rpms
/
scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix AlmaLinux patch

This commit is contained in:
Andrew Lukoshko 2023-10-13 14:53:50 +00:00
parent 7734060a36
commit e12200a0bb
1 changed files with 311 additions and 311 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

622
SOURCES/scap-security-guide-0.1.69-add-almalinux9-product.patch
View File

@ -26198,357 +26198,357 @@ index 061ac2bac..aac521349 100644
export superusers
diff --git a/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml
index 6aec0d608..54669e9f5 100644
index 6c1f3f917..726bbd515 100644
--- a/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel7-v3r12-xccdf-scap.xml
@@ -3228,7 +3228,7 @@ Confirm password:</xccdf:fixtext>
<xccdf:ident system="http://cyber.mil/legacy">SV-95719</xccdf:ident>
<xccdf:ident system="http://cyber.mil/legacy">V-81007</xccdf:ident>
<xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
- <xccdf:fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+ <xccdf:fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
<xccdf:ident system="http://cyber.mil/legacy">SV-95719</xccdf:ident>
<xccdf:ident system="http://cyber.mil/legacy">V-81007</xccdf:ident>
<xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
- <xccdf:fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+ <xccdf:fixtext fixref="F-4564r744097_fix">Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
@@ -4005,7 +4005,7 @@ On BIOS-based machines, use the following command:
On UEFI-based machines, use the following command:
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
On UEFI-based machines, use the following command:
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=&lt;partition of /boot or /boot/efi&gt; must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
@@ -7538,6 +7538,7 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
<affected family="unix">
<platform>multi_platform_fedora</platform>
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_rhel-osp</platform>
</affected>
<description>The prelinking feature can interfere with the operation of
<affected family="unix">
<platform>multi_platform_fedora</platform>
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_rhel-osp</platform>
</affected>
<description>The prelinking feature can interfere with the operation of
@@ -7569,6 +7570,7 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
<title>Package openssh-server Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
<platform>multi_platform_sle</platform>
</affected>
<title>Package openssh-server Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
<platform>multi_platform_sle</platform>
</affected>
@@ -8340,6 +8342,7 @@ Password complexity is one factor of several that determines how long it takes t
<title>Limit Password Reuse</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
</affected>
<description>The passwords to remember should be set correctly.</description>
<title>Limit Password Reuse</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
</affected>
<description>The passwords to remember should be set correctly.</description>
@@ -8356,6 +8359,7 @@ Password complexity is one factor of several that determines how long it takes t
<title>RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element.
<title>RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element.
@@ -8413,6 +8417,7 @@ Terminating network connections associated with communications sessions includes
<title>RHEL-07-030410 - The Red Hat Enterprise Linux operating system must audit all uses of the chmod, fchmod and fchmodat syscalls.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
<title>RHEL-07-030410 - The Red Hat Enterprise Linux operating system must audit all uses of the chmod, fchmod and fchmodat syscalls.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
@@ -8469,6 +8474,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>RHEL-07-030370 - The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat and lchown syscalls.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27364-9" />
<reference ref_id="audit_rules_dac_modification_chown" source="ssg" />
<title>RHEL-07-030370 - The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat and lchown syscalls.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27364-9" />
<reference ref_id="audit_rules_dac_modification_chown" source="ssg" />
@@ -8515,6 +8521,7 @@ When a user logs on, the auid is set to the uid of the account that is being aut
<title>RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr syscalls.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27213-8" />
<reference ref_id="audit_rules_dac_modification_setxattr" source="ssg" />
<title>RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr syscalls.</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27213-8" />
<reference ref_id="audit_rules_dac_modification_setxattr" source="ssg" />
@@ -9612,6 +9619,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Disable Host-Based Authentication</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>SSH host-based authentication should be disabled.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27413-4" />
<title>Disable Host-Based Authentication</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>SSH host-based authentication should be disabled.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27413-4" />
@@ -9627,6 +9635,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Package prelink Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package prelink should be removed.</description>
<reference ref_id="package_prelink_removed" source="ssg" />
<title>Package prelink Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package prelink should be removed.</description>
<reference ref_id="package_prelink_removed" source="ssg" />
@@ -9770,6 +9779,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Mount Remote Filesystems with nosuid</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-80240-5" />
<reference ref_id="mount_option_nosuid_remote_filesystems" source="ssg" />
<title>Mount Remote Filesystems with nosuid</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-80240-5" />
<reference ref_id="mount_option_nosuid_remote_filesystems" source="ssg" />
@@ -9800,6 +9810,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Package net-snmp Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package net-snmp should be removed.</description>
<reference ref_id="package_net-snmp_removed" source="ssg" />
<title>Package net-snmp Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package net-snmp should be removed.</description>
<reference ref_id="package_net-snmp_removed" source="ssg" />
@@ -9827,6 +9838,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Package telnet-server Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package telnet-server should be removed.</description>
<reference ref_id="package_telnet-server_removed" source="ssg" />
<title>Package telnet-server Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package telnet-server should be removed.</description>
<reference ref_id="package_telnet-server_removed" source="ssg" />
@@ -9855,6 +9867,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Package vsftpd Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package vsftpd should be removed.</description>
<reference ref_id="package_vsftpd_removed" source="ssg" />
<title>Package vsftpd Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>The RPM package vsftpd should be removed.</description>
<reference ref_id="package_vsftpd_removed" source="ssg" />
@@ -9868,6 +9881,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Package xorg-x11-server-common Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27218-7" />
<title>Package xorg-x11-server-common Removed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27218-7" />
@@ -9897,6 +9911,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Ensure /home Located On Separate Partition</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>If user home directories will be stored locally, create a
separate partition for /home. If /home will be mounted from another
<title>Ensure /home Located On Separate Partition</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>If user home directories will be stored locally, create a
separate partition for /home. If /home will be mounted from another
@@ -9915,6 +9930,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Ensure /var Located On Separate Partition</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-26404-4" />
<reference ref_id="partition_for_var" source="ssg" />
<title>Ensure /var Located On Separate Partition</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-26404-4" />
<reference ref_id="partition_for_var" source="ssg" />
@@ -9933,6 +9949,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Ensure /var/log/audit Located On Separate Partition</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-26971-2" />
<reference ref_id="partition_for_var_log_audit" source="ssg" />
<title>Ensure /var/log/audit Located On Separate Partition</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-26971-2" />
<reference ref_id="partition_for_var_log_audit" source="ssg" />
@@ -9952,6 +9969,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<affected family="unix">
<platform>multi_platform_fedora</platform>
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Verify the RPM digests of system binaries using the RPM database.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27157-7" />
<affected family="unix">
<platform>multi_platform_fedora</platform>
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>Verify the RPM digests of system binaries using the RPM database.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27157-7" />
@@ -10026,6 +10044,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Ensure Only Protocol 2 Connections Allowed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_debian</platform>
<platform>multi_platform_ubuntu</platform>
</affected>
<title>Ensure Only Protocol 2 Connections Allowed</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_debian</platform>
<platform>multi_platform_ubuntu</platform>
</affected>
@@ -10062,6 +10081,7 @@ The system call rules are loaded into a matching engine that intercepts each sys
<title>Disable .rhosts Files</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27377-1" />
<reference ref_id="sshd_disable_rhosts" source="ssg" />
<title>Disable .rhosts Files</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27377-1" />
<reference ref_id="sshd_disable_rhosts" source="ssg" />
@@ -10127,6 +10147,7 @@ This should be disabled.</description>
<title>Do Not Allow Users to Set Environment Options</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>PermitUserEnvironment should be disabled</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27363-1" />
<title>Do Not Allow Users to Set Environment Options</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
</affected>
<description>PermitUserEnvironment should be disabled</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-27363-1" />
@@ -10476,6 +10497,7 @@ By specifying a cipher list with the order of ciphers being in a "strongest to w
<title>Package openssh-server is version 7.4 or higher</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
<platform>multi_platform_sle</platform>
</affected>
<title>Package openssh-server is version 7.4 or higher</title>
<affected family="unix">
<platform>multi_platform_rhel</platform>
+<platform>multi_platform_almalinux</platform>
<platform>multi_platform_fedora</platform>
<platform>multi_platform_sle</platform>
</affected>
@@ -10712,12 +10734,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
<description>The UEFI grub2 boot loader should have password protection enabled.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-80354-4" />
</metadata>
- <criteria operator="OR" comment="If we are NOT running RHEL 7.0 or 7.1 and /boot/efi/EFI/redhat/grub.cfg exists, THEN check for password and superuser settings in grub.cfg">
+ <criteria operator="OR" comment="If we are NOT running RHEL 7.0 or 7.1 and /boot/efi/EFI/almalinux/grub.cfg exists, THEN check for password and superuser settings in grub.cfg">
<criterion comment="Running RHEL 7.0 or 7.1?" test_ref="oval:mil.disa.stig.rhel7:tst:8658500" />
- <criterion comment="Pass if /boot/efi/EFI/redhat/grub.cfg does not exist" test_ref="oval:mil.disa.stig.rhel7:tst:913" />
+ <criterion comment="Pass if /boot/efi/EFI/almalinux/grub.cfg does not exist" test_ref="oval:mil.disa.stig.rhel7:tst:913" />
<criteria operator="AND">
- <criterion comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571900" />
- <criterion comment="make sure a superuser is defined in /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571901" />
+ <criterion comment="make sure a password is defined in /boot/efi/EFI/almalinux/user.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571900" />
+ <criterion comment="make sure a superuser is defined in /boot/efi/EFI/almalinux/grub.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571901" />
</criteria>
</criteria>
</definition>
<description>The UEFI grub2 boot loader should have password protection enabled.</description>
<reference ref_url="http://cce.mitre.org" source="CCE" ref_id="CCE-80354-4" />
</metadata>
- <criteria operator="OR" comment="If we are NOT running RHEL 7.0 or 7.1 and /boot/efi/EFI/redhat/grub.cfg exists, THEN check for password and superuser settings in grub.cfg">
+ <criteria operator="OR" comment="If we are NOT running RHEL 7.0 or 7.1 and /boot/efi/EFI/almalinux/grub.cfg exists, THEN check for password and superuser settings in grub.cfg">
<criterion comment="Running RHEL 7.0 or 7.1?" test_ref="oval:mil.disa.stig.rhel7:tst:8658500" />
- <criterion comment="Pass if /boot/efi/EFI/redhat/grub.cfg does not exist" test_ref="oval:mil.disa.stig.rhel7:tst:913" />
+ <criterion comment="Pass if /boot/efi/EFI/almalinux/grub.cfg does not exist" test_ref="oval:mil.disa.stig.rhel7:tst:913" />
<criteria operator="AND">
- <criterion comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571900" />
- <criterion comment="make sure a superuser is defined in /boot/efi/EFI/redhat/grub.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571901" />
+ <criterion comment="make sure a password is defined in /boot/efi/EFI/almalinux/user.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571900" />
+ <criterion comment="make sure a superuser is defined in /boot/efi/EFI/almalinux/grub.cfg" test_ref="oval:mil.disa.stig.rhel7:tst:9571901" />
</criteria>
</criteria>
</definition>
@@ -11662,7 +11684,7 @@ This requirement addresses concurrent sessions for information system accounts a
<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/grub2/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:909" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:2710" />
</file_test>
- <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/efi/EFI/redhat/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:913" version="1">
+ <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/efi/EFI/almalinux/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:913" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:2713" />
</file_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="GUI banner is enabled" id="oval:mil.disa.stig.rhel7:tst:925" version="1">
<file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/grub2/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:909" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:2710" />
</file_test>
- <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/efi/EFI/redhat/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:913" version="1">
+ <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="none_exist" comment="/boot/efi/EFI/almalinux/grub.cfg does not exist" id="oval:mil.disa.stig.rhel7:tst:913" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:2713" />
</file_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="GUI banner is enabled" id="oval:mil.disa.stig.rhel7:tst:925" version="1">
@@ -12191,10 +12213,10 @@ This requirement addresses concurrent sessions for information system accounts a
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/grub2/grub.cfg files." id="oval:mil.disa.stig.rhel7:tst:9571701" version="2">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571701" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" id="oval:mil.disa.stig.rhel7:tst:9571900" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/almalinux/user.cfg" id="oval:mil.disa.stig.rhel7:tst:9571900" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571900" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/efi/EFI/redhat/grub.cfg." id="oval:mil.disa.stig.rhel7:tst:9571901" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/efi/EFI/almalinux/grub.cfg." id="oval:mil.disa.stig.rhel7:tst:9571901" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571901" />
</textfilecontent54_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="/etc/audisp/plugins.d/au-remote.conf active = yes" id="oval:mil.disa.stig.rhel7:tst:9572700" version="2">
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/grub2/grub.cfg files." id="oval:mil.disa.stig.rhel7:tst:9571701" version="2">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571701" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/redhat/user.cfg" id="oval:mil.disa.stig.rhel7:tst:9571900" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="make sure a password is defined in /boot/efi/EFI/almalinux/user.cfg" id="oval:mil.disa.stig.rhel7:tst:9571900" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571900" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/efi/EFI/redhat/grub.cfg." id="oval:mil.disa.stig.rhel7:tst:9571901" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="superuser is defined in /boot/efi/EFI/almalinux/grub.cfg." id="oval:mil.disa.stig.rhel7:tst:9571901" version="1">
<object object_ref="oval:mil.disa.stig.rhel7:obj:9571901" />
</textfilecontent54_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="at_least_one_exists" comment="/etc/audisp/plugins.d/au-remote.conf active = yes" id="oval:mil.disa.stig.rhel7:tst:9572700" version="2">
@@ -13639,7 +13661,7 @@ This requirement addresses concurrent sessions for information system accounts a
<filepath>/boot/grub2/grub.cfg</filepath>
</file_object>
<file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.rhel7:obj:2713" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/grub.cfg</filepath>
</file_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:2720" version="6">
<behaviors multiline="true" max_depth="1" recurse_direction="down" />
<filepath>/boot/grub2/grub.cfg</filepath>
</file_object>
<file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" id="oval:mil.disa.stig.rhel7:obj:2713" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/grub.cfg</filepath>
</file_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:2720" version="6">
<behaviors multiline="true" max_depth="1" recurse_direction="down" />
@@ -14441,12 +14463,12 @@ This requirement addresses concurrent sessions for information system accounts a
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:9571900" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/user.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/user.cfg</filepath>
<pattern operation="pattern match">^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512\.\S+$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:9571901" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/grub.cfg</filepath>
<pattern operation="pattern match">^[\s]*set[\s]+superusers=\"\S+\"$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:9571900" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/user.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/user.cfg</filepath>
<pattern operation="pattern match">^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512\.\S+$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" id="oval:mil.disa.stig.rhel7:obj:9571901" version="2">
- <filepath operation="equals">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <filepath operation="equals">/boot/efi/EFI/almalinux/grub.cfg</filepath>
<pattern operation="pattern match">^[\s]*set[\s]+superusers=\"\S+\"$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
@@ -15022,7 +15044,7 @@ This requirement addresses concurrent sessions for information system accounts a
<external_variable comment="Value of var_accounts_user_umask (the required umask) as string" datatype="string" id="oval:mil.disa.stig.rhel7:var:4211" version="1" />
<constant_variable datatype="string" id="oval:mil.disa.stig.rhel7:var:12600" comment="grub.cfg locations" version="2">
<value>/boot/grub2/grub.cfg</value>
- <value>/boot/efi/EFI/redhat/grub.cfg</value>
+ <value>/boot/efi/EFI/almalinux/grub.cfg</value>
</constant_variable>
<constant_variable datatype="string" comment="other sysctl configuration file locations" id="oval:mil.disa.stig.rhel7:var:14400" version="1">
<value>/etc/sysctl.d</value>
<external_variable comment="Value of var_accounts_user_umask (the required umask) as string" datatype="string" id="oval:mil.disa.stig.rhel7:var:4211" version="1" />
<constant_variable datatype="string" id="oval:mil.disa.stig.rhel7:var:12600" comment="grub.cfg locations" version="2">
<value>/boot/grub2/grub.cfg</value>
- <value>/boot/efi/EFI/redhat/grub.cfg</value>
+ <value>/boot/efi/EFI/almalinux/grub.cfg</value>
</constant_variable>
<constant_variable datatype="string" comment="other sysctl configuration file locations" id="oval:mil.disa.stig.rhel7:var:14400" version="1">
<value>/etc/sysctl.d</value>
diff --git a/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml
index b417e7fec..ebaf26f52 100644
index a6e6e2c0b..6352e2e24 100644
--- a/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel8-v1r10-xccdf-scap.xml
@@ -2549,7 +2549,7 @@ SHA_CRYPT_MIN_ROUNDS 5000</xccdf:fixtext>
<dc:identifier>2921</dc:identifier>
</xccdf:reference>
<xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
- <xccdf:fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+ <xccdf:fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
<dc:identifier>2921</dc:identifier>
</xccdf:reference>
<xccdf:ident system="http://cyber.mil/cci">CCI-000213</xccdf:ident>
- <xccdf:fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+ <xccdf:fixtext fixref="F-32878r743921_fix">Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
Generate an encrypted grub2 password for the grub superusers account with the following command:
@@ -10026,11 +10026,11 @@ Passwords need to be protected at all times, and encryption is the standard meth
</affected>
<description>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</description>
</metadata>
- <criteria operator="OR" comment="IF /boot/efi/EFI/redhat/grub.cfg exists, THEN verify a UEFI GRUB superuser password is configured.">
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" negate="true" />
+ <criteria operator="OR" comment="IF /boot/efi/EFI/almalinux/grub.cfg exists, THEN verify a UEFI GRUB superuser password is configured.">
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" negate="true" />
<criteria>
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg:superusers exists and has a name." test_ref="oval:mil.disa.stig.rhel8:tst:10600" />
- <criterion comment="/boot/efi/EFI/redhat/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." test_ref="oval:mil.disa.stig.rhel8:tst:10601" />
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg:superusers exists and has a name." test_ref="oval:mil.disa.stig.rhel8:tst:10600" />
+ <criterion comment="/boot/efi/EFI/almalinux/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." test_ref="oval:mil.disa.stig.rhel8:tst:10601" />
</criteria>
</criteria>
</definition>
</affected>
<description>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</description>
</metadata>
- <criteria operator="OR" comment="IF /boot/efi/EFI/redhat/grub.cfg exists, THEN verify a UEFI GRUB superuser password is configured.">
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" negate="true" />
+ <criteria operator="OR" comment="IF /boot/efi/EFI/almalinux/grub.cfg exists, THEN verify a UEFI GRUB superuser password is configured.">
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" negate="true" />
<criteria>
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg:superusers exists and has a name." test_ref="oval:mil.disa.stig.rhel8:tst:10600" />
- <criterion comment="/boot/efi/EFI/redhat/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." test_ref="oval:mil.disa.stig.rhel8:tst:10601" />
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg:superusers exists and has a name." test_ref="oval:mil.disa.stig.rhel8:tst:10600" />
+ <criterion comment="/boot/efi/EFI/almalinux/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." test_ref="oval:mil.disa.stig.rhel8:tst:10601" />
</criteria>
</criteria>
</definition>
@@ -10696,7 +10696,7 @@ Configuration settings are the set of parameters that can be changed in hardware
<description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</description>
</metadata>
<criteria operator="OR" comment="The system is UEFI or /boot is mounted and configured with the nosuid option">
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" />
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" />
<criteria>
<criterion test_ref="oval:mil.disa.stig.rhel8:tst:16200" comment="/boot is mounted an configured with the nosuid option." />
<criterion test_ref="oval:mil.disa.stig.rhel8:tst:16201" comment="If /boot is configured in /etc/fstab it is with the nosuid option." />
<description>The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.</description>
</metadata>
<criteria operator="OR" comment="The system is UEFI or /boot is mounted and configured with the nosuid option">
- <criterion comment="/boot/efi/EFI/redhat/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" />
+ <criterion comment="/boot/efi/EFI/almalinux/grub.cfg exists." test_ref="oval:mil.disa.stig.rhel8:tst:10602" />
<criteria>
<criterion test_ref="oval:mil.disa.stig.rhel8:tst:16200" comment="/boot is mounted an configured with the nosuid option." />
<criterion test_ref="oval:mil.disa.stig.rhel8:tst:16201" comment="If /boot is configured in /etc/fstab it is with the nosuid option." />
@@ -14092,15 +14092,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
<object object_ref="oval:mil.disa.stig.rhel8:obj:10501" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10500" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10600" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10600" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10600" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10600" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." id="oval:mil.disa.stig.rhel8:tst:10601" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." id="oval:mil.disa.stig.rhel8:tst:10601" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10601" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10601" />
</textfilecontent54_test>
- <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/grub.cfg exists." id="oval:mil.disa.stig.rhel8:tst:10602" version="1">
+ <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/grub.cfg exists." id="oval:mil.disa.stig.rhel8:tst:10602" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10602" />
</file_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/grub2/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10700" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10501" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10500" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10600" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10600" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10600" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10600" />
</textfilecontent54_test>
- <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." id="oval:mil.disa.stig.rhel8:tst:10601" version="1">
+ <textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/user.cfg:GRUB2_PASSWORD exists and has a PBKDF2/SHA512 password assigned." id="oval:mil.disa.stig.rhel8:tst:10601" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10601" />
<state state_ref="oval:mil.disa.stig.rhel8:ste:10601" />
</textfilecontent54_test>
- <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" comment="/boot/efi/EFI/redhat/grub.cfg exists." id="oval:mil.disa.stig.rhel8:tst:10602" version="1">
+ <file_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" check="all" check_existence="all_exist" comment="/boot/efi/EFI/almalinux/grub.cfg exists." id="oval:mil.disa.stig.rhel8:tst:10602" version="1">
<object object_ref="oval:mil.disa.stig.rhel8:obj:10602" />
</file_test>
<textfilecontent54_test xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" check="all" check_existence="all_exist" comment="/boot/grub2/grub.cfg:superusers exists and has a name." id="oval:mil.disa.stig.rhel8:tst:10700" version="1">
@@ -15677,18 +15677,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
<pattern operation="pattern match">^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/redhat/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10600" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/almalinux/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10600" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/grub.cfg</filepath>
<pattern operation="pattern match">^\s*set\s+superusers\s*=\s*"(\w+)"\s*$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/redhat/grubenv:kernelopts" id="oval:mil.disa.stig.rhel8:obj:10601" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/user.cfg</filepath>
+ <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/almalinux/grubenv:kernelopts" id="oval:mil.disa.stig.rhel8:obj:10601" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/user.cfg</filepath>
<pattern operation="pattern match">^\s*GRUB2_PASSWORD=(\S+)\b</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" comment="/boot/efi/EFI/redhat/grub.cfg" id="oval:mil.disa.stig.rhel8:obj:10602" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" comment="/boot/efi/EFI/almalinux/grub.cfg" id="oval:mil.disa.stig.rhel8:obj:10602" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/grub.cfg</filepath>
</file_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/grub2/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10700" version="1">
<filepath datatype="string">/boot/grub2/grub.cfg</filepath>
<pattern operation="pattern match">^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/redhat/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10600" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/almalinux/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10600" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/grub.cfg</filepath>
<pattern operation="pattern match">^\s*set\s+superusers\s*=\s*"(\w+)"\s*$</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/redhat/grubenv:kernelopts" id="oval:mil.disa.stig.rhel8:obj:10601" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/user.cfg</filepath>
+ <textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/efi/EFI/almalinux/grubenv:kernelopts" id="oval:mil.disa.stig.rhel8:obj:10601" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/user.cfg</filepath>
<pattern operation="pattern match">^\s*GRUB2_PASSWORD=(\S+)\b</pattern>
<instance datatype="int" operation="greater than or equal">1</instance>
</textfilecontent54_object>
- <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" comment="/boot/efi/EFI/redhat/grub.cfg" id="oval:mil.disa.stig.rhel8:obj:10602" version="1">
- <filepath datatype="string">/boot/efi/EFI/redhat/grub.cfg</filepath>
+ <file_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#unix" comment="/boot/efi/EFI/almalinux/grub.cfg" id="oval:mil.disa.stig.rhel8:obj:10602" version="1">
+ <filepath datatype="string">/boot/efi/EFI/almalinux/grub.cfg</filepath>
</file_object>
<textfilecontent54_object xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5#independent" comment="/boot/grub2/grub.cfg:superusers" id="oval:mil.disa.stig.rhel8:obj:10700" version="1">
<filepath datatype="string">/boot/grub2/grub.cfg</filepath>
diff --git a/shared/references/disa-stig-rhel8-v1r11-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r11-xccdf-manual.xml
index 747e322d8..2fd54a056 100644
--- a/shared/references/disa-stig-rhel8-v1r11-xccdf-manual.xml