </textfilecontent54_test>
--        <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" id="oval:mil.disa.stig.unix:tst:10000600" comment="/boot/efi/EFI/redhat/grub.cfg exists." version="1">
-+        <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" id="oval:mil.disa.stig.unix:tst:10000600" comment="/boot/efi/EFI/almalinux/grub.cfg exists." version="1">
+-        <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:10000600" version="1" check_existence="all_exist" check="all" comment="/boot/efi/EFI/redhat/grub.cfg exists.">
++        <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:10000600" version="1" check_existence="all_exist" check="all" comment="/boot/efi/EFI/almalinux/grub.cfg exists.">
            <object object_ref="oval:mil.disa.stig.unix:obj:10000600" />
          </file_test>
-         <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" id="oval:mil.disa.stig.unix:tst:10000601" comment="/etc/grub2-efi.cfg exists." version="1">
-@@ -33049,7 +33466,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190</description>
+         <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:tst:10000601" version="1" check_existence="all_exist" check="all" comment="/etc/grub2-efi.cfg exists.">
+@@ -32714,7 +33127,7 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190</description>
            <instance datatype="int">1</instance>
          </textfilecontent54_object>
          <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:10000600" version="1">
@@ -19507,7 +18857,7 @@ index c14013393..8b6269729 100644
          </file_object>
          <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.unix:obj:10000601" version="1">
            <filepath datatype="string">/etc/grub2-efi.cfg</filepath>
-@@ -34740,7 +35157,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190</description>
+@@ -34382,7 +34795,8 @@ Satisfies: SRG-OS-000423-GPOS-00187, SRG-OS-000426-GPOS-00190</description>
            <metadata>
              <title>RHEL 9 is installed</title>
              <affected family="unix">
@@ -19515,25 +18865,25 @@ index c14013393..8b6269729 100644
 +              <platform>Red Hat Enterprise Linux 9</platform>
 +<platform>AlmaLinux 9</platform>
              </affected>
-             <reference ref_id="cpe:/o:redhat:enterprise_linux:9.0" source="CPE" />
+             <reference source="CPE" ref_id="cpe:/o:redhat:enterprise_linux:9.0" />
              <description>RHEL 9 is installed</description>
 diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
-index 5a686b0b2..74a7d8c30 100644
+index 503895c33..33e242420 100644
 --- a/shared/templates/audit_rules_dac_modification/ansible.template
 +++ b/shared/templates/audit_rules_dac_modification/ansible.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  # reboot = true
  # strategy = restrict
  # complexity = low
 diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template
-index daee70210..ae6608360 100644
+index 5d782e0bd..11bd40b58 100644
 --- a/shared/templates/audit_rules_dac_modification/bash.template
 +++ b/shared/templates/audit_rules_dac_modification/bash.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
@@ -19558,22 +18908,22 @@ index b3eab4edb..da237aa3d 100644
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template
-index e62981561..4f8c1b6e5 100644
+index 52d93ba02..18a26fc62 100644
 --- a/shared/templates/audit_rules_login_events/ansible.template
 +++ b/shared/templates/audit_rules_login_events/ansible.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  # reboot = true
  # strategy = restrict
  # complexity = low
 diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template
-index e3c55b43a..0a13eabe8 100644
+index f0b83b1bf..72506c7ee 100644
 --- a/shared/templates/audit_rules_login_events/bash.template
 +++ b/shared/templates/audit_rules_login_events/bash.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  
  # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
  
@@ -19611,7 +18961,7 @@ index 0e2a29c80..a78d71da2 100644
  # strategy = restrict
  # complexity = low
 diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
-index 316171011..aba627753 100644
+index 181597906..f886020ab 100644
 --- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
 +++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
 @@ -1,5 +1,5 @@
@@ -19622,7 +18972,7 @@ index 316171011..aba627753 100644
  
  source common.sh
 diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
-index 1cad34338..55c65dbe2 100644
+index fd902a020..010590172 100644
 --- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
 +++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
 @@ -1,5 +1,5 @@
@@ -19653,22 +19003,22 @@ index bd5bb94cb..d1f68626a 100644
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
-index 9beb65537..e6da688f0 100644
+index 40c2e96a1..87cd84907 100644
 --- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
 +++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  # reboot = true
  # strategy = restrict
  # complexity = low
 diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
-index b18223c98..e82de6427 100644
+index f41ed4106..7ba2388b6 100644
 --- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
 +++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian
  
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
@@ -19722,18 +19072,18 @@ index c5051bcf7..846c0e661 100644
  # reboot = true
  # strategy = restrict
  # complexity = medium
-diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
-index b594abe6d..bac3e9fc6 100644
---- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
-+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
+diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
+index 4c25b2d95..26100fc4e 100644
+--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
++++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_in_entries.fail.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
- {{%- if 'ubuntu' in product %}}
- # packages = grub2
- {{%- else %}}
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
+ # packages = grub2,grubby
+ 
+ source common.sh
 diff --git a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh
 index c6d5b6b1b..8cbc5ae5e 100644
 --- a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh
@@ -19747,14 +19097,14 @@ index c6d5b6b1b..8cbc5ae5e 100644
  {{%- if ARG_VARIABLE %}}
  # variables = {{{ ARG_VARIABLE }}}=correct_value
 diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
-index f43aa99c4..176760218 100644
+index 0ee7a41ca..a31c37bc4 100644
 --- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
 +++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  
--# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,Red Hat Enterprise Linux 10,multi_platform_fedora
+-# platform = multi_platform_fedora,multi_platform_rhel
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
  # packages = grub2,grubby
  
  source common.sh
@@ -19813,22 +19163,22 @@ index 9eda41566..85128bd51 100644
  
  # Ensure the kernel command line for each installed kernel in the bootloader
 diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template
-index 88e846697..a329cbe76 100644
+index b3f7c4121..457c70957 100644
 --- a/shared/templates/kernel_module_disabled/ansible.template
 +++ b/shared/templates/kernel_module_disabled/ansible.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
  # reboot = true
  # strategy = disable
  # complexity = low
 diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template
-index df7229bc4..d6dc65bff 100644
+index 5bf2bffce..683f24818 100644
 --- a/shared/templates/kernel_module_disabled/bash.template
 +++ b/shared/templates/kernel_module_disabled/bash.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro
  # reboot = true
  # strategy = disable
  # complexity = low
@@ -19914,12 +19264,22 @@ index 0ac55f51f..dd0bcddea 100644
  # strategy = enable
  # complexity = low
 diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template
-index 65c48d381..ee1e6386d 100644
+index d19004461..e0d4b55f3 100644
 --- a/shared/templates/package_installed/bash.template
 +++ b/shared/templates/package_installed/bash.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_slmicro,multi_platform_debian
+ # reboot = false
+ # strategy = enable
+ # complexity = low
+diff --git a/shared/templates/package_installed/bootc.template b/shared/templates/package_installed/bootc.template
+index ddac8ef40..86cb91791 100644
+--- a/shared/templates/package_installed/bootc.template
++++ b/shared/templates/package_installed/bootc.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
  # reboot = false
  # strategy = enable
  # complexity = low
@@ -19943,6 +19303,16 @@ index 489f9bb0f..0120d927c 100644
  # reboot = false
  # strategy = disable
  # complexity = low
+diff --git a/shared/templates/package_removed/bootc.template b/shared/templates/package_removed/bootc.template
+index 9e3535578..f0a418432 100644
+--- a/shared/templates/package_removed/bootc.template
++++ b/shared/templates/package_removed/bootc.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
 diff --git a/shared/templates/package_removed/kickstart.template b/shared/templates/package_removed/kickstart.template
 index 486ebbbdc..963412bac 100644
 --- a/shared/templates/package_removed/kickstart.template
@@ -20300,7 +19670,7 @@ index a17337508..1e9769b17 100644
  # strategy = enable
  # complexity = low
 diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template
-index 7bc1bd15d..b5534afd7 100644
+index ecfd73fa8..6c515ced4 100644
 --- a/shared/templates/sebool/bash.template
 +++ b/shared/templates/sebool/bash.template
 @@ -1,4 +1,4 @@
@@ -20340,12 +19710,12 @@ index 1ab456524..724e7b779 100644
  # strategy = disable
  # complexity = low
 diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template
-index 00fd1ee2f..2d99ec854 100644
+index d290a399a..2dc4121f9 100644
 --- a/shared/templates/service_enabled/bash.template
 +++ b/shared/templates/service_enabled/bash.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = false
  # strategy = enable
  # complexity = low
@@ -20360,7 +19730,7 @@ index 451af774a..27ac615a2 100644
  # strategy = disable
  # complexity = low
 diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
-index 7db352eda..8746cc887 100644
+index 6432aa5ce..cfc5131aa 100644
 --- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
 +++ b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
 @@ -1,6 +1,6 @@
@@ -20372,7 +19742,7 @@ index 7db352eda..8746cc887 100644
  source common.sh
  
 diff --git a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
-index e0cd64de1..30c6635e3 100644
+index c5390ff13..b3ecbb2e4 100644
 --- a/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
 +++ b/shared/templates/sshd_lineinfile/tests/duplicated_param_directory.pass.sh
 @@ -1,6 +1,6 @@
@@ -20384,7 +19754,7 @@ index e0cd64de1..30c6635e3 100644
  mkdir -p /etc/ssh/sshd_config.d
  touch /etc/ssh/sshd_config.d/nothing
 diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
-index fd2cfeb10..dc76764bf 100644
+index 7d55e3d0d..d6f41eeb0 100644
 --- a/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
 +++ b/shared/templates/sshd_lineinfile/tests/param_conflict_directory.fail.sh
 @@ -1,6 +1,6 @@
@@ -20393,10 +19763,10 @@ index fd2cfeb10..dc76764bf 100644
 -# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu
 +# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,AlmaLinux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu
  
- SSHD_PARAM={{{ PARAMETER }}}
- SSHD_VAL={{{ VALUE }}}
+ 
+ {{% if XCCDF_VARIABLE %}}
 diff --git a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
-index 2322e1d7c..2f4eebde8 100644
+index c68680483..d43ffa3e8 100644
 --- a/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
 +++ b/shared/templates/sshd_lineinfile/tests/param_conflict_file_with_directory.fail.sh
 @@ -1,6 +1,6 @@
@@ -20405,10 +19775,10 @@ index 2322e1d7c..2f4eebde8 100644
 -# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu
 +# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,AlmaLinux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu
  
- SSHD_PARAM={{{ PARAMETER }}}
- SSHD_VAL={{{ VALUE }}}
+ {{% if XCCDF_VARIABLE %}}
+ # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 diff --git a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
-index 1810d779a..bd4386724 100644
+index 983eb3fda..08466503b 100644
 --- a/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
 +++ b/shared/templates/sshd_lineinfile/tests/wrong_value_directory.fail.sh
 @@ -1,6 +1,6 @@
@@ -20417,15 +19787,15 @@ index 1810d779a..bd4386724 100644
 -# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu
 +# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 9,AlmaLinux 9,Red Hat Enterprise Linux 10,multi_platform_ubuntu
  
- SSHD_PARAM={{{ PARAMETER }}}
- SSHD_VAL="bad_val"
+ {{% if XCCDF_VARIABLE %}}
+ # variables = {{{ XCCDF_VARIABLE }}}={{{ CORRECT_VALUE }}}
 diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template
-index 887adae43..b4395c5a7 100644
+index b3aafbc27..f2755cdc1 100644
 --- a/shared/templates/sysctl/bash.template
 +++ b/shared/templates/sysctl/bash.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle,multi_platform_debian
+-# platform = multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_debian,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = true
  # strategy = disable
  # complexity = low
@@ -20440,27 +19810,27 @@ index 42ec0778d..475010b6a 100644
  # strategy = enable
  # complexity = low
 diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template
-index 336775e4f..854f90a24 100644
+index 73810f216..54434bb42 100644
 --- a/shared/templates/zipl_bls_entries_option/ansible.template
 +++ b/shared/templates/zipl_bls_entries_option/ansible.template
 @@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
-+# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
  # reboot = true
  # strategy = configure
  # complexity = medium
 diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template
-index 25cd7432c..1ba5c29b7 100644
+index e14d59dfc..1b236a130 100644
 --- a/shared/templates/zipl_bls_entries_option/bash.template
 +++ b/shared/templates/zipl_bls_entries_option/bash.template
 @@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
-+# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
  
  # Correct BLS option using grubby, which is a thin wrapper around BLS operations
  grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
 diff --git a/ssg/constants.py b/ssg/constants.py
-index 7f8910743..478c9fab8 100644
+index 6fefa4ed1..1d40d2cd2 100644
 --- a/ssg/constants.py
 +++ b/ssg/constants.py
 @@ -40,6 +40,7 @@ SSG_REF_URIS = {
@@ -20471,7 +19841,7 @@ index 7f8910743..478c9fab8 100644
      'anolis8',
      'anolis23',
      'al2023',
-@@ -201,6 +202,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
+@@ -203,6 +204,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
  FULL_NAME_TO_PRODUCT_MAPPING = {
      "Alibaba Cloud Linux 2": "alinux2",
      "Alibaba Cloud Linux 3": "alinux3",
@@ -20479,16 +19849,16 @@ index 7f8910743..478c9fab8 100644
      "Anolis OS 8": "anolis8",
      "Anolis OS 23": "anolis23",
      "Amazon Linux 2023": "al2023",
-@@ -281,7 +283,7 @@ REFERENCES = dict(
+@@ -284,7 +286,7 @@ REFERENCES = dict(
  )
  
  
 -MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
 +MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhv", "debian", "ubuntu",
-                        "openeuler",
+                        "openeuler", "kylinserver",
                         "opensuse", "sle", "ol", "ocp", "rhcos",
-                        "example", "eks", "alinux", "uos", "anolis", "openembedded", "al",
-@@ -289,6 +291,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
+                        "example", "eks", "alinux", "anolis", "openembedded", "al",
+@@ -292,6 +294,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
  
  MULTI_PLATFORM_MAPPING = {
      "multi_platform_alinux": ["alinux2", "alinux3"],
@@ -20496,7 +19866,7 @@ index 7f8910743..478c9fab8 100644
      "multi_platform_anolis": ["anolis8", "anolis23"],
      "multi_platform_debian": ["debian11", "debian12"],
      "multi_platform_example": ["example"],
-@@ -413,6 +416,7 @@ XCCDF_PLATFORM_TO_PACKAGE = {
+@@ -416,6 +419,7 @@ XCCDF_PLATFORM_TO_PACKAGE = {
  # _version_name_map = {
  MAKEFILE_ID_TO_PRODUCT_MAP = {
      'alinux': 'Alibaba Cloud Linux',
@@ -20505,7 +19875,7 @@ index 7f8910743..478c9fab8 100644
      'chromium': 'Google Chromium Browser',
      'fedora': 'Fedora',
 diff --git a/tests/README.md b/tests/README.md
-index 0f7312877..de0e14626 100644
+index 43978c27d..ffb99bdf0 100644
 --- a/tests/README.md
 +++ b/tests/README.md
 @@ -205,7 +205,7 @@ Using `platform` and `variables` metadata: