From e56035d06d1cc0706191016507984f04d606a965 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Wed, 28 Aug 2024 12:02:34 +0000 Subject: [PATCH] Update AlmaLinux patch --- ...guide-0.1.74-add-almalinux9-product.patch} | 2225 ++++++++--------- 1 file changed, 1106 insertions(+), 1119 deletions(-) rename SOURCES/{scap-security-guide-0.1.73-add-almalinux9-product.patch => scap-security-guide-0.1.74-add-almalinux9-product.patch} (94%) diff --git a/SOURCES/scap-security-guide-0.1.73-add-almalinux9-product.patch b/SOURCES/scap-security-guide-0.1.74-add-almalinux9-product.patch similarity index 94% rename from SOURCES/scap-security-guide-0.1.73-add-almalinux9-product.patch rename to SOURCES/scap-security-guide-0.1.74-add-almalinux9-product.patch index 24bf5f0..02d8bb7 100644 --- a/SOURCES/scap-security-guide-0.1.73-add-almalinux9-product.patch +++ b/SOURCES/scap-security-guide-0.1.74-add-almalinux9-product.patch @@ -1,16 +1,16 @@ diff --git a/CMakeLists.txt b/CMakeLists.txt -index 5d4bc725f..747c58353 100644 +index 4c258307d..ddee99e14 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt -@@ -80,6 +80,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui - # unless explicitly asked for. +@@ -85,6 +85,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui + # project. Note that the example product is always disabled unless explicitly asked for. option(SSG_PRODUCT_ALINUX2 "If enabled, the Alibaba Cloud Linux 2 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_ALINUX3 "If enabled, the Alibaba Cloud Linux 3 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) +option(SSG_PRODUCT_ALMALINUX9 "If enabled, the AlmaLinux 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_ANOLIS8 "If enabled, the Anolis OS 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_ANOLIS23 "If enabled, the Anolis OS 23 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) -@@ -310,6 +311,7 @@ message(STATUS " ") +@@ -313,6 +314,7 @@ message(STATUS " ") message(STATUS "Products:") message(STATUS "Alibaba Cloud Linux 2: ${SSG_PRODUCT_ALINUX2}") message(STATUS "Alibaba Cloud Linux 3: ${SSG_PRODUCT_ALINUX3}") @@ -18,7 +18,7 @@ index 5d4bc725f..747c58353 100644 message(STATUS "Anolis OS 8: ${SSG_PRODUCT_ANOLIS8}") message(STATUS "Anolis OS 23: ${SSG_PRODUCT_ANOLIS23}") message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") -@@ -380,6 +382,9 @@ endif() +@@ -377,6 +379,9 @@ endif() if(SSG_PRODUCT_ALINUX3) add_subdirectory("products/alinux3" "alinux3") endif() @@ -29,11 +29,11 @@ index 5d4bc725f..747c58353 100644 add_subdirectory("products/anolis8" "anolis8") endif() diff --git a/build_product b/build_product -index e6fb86991..5b17c591c 100755 +index b3246a268..b89a05eb8 100755 --- a/build_product +++ b/build_product -@@ -347,6 +347,7 @@ set_explict_build_targets() { - all_cmake_products=( +@@ -351,6 +351,7 @@ all_cmake_products=( + AL2023 ALINUX2 ALINUX3 + ALMALINUX9 @@ -41,7 +41,7 @@ index e6fb86991..5b17c591c 100755 ANOLIS23 CHROMIUM diff --git a/components/rpm.yml b/components/rpm.yml -index 2b00bd908..4fc431b04 100644 +index f32f248ad..8a05dca3f 100644 --- a/components/rpm.yml +++ b/components/rpm.yml @@ -9,6 +9,7 @@ rules: @@ -53,10 +53,10 @@ index 2b00bd908..4fc431b04 100644 - ensure_gpgcheck_globally_activated - ensure_gpgcheck_local_packages diff --git a/controls/anssi.yml b/controls/anssi.yml -index d02cd2523..d9bb3907e 100644 +index 247a9c44a..1e747157d 100644 --- a/controls/anssi.yml +++ b/controls/anssi.yml -@@ -1238,7 +1238,7 @@ controls: +@@ -1244,7 +1244,7 @@ controls: - ensure_gpgcheck_never_disabled - ensure_gpgcheck_globally_activated - ensure_gpgcheck_local_packages @@ -65,7 +65,7 @@ index d02cd2523..d9bb3907e 100644 - ensure_oracle_gpgkey_installed - id: R60 -@@ -1356,7 +1356,6 @@ controls: +@@ -1362,7 +1362,6 @@ controls: When authentication takes place through a remote application (network), the authentication protocol used by PAM must be secure (flow encryption, remote server authentication, anti-replay mechanisms, ...). @@ -73,7 +73,7 @@ index d02cd2523..d9bb3907e 100644 notes: |- In RHEL systems, remote authentication is handled through sssd service. PAM delegates requests for remote authentication to this service through a -@@ -1379,10 +1378,6 @@ controls: +@@ -1385,10 +1384,6 @@ controls: {{% endif %}} related_rules: - package_sssd-ipa_installed @@ -84,8 +84,21 @@ index d02cd2523..d9bb3907e 100644 - id: R68 title: Protecting stored passwords +diff --git a/controls/cis_rhel10.yml b/controls/cis_rhel10.yml +index f2a4cdc5e..3ac8392cd 100644 +--- a/controls/cis_rhel10.yml ++++ b/controls/cis_rhel10.yml +@@ -360,7 +360,7 @@ controls: + - l1_workstation + status: manual + related_rules: +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + + - id: 1.2.1.2 + title: Ensure gpgcheck is globally activated (Automated) diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml -index 48406c172..28ae0c5c2 100644 +index 102793f78..07f20d0c0 100644 --- a/controls/cis_rhel8.yml +++ b/controls/cis_rhel8.yml @@ -353,7 +353,7 @@ controls: @@ -98,20 +111,104 @@ index 48406c172..28ae0c5c2 100644 - id: 1.2.2 title: Ensure gpgcheck is globally activated (Automated) diff --git a/controls/cis_rhel9.yml b/controls/cis_rhel9.yml -index b6dfc5736..e7fc56cfe 100644 +index ffa633298..f718a26b1 100644 --- a/controls/cis_rhel9.yml +++ b/controls/cis_rhel9.yml -@@ -308,7 +308,7 @@ controls: +@@ -360,7 +360,7 @@ controls: - l1_workstation status: manual related_rules: - - ensure_redhat_gpgkey_installed + - ensure_almalinux_gpgkey_installed - - id: 1.2.2 + - id: 1.2.1.2 title: Ensure gpgcheck is globally activated (Automated) +diff --git a/controls/e8.yml b/controls/e8.yml +index 7656fb7ae..aa66e557c 100644 +--- a/controls/e8.yml ++++ b/controls/e8.yml +@@ -23,7 +23,7 @@ controls: + - service_avahi-daemon_disabled + - package_squid_removed + - service_squid_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_globally_activated +diff --git a/controls/hipaa.yml b/controls/hipaa.yml +index a2eaad9c6..28add3325 100644 +--- a/controls/hipaa.yml ++++ b/controls/hipaa.yml +@@ -163,7 +163,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1376,7 +1376,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1406,7 +1406,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1425,7 +1425,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -1699,7 +1699,7 @@ controls: + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled + - ensure_gpgcheck_repo_metadata +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +diff --git a/controls/ospp.yml b/controls/ospp.yml +index 1734ed07b..052ad09e2 100644 +--- a/controls/ospp.yml ++++ b/controls/ospp.yml +@@ -552,7 +552,7 @@ controls: + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + +@@ -566,7 +566,7 @@ controls: + - ensure_gpgcheck_globally_activated + - ensure_gpgcheck_local_packages + - ensure_gpgcheck_never_disabled +- - ensure_redhat_gpgkey_installed ++ - ensure_almalinux_gpgkey_installed + - ensure_suse_gpgkey_installed + status: automated + diff --git a/controls/pcidss_4.yml b/controls/pcidss_4.yml -index 1b2cd2e27..374f27ef7 100644 +index 644c31313..695166558 100644 --- a/controls/pcidss_4.yml +++ b/controls/pcidss_4.yml @@ -1549,7 +1549,7 @@ controls: @@ -124,22 +221,20 @@ index 1b2cd2e27..374f27ef7 100644 - ensure_gpgcheck_globally_activated - ensure_gpgcheck_never_disabled diff --git a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml -index 77571c24c..d4672d117 100644 +index 77571c24c..7d36e6e18 100644 --- a/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml +++ b/controls/srg_gpos/SRG-OS-000366-GPOS-00153.yml -@@ -12,9 +12,7 @@ controls: - - ensure_gpgcheck_globally_activated - - ensure_gpgcheck_local_packages - - ensure_gpgcheck_never_disabled -- {{% if 'rhel' in product %}} -- - ensure_redhat_gpgkey_installed -- {{% endif %}} -+ - ensure_almalinux_gpgkey_installed +@@ -18,5 +18,8 @@ controls: {{% if 'ol' in product %}} - ensure_oracle_gpgkey_installed {{% endif %}} ++ {{% if 'almalinux' in product %}} ++ - ensure_almalinux_gpgkey_installed ++ {{% endif %}} + + status: automated diff --git a/controls/stig_rhel9.yml b/controls/stig_rhel9.yml -index 49e9d1e29..1de7ebe9b 100644 +index c2ce40e0b..2d9836b69 100644 --- a/controls/stig_rhel9.yml +++ b/controls/stig_rhel9.yml @@ -386,7 +386,7 @@ controls: @@ -152,22 +247,22 @@ index 49e9d1e29..1de7ebe9b 100644 - id: RHEL-09-214015 diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml -index 47d373ac3..3583836a0 100644 +index 3b17acca6..adba274db 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -11,13 +11,13 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -175,68 +270,68 @@ index 47d373ac3..3583836a0 100644 utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml -index 95271f7f7..37ad3a79c 100644 +index 9756ead9e..c1a4d2c76 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml -index 3e671303b..4e399addd 100644 +index 240ad18ff..15aadcdbc 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml @@ -11,13 +11,13 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -244,68 +339,68 @@ index 3e671303b..4e399addd 100644 utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml -index 446d7bd3c..163387a68 100644 +index 574ecc36d..6e4d8d783 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml -index a83fb513f..59c6d45df 100644 +index 9c88331a0..96003db79 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -10,13 +10,13 @@ description: |- program to read audit rules during daemon startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -313,63 +408,63 @@ index a83fb513f..59c6d45df 100644 utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml -index c46dc6dd0..f76604368 100644 +index 8c8f9b4df..92db5e6e9 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
--{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} +-{{%- if product in ["ol8", "ol9", "rhel8", "rhel9"] or 'ubuntu' in product %}} ++{{%- if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] or 'ubuntu' in product %}} 
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml -index b88b106a4..ec859c6c2 100644 +index 2fe1d2081..be5512c21 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml -index 4431537de..240070ba1 100644 +index ecf5cc94c..e7f7633bc 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml @@ -1,4 +1,4 @@ @@ -379,37 +474,37 @@ index 4431537de..240070ba1 100644 {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml -index 5f9cad679..0366d1732 100644 +index 7f9a6d07e..13283e92d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml -index 24b333352..5bc3a371b 100644 +index fde14f70c..b894fc96d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml -index 3ecdebdb5..93fc32b9a 100644 +index 7373a058f..e602a2c35 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml -index 1214ad408..a7dee9775 100644 +index 83c97ec3e..1313d59ea 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml @@ -1,4 +1,4 @@ @@ -931,6 +1026,18 @@ index 6ef31d987..2da0682e0 100644 ./generate_privileged_commands_rule.sh {{{ uid_min }}} privileged /etc/audit/rules.d/privileged.rules +diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh +index 45acc82b6..2505b138b 100644 +--- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh ++++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_multiple_partitions.fail.sh +@@ -1,6 +1,6 @@ + #!/bin/bash + # packages = audit +-# platform = multi_platform_fedora,multi_platform_rhel,Oracle Linux 7,Oracle Linux 8 ++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,Oracle Linux 7,Oracle Linux 8 + + . $SHARED/partition.sh + diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh index 79c0bb972..2968492ac 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_without_perm_x.pass.sh @@ -979,7 +1086,7 @@ index 81fc6dd16..9c3f84ef8 100644 ./generate_privileged_commands_rule.sh {{{ uid_min }}} own_key /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml -index d5ec19271..86b0d2358 100644 +index 9157c17f2..f7d274205 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml @@ -1,4 +1,4 @@ @@ -989,157 +1096,147 @@ index d5ec19271..86b0d2358 100644 {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml -index d891fc1fc..30673c92c 100644 +index 699c2d8c3..0119493b3 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml -index ea03eab50..c56b3b568 100644 +index 8c2f54aa9..2c406e634 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml -index bb54d9f50..54cc53861 100644 +index 457617560..2ffa5534b 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml -index b54fefd34..f426d37f6 100644 +index f911a1d55..520094144 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_dbus_daemon_launch_helper/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml -index de8adac1e..ca7913543 100644 +index 561a4974d..e91db62ba 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml -index 3b94d7faa..e60224fcd 100644 +index b500a24a9..59e228acd 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_fusermount3/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml -index 8180bd48a..49e035e4a 100644 +index 90b3941f0..60d2d8077 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml -index cf58bda23..eca79ad87 100644 +index 88a766528..e5a38cc86 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_grub2_set_bootflag/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml -index 5baa999e7..cb49a4d71 100644 +index 6c114c13c..5c5f7185c 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml @@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_rhel -+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh -index 29bfc7be7..d0910b1c6 100644 +index f4fff8181..6c379ca01 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh @@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu,multi_platform_debian # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}} -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml -index 0d5422c37..923089b93 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["ol7", "rhel7", "rhel8", "rhel9"] %}} -+{{%- if product in ["ol7", "rhel7", "rhel8", "rhel9", "almalinux9"] %}} - {{%- set kmod_audit="-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=" ~ uid_min ~ " -F auid!=unset -F key=privileged" %}} - {{%- else %}} - {{%- set kmod_audit="-w /usr/bin/kmod -p x -k modules" %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml -index 8f61ee32a..07ddf4291 100644 +index 44feb6dc4..7a5b0fa5e 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml @@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_rhel -+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh -index ed9771d0d..665d2cc0f 100644 +index c4c78f756..c9c2d7239 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh @@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu -+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu +-# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_debian,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml -index e773b8a2e..49088b389 100644 +index 0a926a6e8..f20b56a6f 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml -index 54e0d6227..d1de5e66f 100644 +index aaf7d582d..407456b42 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount_nfs/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml -index a2014eb70..861d6ccfe 100644 +index 2576c601a..b370e724f 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml @@ -1,4 +1,4 @@ @@ -1149,17 +1246,17 @@ index a2014eb70..861d6ccfe 100644 {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml -index 7da59f723..cfea265d7 100644 +index 03ef13994..c7b265fb5 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml -index 32f9f451e..6259d09d0 100644 +index eade8c773..9b7cf6502 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml @@ -1,4 +1,4 @@ @@ -1169,67 +1266,67 @@ index 32f9f451e..6259d09d0 100644 {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml -index b7e787772..c67b7f4a8 100644 +index d8f56e495..0fca7dc10 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml -index 1bbfd35d8..f3a008c3a 100644 +index e56a86204..33a358b9b 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml -index 53dc91957..2f6f1c102 100644 +index 6c01ca01c..e3d06dbb3 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pkexec/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml -index bc443d98c..425cbdbbb 100644 +index 69d289386..885d6d1fc 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_polkit_helper/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml -index c3cfc617b..4ad88e7e1 100644 +index 778db53e1..e02f0d34a 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml -index 33490fcf5..8bc144232 100644 +index ab922936f..01e4924cd 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml -index a33830c58..4c3bc3154 100644 +index b3117ec8c..953a43454 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml @@ -1,4 +1,4 @@ @@ -1239,137 +1336,127 @@ index a33830c58..4c3bc3154 100644 {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml -index f3c3324e2..d5545d32c 100644 +index 7e18fe435..a27adad2d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml @@ -1,4 +1,4 @@ --# platform = multi_platform_sle,multi_platform_rhel -+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux +-# platform = multi_platform_rhel,multi_platform_sle,multi_platform_slmicro ++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh -index bf0a58b43..0b13f7c0d 100644 +index 102d4b40b..f9a428790 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh @@ -1,4 +1,4 @@ --# platform = multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu +-# platform = multi_platform_debian,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu ++# platform = multi_platform_debian,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml -index 9352b1582..cc3c75c73 100644 +index 1ab729e15..0a120f536 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml -index 83273d633..583657c1b 100644 +index f605a88d0..3486b8b16 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_krb5_child/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml -index 0e7b0caf1..5330961e9 100644 +index 1abe26173..f19afceca 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_ldap_child/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml -index 88d9a1d49..11965876a 100644 +index 39e36b02f..defc67d02 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_proxy_child/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml -index 880059066..7813c164b 100644 +index 1450e43e8..a2f6c6790 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sssd_selinux_child/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml -index de9472122..06eff4e3e 100644 +index f65a2c582..b55f0485d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} - {{%- set perm_x="-F perm=x " %}} - {{%- endif %}} - -diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml -index 035ad30ce..533a26532 100644 ---- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml -+++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml -@@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml -index 2887b4eb6..d13d896a0 100644 +index 49e688630..7bb6db04d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "slmicro5" ,"ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml -index 9ff295587..6834feddc 100644 +index 74f5baa80..211dd20a1 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml -index 7a160905b..0bdfb0583 100644 +index 4bf53b3d9..efbe8d851 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml -index bda6d3239..5e69cead0 100644 +index f27698264..76cbf268d 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml -index fe6140d32..6f74fc3ec 100644 +index a0ec6851a..7f3d85d3f 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml @@ -1,4 +1,4 @@ @@ -1379,22 +1466,22 @@ index fe6140d32..6f74fc3ec 100644 {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml -index c14eefeee..84346ff43 100644 +index bf42d77e9..8c8698a28 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_utempter/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} diff --git a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml -index c8c5434f0..84dc1ff4a 100644 +index 264d2b88e..b66bf55db 100644 --- a/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml +++ b/linux_os/guide/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_write/rule.yml @@ -1,4 +1,4 @@ --{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} -+{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel7", "rhel8", "rhel9", "almalinux9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}} +-{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} ++{{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhcos4", "rhel8", "rhel9", "almalinux9", "rhel10", "sle12", "sle15", "ubuntu2004", "ubuntu2204"]%}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} @@ -1914,7 +2001,7 @@ index 1e0529f08..9ed9948a4 100644 # strategy = configure # complexity = low diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh -index 53a56e255..554799735 100644 +index f17751e98..df9a32a67 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh @@ -1,4 +1,4 @@ @@ -1944,10 +2031,10 @@ index 36e7f8cda..842f3922d 100644 {{{ bash_instantiate_variables("var_audispd_disk_full_action") }}} diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml -index ad68d3a77..0a285fe7c 100644 +index a7707339f..a7fcad306 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml -@@ -56,7 +56,7 @@ ocil: |- +@@ -55,7 +55,7 @@ ocil: |- fixtext: |- Configure {{{ full_name }}} to encrypt audit records sent with audispd plugin. @@ -2522,7 +2609,7 @@ index 55f407e01..b9084af21 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml -index 015e9d6ef..cb221f19e 100644 +index 64042da08..2a1e5e6d8 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/ansible/shared.yml @@ -1,4 +1,4 @@ @@ -2532,7 +2619,7 @@ index 015e9d6ef..cb221f19e 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh -index a08fddc90..1b881f0ff 100644 +index 638b566dc..8c5acfbe9 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_name_format/bash/shared.sh @@ -1,4 +1,4 @@ @@ -2553,7 +2640,7 @@ index 55f407e01..b9084af21 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml -index 12d8541cb..a3d1c459b 100644 +index 37fc1df9b..18d04768e 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml @@ -1,4 +1,4 @@ @@ -2563,7 +2650,7 @@ index 12d8541cb..a3d1c459b 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh -index f308bd675..e9789ea24 100644 +index aba1bf099..e628e189c 100644 --- a/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh +++ b/linux_os/guide/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh @@ -1,4 +1,4 @@ @@ -2583,19 +2670,6 @@ index 55f407e01..b9084af21 100644 # reboot = true # strategy = restrict # complexity = low -diff --git a/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml b/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml -index 0e80ce5f7..ce671e76b 100644 ---- a/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml -+++ b/linux_os/guide/auditing/package_audit-audispd-plugins_installed/rule.yml -@@ -35,7 +35,7 @@ template: - pkgname@ubuntu1804: audispd-plugins - pkgname@ubuntu2004: audispd-plugins - --{{% if product in ["rhel7", "rhel8", "rhel9"] %}} -+{{% if product in ["rhel7", "rhel8", "rhel9", "almalinux9"] %}} - warnings: - - general: - This package is not available in {{{ full_name }}} [{{{ product }}}]. The correct package diff --git a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml index f29a4afc6..26ac0688c 100644 --- a/linux_os/guide/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml @@ -3005,6 +3079,32 @@ index c435df983..b80ffbf7b 100644 # reboot = true # strategy = restrict # complexity = low +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh +index a7d291916..c1802d791 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_pool_misconfigured.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = chrony + # variables = var_time_service_set_maxpoll=16 +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_package_remove("ntp") }}} + +diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh +index f6da9d51f..2eeff701b 100644 +--- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh ++++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/tests/chrony_d_one_server_misconfigured.fail.sh +@@ -1,7 +1,7 @@ + #!/bin/bash + # packages = chrony + # variables = var_time_service_set_maxpoll=16 +-# platform = multi_platform_rhel ++# platform = multi_platform_rhel,multi_platform_almalinux + + {{{ bash_package_remove("ntp") }}} + diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml index c435df983..b80ffbf7b 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml @@ -3028,54 +3128,15 @@ index c435df983..b80ffbf7b 100644 # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml -index 595aa3c95..f2880e388 100644 +index b7eaee763..ceeb3228c 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml -@@ -5,7 +5,7 @@ - # disruption = low - - {{%- set ok_by_default = false %}} --{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} -+{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} - {{%- set ok_by_default = true %}} - {{%- endif %}} - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh -index 462528038..da0f9330b 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/bash/shared.sh -@@ -1,6 +1,6 @@ - # platform = multi_platform_all - {{%- set ok_by_default = false %}} --{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} -+{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} - {{%- set ok_by_default = true %}} - {{%- endif %}} - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml -index e1d712f25..1a6e10840 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/oval/shared.xml -@@ -1,5 +1,5 @@ - {{%- set ok_by_default = false %}} --{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} -+{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} - {{%- set ok_by_default = true %}} - {{%- endif %}} - -diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml -index b49373989..30f32f821 100644 ---- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml -+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml -@@ -4,7 +4,7 @@ documentation_complete: true - title: 'Ensure that chronyd is running under chrony user account' - - {{%- set ok_by_default = false %}} --{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "ol9", "fedora"] %}} -+{{%- if product in ["rhel7", "ol7", "rhel8", "ol8", "rhel9", "almalinux9", "ol9", "fedora"] %}} - {{%- set ok_by_default = true %}} - {{%- endif %}} - +@@ -1,4 +1,4 @@ +-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel ++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh index 2e3d4e406..a348b99df 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/tests/correct.pass.sh @@ -3293,24 +3354,11 @@ index 5f0ad2c6e..7c6175efb 100644 +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux echo "server " > {{{ chrony_conf_path }}} -diff --git a/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml -index bb3ac288b..62f8e5a3f 100644 ---- a/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml -+++ b/linux_os/guide/services/ntp/service_ntp_enabled/rule.yml -@@ -47,7 +47,7 @@ template: - vars: - servicename: ntp - --{{% if product in ["rhel7", "rhel8", "rhel9", "sle15"] %}} -+{{% if product in ["rhel7", "rhel8", "rhel9", "almalinux9", "sle15"] %}} - warnings: - - general: - {{% if product == "rhel7" %}} diff --git a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml -index 3cfd6d067..6ab7288f0 100644 +index 722c975d6..0729c839f 100644 --- a/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_ntpd_enabled/rule.yml -@@ -49,7 +49,7 @@ template: +@@ -48,7 +48,7 @@ template: platform: package[ntp] @@ -3320,7 +3368,7 @@ index 3cfd6d067..6ab7288f0 100644 - general: The 
ntp
package is not available in {{{ full_name }}}. Please diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml -index ba96f00d5..ad79b5ea4 100644 +index 6122e38ba..dc82f69a1 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml @@ -44,7 +44,7 @@ template: @@ -3333,12 +3381,12 @@ index ba96f00d5..ad79b5ea4 100644 - general: The package is not available in {{{ full_name }}}. diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml -index 10bac615f..9cf17fb5e 100644 +index a4dae4c52..1aa60e19f 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml -@@ -37,7 +37,7 @@ template: - vars: +@@ -38,7 +38,7 @@ template: pkgname: ypbind + pkgname@debian12: ypbind-mt -{{% if product in ["rhel9"] %}} +{{% if product in ["rhel9", "almalinux9"] %}} @@ -3346,10 +3394,10 @@ index 10bac615f..9cf17fb5e 100644 - general: The package is not available in {{{ full_name }}}. diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml -index 0414eabc7..5bbc3963d 100644 +index 26c2c2e80..e553ff595 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml -@@ -47,7 +47,7 @@ template: +@@ -46,7 +46,7 @@ template: vars: pkgname: ypserv @@ -3379,10 +3427,10 @@ index e64838b15..baaa07631 100644 find /root -xdev -type f -name ".rhosts" -exec rm -f {} \; find /home -maxdepth 2 -xdev -type f -name ".rhosts" -exec rm -f {} \; diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml -index ada9d1653..9d94a40bf 100644 +index 3c2b23136..9a818ccf2 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml -@@ -48,7 +48,7 @@ template: +@@ -47,7 +47,7 @@ template: vars: pkgname: rsh-server @@ -3392,7 +3440,7 @@ index ada9d1653..9d94a40bf 100644 - general: The package is not available in {{{ full_name }}}. diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml -index bf34d2106..8e9449f00 100644 +index 38024ff19..85dc74a29 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml @@ -56,7 +56,7 @@ template: @@ -3405,7 +3453,7 @@ index bf34d2106..8e9449f00 100644 - general: The package is not available in {{{ full_name }}}. diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml -index e5ebfb140..c4add39f7 100644 +index a820ba060..d1b6c8a17 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml @@ -29,7 +29,7 @@ template: @@ -3418,7 +3466,7 @@ index e5ebfb140..c4add39f7 100644 - general: The package is not available in {{{ full_name }}}. diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml -index 9990302be..2381fe6a2 100644 +index 5e382e97b..4457e5e49 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml @@ -38,7 +38,7 @@ template: @@ -3450,6 +3498,26 @@ index 9e1f01f53..d7d4c2651 100644 ###################################################################### #By Luke "Brisk-OH" Brisk #luke.brisk@boeing.com or luke.brisk@gmail.com +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +index ca07eef0e..9a56d0833 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +@@ -1,4 +1,4 @@ +-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel ++# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux + # reboot = false + # strategy = configure + # complexity = low +diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +index c54b259d0..78a682cc8 100644 +--- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh ++++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +@@ -1,4 +1,4 @@ +-# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel ++# platform = debian 11,debian 10,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux + + {{{ bash_instantiate_variables("var_snmpd_ro_string", "var_snmpd_rw_string") }}} + diff --git a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh b/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh index cd5171c1b..6301578ba 100644 --- a/linux_os/guide/services/ssh/file_groupownership_sshd_private_key/tests/correct_groupowner.pass.sh @@ -3918,6 +3986,17 @@ index fcdb800c2..77c3e82da 100644 #!/bin/bash SSHD_CONFIG="/etc/ssh/sshd_config" +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh +index 1d6e73048..03439603e 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers_ordered_stig/tests/correct_reduced_list.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + if grep -q "^Ciphers" /etc/ssh/sshd_config; then + sed -i "s/^Ciphers.*/Ciphers aes192-ctr,aes128-ctr/" /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh index 4319832c0..313cc1c9d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/comment.fail.sh @@ -3930,13 +4009,13 @@ index 4319832c0..313cc1c9d 100644 source common.sh diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh -index 64199ace8..438c06875 100644 +index 5e7246205..6de325120 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_kex_ordered_stig/tests/correct_reduced_list.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash --# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu -+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle source common.sh @@ -4012,6 +4091,17 @@ index b903a7a08..cd6f95db4 100644 +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "wrong_value_expected_to_fail.com", '%s %s') }}} +diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh +index 17ff9f0aa..f2ba6a570 100644 +--- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh ++++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs_ordered_stig/tests/correct_reduced_list.pass.sh +@@ -1,5 +1,5 @@ + #!/bin/bash +-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle ++# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle + + if grep -q "^MACs" /etc/ssh/sshd_config; then + sed -i "s/^MACs.*/MACs hmac-sha2-512/" /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh index ba493f99f..dad0a61e3 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh @@ -4140,7 +4230,7 @@ index 09e863e4a..ba1f546e9 100644 diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml -index 1fec69763..2c6be5e1f 100644 +index 00f88e11d..1999d2453 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml @@ -47,7 +47,7 @@ @@ -4188,7 +4278,7 @@ index 1cadee2e4..dfd1e3568 100644 comment="tests the presence of try_cert_auth or require_cert_auth in /etc/pam.d/smartcard-auth" id="test_sssd_enable_smartcards_allow_missing_name_smartcard_auth" version="2"> diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml -index bb15da50b..4fb83496c 100644 +index 941d038dc..55b9bf153 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml @@ -10,7 +10,7 @@ description: |- @@ -4346,6 +4436,50 @@ index e7d5d3916..ed768f876 100644 {{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}} +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml +index 89bba2055..dd224425d 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml +@@ -4,7 +4,7 @@ + + +- {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} ++ {{% if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} + + {{% endif %}} +@@ -25,7 +25,7 @@ + + 1 + +- {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} ++ {{% if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} + +diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +index c7a0a5cf8..6acb3b916 100644 +--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml ++++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +@@ -5,7 +5,7 @@ title: 'Configure SSSD to Expire Offline Credentials' + + description: |- + SSSD should be configured to expire offline credentials after 1 day. +- {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}} ++ {{% if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}} + Check if SSSD allows cached authentications with the following command: + 
+     $ sudo grep cache_credentials /etc/sssd/sssd.conf
+@@ -55,7 +55,7 @@ references:
+ ocil_clause: 'it does not exist or is not configured properly'
+ 
+ ocil: |-
+-    {{% if product in ["ol8", "ol9", "rhel8", "rhel9"] %}}
++    {{% if product in ["ol8", "ol9", "rhel8", "rhel9", "almalinux9"] %}}
+     Check if SSSD allows cached authentications with the following command:
+     
+     $ sudo grep cache_credentials /etc/sssd/sssd.conf
 diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
 index 3da9609d7..06586bd8a 100644
 --- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
@@ -4438,6 +4572,46 @@ index 88d55f160..f2f336700 100644
  # reboot = false
  # strategy = configure
  # complexity = low
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
+index e0bdca6be..9ce5132f6 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ systemctl set-default multi-user.target
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
+index 9ec0cae93..4487412e5 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ 
+ ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
+index 3df966d45..25eb0ca24 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+ 
+ systemctl set-default graphical.target
+diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
+index d3da2f113..a90d73d4b 100644
+--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
++++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_rhv,multi_platform_sle
++# platform = Oracle Linux 8,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle
+ 
+ ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
 index 1dea09b2f..cbc23c694 100644
 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
@@ -4509,6 +4683,50 @@ index 86aff54f9..b295782b0 100644
  # reboot = false
  # strategy = unknown
  # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+index 1b2e46eff..6c22561e3 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_ncp
+ # packages = dconf,gdm
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+index a3e7ebc0e..c65609786 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ # packages = dconf,gdm
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
+index 4af47e3e0..0fe73b672 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig_wrong_db.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ # packages = dconf,gdm
+ 
+diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+index e1abf408e..ea28b1697 100644
+--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux
+ # profiles = xccdf_org.ssgproject.content_profile_stig
+ # packages = dconf,gdm
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
 index 428fbd7fa..390b6513d 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
@@ -4530,7 +4748,7 @@ index badc79bff..f6c602159 100644
  {{%- if "sle" in product or "ubuntu" in product %}}
  {{%- set pam_lastlog_path = "/etc/pam.d/login" %}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
-index 79b84c92e..3f1c44fb3 100644
+index 2cd897b71..3580aae19 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_correct_options.pass.sh
 @@ -1,6 +1,6 @@
@@ -4539,7 +4757,7 @@ index 79b84c92e..3f1c44fb3 100644
 -# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
 +# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9
  
- if authselect list-features minimal | grep -q with-silent-lastlog; then
+ if authselect list-features sssd | grep -q with-silent-lastlog; then
      authselect select sssd --force
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
 index 60ede2a24..9149a89a2 100644
@@ -4554,7 +4772,7 @@ index 60ede2a24..9149a89a2 100644
  
  authselect create-profile hardening -b sssd
 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
-index 15c424a2d..6a58770a0 100644
+index 325d5860a..9da59ddad 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_lastlog.fail.sh
 @@ -1,6 +1,6 @@
@@ -4563,8 +4781,28 @@ index 15c424a2d..6a58770a0 100644
 -# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
 +# platform = multi_platform_fedora,Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9
  
- if authselect list-features minimal | grep -q with-silent-lastlog; then
+ if authselect list-features sssd | grep -q with-silent-lastlog; then
      authselect select sssd --force
+diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
+index 3b6df64d6..c60568c1a 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ # reboot = false
+ # strategy = restrict
+ # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
+index 28062890d..b04531a5b 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
+ if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then
+     echo "session    required     pam_namespace.so" >> "/etc/pam.d/login"
+ fi
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
 index 98fab1858..683ccc76d 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/tests/correct_value.pass.sh
@@ -4715,7 +4953,7 @@ index cc133d939..24e3f36f4 100644
  
  remember_cnt=5
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
-index 006ff25ae..bf7405aa9 100644
+index f8e697789..ef0490fe9 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
 @@ -1,6 +1,6 @@
@@ -4725,9 +4963,9 @@ index 006ff25ae..bf7405aa9 100644
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
-index e16e7434b..13c772ae4 100644
+index 5565977e7..5f66bdeca 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
 @@ -1,6 +1,6 @@
@@ -4737,7 +4975,7 @@ index e16e7434b..13c772ae4 100644
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
 index e5af75fdc..b884806b9 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
@@ -4751,7 +4989,7 @@ index e5af75fdc..b884806b9 100644
  
  SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
-index aef7595c6..d71a7e2f0 100644
+index 7af3472d6..a2fa80708 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
 @@ -1,6 +1,6 @@
@@ -4761,7 +4999,7 @@ index aef7595c6..d71a7e2f0 100644
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
 index f16643985..3727d7077 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value_conf.fail.sh
@@ -4843,7 +5081,7 @@ index dd12efbc1..057c54a24 100644
  
  remember_cnt=5
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
-index 21a16e3f7..815679b6d 100644
+index b97a9bfdb..0e75de8f1 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
 @@ -1,6 +1,6 @@
@@ -4853,9 +5091,9 @@ index 21a16e3f7..815679b6d 100644
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
-index 678ea16f7..a557caa01 100644
+index afdbbea49..384845299 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
 @@ -1,6 +1,6 @@
@@ -4865,7 +5103,7 @@ index 678ea16f7..a557caa01 100644
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
 index e5af75fdc..b884806b9 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
@@ -4879,7 +5117,7 @@ index e5af75fdc..b884806b9 100644
  
  SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
-index 26cc946a1..e0a147227 100644
+index 6f8fba5a6..f35a79866 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
 @@ -1,6 +1,6 @@
@@ -4889,7 +5127,7 @@ index 26cc946a1..e0a147227 100644
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
 index e25a158f7..d168e2b40 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value_conf.fail.sh
@@ -4914,26 +5152,6 @@ index 253d50de1..4892717b8 100644
  # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
  
  remember_cnt=3
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
-index 658f8a3e4..de28cf579 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- # reboot = false
- # strategy = configure
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
-index c830c07aa..3548b0341 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- 
- {{% if product in [ "sle12", "sle15" ] %}}
- {{%- set accounts_password_pam_unix_remember_file = '/etc/pam.d/common-password' -%}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
 index a18fa3d6c..69fae67e2 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_conflict_settings.fail.sh
@@ -4971,7 +5189,7 @@ index dd12efbc1..057c54a24 100644
  
  remember_cnt=5
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
-index d774ac79a..bf9f42a01 100644
+index 8ca16e11a..2e610cad5 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
 @@ -1,6 +1,6 @@
@@ -4981,9 +5199,9 @@ index d774ac79a..bf9f42a01 100644
 +# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_unix_remember=5
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
-index 4ef7a3f61..ddd8feb77 100644
+index bc3c429f1..79812ad72 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
 @@ -1,6 +1,6 @@
@@ -4993,7 +5211,7 @@ index 4ef7a3f61..ddd8feb77 100644
 +# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
  # variables = var_password_pam_unix_remember=5
  
- if authselect list-features minimal | grep -q with-pwhistory; then
+ if authselect list-features sssd | grep -q with-pwhistory; then
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
 index 02d30f17a..1a687f0b9 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
@@ -5019,7 +5237,7 @@ index 7f6215029..5756729af 100644
  
  remember_cnt=5
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
-index 3c1cea1d5..94513096b 100644
+index dc53f50b0..422deb381 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_pam_unix_legacy_wrong.fail.sh
 @@ -1,6 +1,6 @@
@@ -5121,26 +5339,6 @@ index 5bbbc464e..15a644bba 100644
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
  
  source common.sh
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
-index 8ab749d4f..00c16754b 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
-index 449d912d0..22f5dc375 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
- 
- {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}}
- 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
 index b3232cc93..97b5d1069 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
@@ -5177,16 +5375,16 @@ index aa3ca061d..64992df97 100644
  # variables = var_accounts_passwords_pam_faillock_deny=3
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
-index 579e5670e..238b7431d 100644
+index 67c1b593b..74bb77abe 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_disabled.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- {{%- if product in ["rhel7"] %}}
- # packages = authconfig
- {{%- else %}}
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
 index e770e300f..ae701fdab 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -5224,16 +5422,16 @@ index efb57601c..bac7a6401 100644
  # variables = var_accounts_passwords_pam_faillock_deny=3
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
-index b780f3203..bc0966113 100644
+index e3ec96da0..56c6b75f3 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_not_required_pam_files.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- {{%- if product in ["rhel7"] %}}
- # packages = authconfig
- {{%- else %}}
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
 index 595b85192..f547b7431 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -5278,7 +5476,7 @@ index b3232cc93..97b5d1069 100644
  
  SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
-index 99025443d..0541b5d3d 100644
+index d39d1ae31..2fe9bfaa2 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
 @@ -1,6 +1,6 @@
@@ -5429,26 +5627,6 @@ index 053f91100..f294bc5a0 100644
  # remediation = none
  
  # This test scenario manually modify the pam_faillock.so entries in auth section from
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
-index 039fc5191..cb0f0134d 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
-index e7a0882f2..c07fd02e0 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
- 
- {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_fail_interval") }}}
- 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
 index b3232cc93..97b5d1069 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
@@ -5485,16 +5663,16 @@ index 0b67e0e02..2f33f8a90 100644
  # variables = var_accounts_passwords_pam_faillock_fail_interval=900
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
-index 59daba0dd..f4d1b8bf0 100644
+index 9d4320fbb..4cf206854 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_disabled.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- {{%- if product in ["rhel7"] %}}
- # packages = authconfig
- {{%- else %}}
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
 index 82bf9fa75..758999d53 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -5532,16 +5710,16 @@ index ef2461160..783bf6cdb 100644
  # variables = var_accounts_passwords_pam_faillock_fail_interval=900
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
-index 95ad62037..0a78cef63 100644
+index 30e044729..bb60fb3ed 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_not_required_pam_files.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- {{%- if product in ["rhel7"] %}}
- # packages = authconfig
- {{%- else %}}
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_fail_interval=900
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
 index c71a12afe..93a3aee74 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -5613,26 +5791,6 @@ index 514b2bb37..52f16f216 100644
  
  source common.sh
  
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
-index 230ff5eaa..c53da64d0 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
-index 3a32aad36..d1f4a0327 100644
---- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
- 
- {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}}
- 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
 index b3232cc93..97b5d1069 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
@@ -5669,16 +5827,16 @@ index 057348eb4..0345fd442 100644
  # variables = var_accounts_passwords_pam_faillock_unlock_time=600
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
-index 1be527fa2..068b4ead0 100644
+index bfcc7d4a4..da0f4a90e 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_disabled.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- {{%- if product in ["rhel7"] %}}
- # packages = authconfig
- {{%- else %}}
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
+ 
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
 index 1840cae45..7f2b5cddf 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -5716,16 +5874,16 @@ index b7b1532bb..7f9bb22e6 100644
  # variables = var_accounts_passwords_pam_faillock_unlock_time=600
  
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
-index e271e2689..d04463db4 100644
+index eff1bd32c..f6307511b 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_not_required_pam_files.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
 -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
- {{%- if product in ["rhel7"] %}}
- # packages = authconfig
- {{%- else %}}
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_unlock_time=600
 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
 index a57645eb1..641d38610 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -5897,7 +6055,7 @@ index 60ebfdeba..b53e75109 100644
  authselect create-profile hardening -b sssd
  CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
-index 36e9a27b9..fe1b603ab 100644
+index 25a0da980..bf2a98da4 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -5978,7 +6136,7 @@ index ea2eb57fe..31e80535f 100644
  
  source common.sh
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
-index b3e32aa31..547d137b1 100644
+index 662c3641e..4baf0adaa 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -5988,15 +6146,15 @@ index b3e32aa31..547d137b1 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
-index 115273566..bd94d707c 100644
+index f6b461789..fb6d88e37 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
 @@ -1,4 +1,4 @@
 -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
  
+ {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}}
  LIBUSER_CONF="/etc/libuser.conf"
- CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*'
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
 index 8dedf993c..51c76b11a 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
@@ -6007,18 +6165,8 @@ index 8dedf993c..51c76b11a 100644
  # reboot = false
  # strategy = restrict
  # complexity = low
-diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
-index 2712118e5..d4ec2c50c 100644
---- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
- 
- {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}}
- {{{ bash_replace_or_append('/etc/login.defs', '^ENCRYPT_METHOD', "$var_password_hashing_algorithm", '%s %s') }}}
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
-index 31c14211e..be9f04642 100644
+index 9fffb6188..bd6f532b7 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -6028,16 +6176,17 @@ index 31c14211e..be9f04642 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
-index 55f43ef98..2b993b52b 100644
+index 3b4602f2c..89cf6b6c5 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
-@@ -1,3 +1,3 @@
+@@ -1,4 +1,4 @@
 -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
 +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
  
- {{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'sufficient', 'pam_unix.so', 'sha512', '', '') }}}
+ {{{ bash_instantiate_variables("var_password_hashing_algorithm_pam") }}}
+ PAM_FILE_PATH="/etc/pam.d/password-auth"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
-index 17a57e1e1..666d1d152 100644
+index abcdf02f5..92f3207b6 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
 @@ -1,6 +1,6 @@
@@ -6045,11 +6194,23 @@ index 17a57e1e1..666d1d152 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh
+index 1572f0d9b..d82a5e5b4 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_incorrect_option.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  
  authselect create-profile hardening -b sssd
- CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
-index b76a6118f..9425e8c90 100644
+index 463b78e55..dbf8199ff 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
 @@ -1,6 +1,6 @@
@@ -6057,11 +6218,11 @@ index b76a6118f..9425e8c90 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  
  authselect create-profile hardening -b sssd
- CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
-index 0ca781181..87ccb7bb1 100644
+index a36ff143d..2166ffb56 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
 @@ -1,6 +1,6 @@
@@ -6069,11 +6230,23 @@ index 0ca781181..87ccb7bb1 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  # remediation = none
  
- PASSWORD_AUTH_FILE="/etc/pam.d/password-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh
+index b874f33d6..2d3026148 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_multiple_options.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
-index f72c7bde2..25fd37ced 100644
+index 98aff168e..1dd6d2b09 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
 @@ -1,6 +1,6 @@
@@ -6081,11 +6254,11 @@ index f72c7bde2..25fd37ced 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  
  authselect create-profile hardening -b sssd
- CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
-index 74ea0c265..92599832a 100644
+index a665b3b10..97a1c5f7a 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
 @@ -1,6 +1,6 @@
@@ -6093,11 +6266,23 @@ index 74ea0c265..92599832a 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh
+index c498e86dd..ccff0390d 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_incorrect_option.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  
  authselect create-profile hardening -b sssd
- CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
-index f74ccbd86..8d694c0f2 100644
+index 3653f7912..b43f3d5e1 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
 @@ -1,6 +1,6 @@
@@ -6105,11 +6290,11 @@ index f74ccbd86..8d694c0f2 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  
  authselect create-profile hardening -b sssd
- CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
-index 27be252bc..3622e705e 100644
+index 11ed319f1..277fcce64 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
 @@ -1,6 +1,6 @@
@@ -6117,11 +6302,23 @@ index 27be252bc..3622e705e 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  # remediation = none
  
- SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh
+index e41950217..f8b461a78 100644
+--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_multiple_options.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
+ 
+ authselect create-profile hardening -b sssd
 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
-index d4b163f24..819ad4b0a 100644
+index d0413404b..c757d1758 100644
 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
 +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
 @@ -1,6 +1,6 @@
@@ -6129,9 +6326,9 @@ index d4b163f24..819ad4b0a 100644
  # packages = authselect
 -# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 +# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = var_password_hashing_algorithm_pam=sha512
  
  authselect create-profile hardening -b sssd
- CUSTOM_PROFILE="custom/hardening"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
 index 3045574e5..7ce6bb466 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
@@ -6154,6 +6351,27 @@ index 517c83c6e..041e9a29c 100644
  # reboot = true
  # strategy = restrict
  # complexity = low
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
+index f8c47e96a..d0aaabaf7 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+ 
+ systemctl disable --now ctrl-alt-del.target
+ systemctl mask --now ctrl-alt-del.target
+diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
+index 41eed9737..992dc2304 100644
+--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
++++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
+@@ -1,4 +1,4 @@
+ #!/bin/bash
+-# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
++# platform = Oracle Linux 7,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
+ 
+ systemctl unmask ctrl-alt-del.target
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
 index a3490a60d..81831631c 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
@@ -6203,7 +6421,7 @@ index 90ef51b2a..742ee525f 100644
      {{%- else -%}}
      ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
-index 3366217dd..41b483eb6 100644
+index 102fa944f..e4fce479f 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
 @@ -51,7 +51,7 @@ ocil: |-
@@ -6247,7 +6465,7 @@ index d9fdc678f..a4f6ea6a9 100644
  service_file="/usr/lib/systemd/system/emergency.service"
  sulogin="/bin/bash"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
-index 225a73f0b..3943c04f0 100644
+index 94e34a0f8..9e3baf87b 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
 @@ -9,7 +9,7 @@
@@ -6257,21 +6475,8 @@ index 225a73f0b..3943c04f0 100644
 -      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
 +      {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
        line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue"
-       {{% elif product in ["rhel7"] %}}
-       line: 'ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
-diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
-index e4624e582..347c51e12 100644
---- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
-+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
-@@ -2,7 +2,7 @@
- 
- service_file="/usr/lib/systemd/system/rescue.service"
- 
--{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
-+{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
- sulogin="/usr/lib/systemd/systemd-sulogin-shell rescue"
- {{%- elif product in ["rhel7"] -%}}
- sulogin='/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
+       {{%- else -%}}
+       line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
 index 62fd1a76a..d4074b6b5 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
@@ -6295,10 +6500,10 @@ index 62fd1a76a..d4074b6b5 100644
      {{%- else -%}}
      ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
-index 121c8f619..16d6f0717 100644
+index ac4b5a733..734832048 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
 +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
-@@ -55,7 +55,7 @@ ocil: |-
+@@ -54,7 +54,7 @@ ocil: |-
      To check if authentication is required for single-user mode, run the following command:
      
$ grep sulogin /usr/lib/systemd/system/rescue.service

      The output should be similar to the following, and the line must begin with
@@ -6306,16 +6511,16 @@ index 121c8f619..16d6f0717 100644
 +    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "rhcos4"] -%}}
          ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
          
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue

-     {{%- elif product in ["rhel7"] -%}}
-@@ -88,7 +88,7 @@ fixtext: |-
+     {{%- else -%}}
+@@ -84,7 +84,7 @@ fixtext: |-
      Configure {{{ full_name }}} to require authentication in single user mode.
  
      Add or update the following line in "/usr/lib/systemd/system/rescue.service":
 -    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
 +    {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "almalinux9", "sle12", "sle15"] -%}}
      ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
-     {{%- elif product in ["rhel7"] -%}}
-     ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
+     {{%- else -%}}
+     ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
 diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
 index fd13fbd1c..ce2a1a9dc 100644
 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
@@ -6559,7 +6764,7 @@ index dcc5de3f1..268aafbab 100644
  {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}}
  {{{ bash_replace_or_append('/etc/login.defs', '^PASS_MIN_LEN', "$var_accounts_password_minlen_login_defs", '%s %s') }}}
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
-index a32ce4ae4..b298b6a66 100644
+index dc843c19c..1290f8d43 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -6579,7 +6784,7 @@ index 8ff7cba19..14ece5d17 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
-index 0960e05ac..d3087c13b 100644
+index ebcb5ac04..674369a42 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -6589,12 +6794,12 @@ index 0960e05ac..d3087c13b 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
-index 808365173..495477850 100644
+index 7bdb759f6..dd157f1e3 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_root/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel
-+# platform = multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_rhel,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_debian
  # reboot = false
  # strategy = restrict
  # complexity = low
@@ -6619,12 +6824,12 @@ index 82110016d..2a73ed386 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
-index a40010714..d244fc548 100644
+index 7374c21e8..0a9f303d4 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_debian
  
  {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
  
@@ -6793,7 +6998,7 @@ index 244799045..7f57ec0e1 100644
  
  ROUNDS=4000
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
-index 26f00c7de..c9494b5fc 100644
+index 117a42585..b41d01a89 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -6803,7 +7008,7 @@ index 26f00c7de..c9494b5fc 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
-index a59d563d7..331a34b2c 100644
+index 9878acd1a..65218e2fe 100644
 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
 @@ -1,4 +1,4 @@
@@ -6951,22 +7156,22 @@ index d16374ffd..1ae066fd9 100644
  
  PAM_CONF=/etc/pam.d/su
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
-index 53b68079e..2a6b66121 100644
+index 315b2efec..657d0c4e6 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro5
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro5
  # disruption = low
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
-index 23e6f0dd5..6055798dd 100644
+index 305f8fea8..e9470bfa1 100644
 --- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
 +++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
-+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
+-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro5
++# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro5
  
  {{{ bash_instantiate_variables("var_accounts_fail_delay") }}}
  
@@ -7084,7 +7289,7 @@ index 82fb5d543..2dbee752d 100644
  
  mv /etc/pam.d/system-auth /etc/pam.d/system-auth-ac
 diff --git a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
-index ef7e5cc46..af22bbce4 100644
+index 183e2f402..22500236d 100644
 --- a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
 +++ b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -7219,7 +7424,7 @@ index 3933f28b4..d71a075f1 100644
  # strategy = configure
  # complexity = low
 diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
-index 3bc9b6a1b..d73a74583 100644
+index 7eafd360b..a06fdb838 100644
 --- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml
 +++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
 @@ -32,7 +32,7 @@ ocil: |-
@@ -7241,10 +7446,10 @@ index 3bc9b6a1b..d73a74583 100644
      name: systemd_dropin_configuration
      vars:
 diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
-index b0101d952..6e95f3bce 100644
+index e0fab4b24..5198f578b 100644
 --- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
 +++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
-@@ -32,7 +32,7 @@ ocil: |-
+@@ -31,7 +31,7 @@ ocil: |-
      Storing logs remotely protects the integrity of the data from local attacks.
      Run the following command to verify that journald is forwarding logs to a remote host.
      
@@ -7253,7 +7458,7 @@ index b0101d952..6e95f3bce 100644
      grep "^\sForwardToSyslog" /etc/systemd/journald.conf {{{ journald_conf_dir_path }}}/*.conf
  {{% else %}}
      grep "^\sForwardToSyslog" /etc/systemd/journald.conf
-@@ -43,7 +43,7 @@ ocil: |-
+@@ -42,7 +42,7 @@ ocil: |-
      ForwardToSyslog=yes
      

  
@@ -7263,7 +7468,7 @@ index b0101d952..6e95f3bce 100644
      name: systemd_dropin_configuration
      vars:
 diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
-index bb838d9b7..7604c614a 100644
+index d13ef07c9..5a634b601 100644
 --- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml
 +++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
 @@ -31,7 +31,7 @@ ocil: |-
@@ -8059,7 +8264,7 @@ index 88c683445..fa9b2020d 100644
  kind: MachineConfig
  spec:
 diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
-index ebebdebb1..03e24d9bf 100644
+index 63c3b0957..558628619 100644
 --- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
 +++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
 @@ -12,7 +12,7 @@ rationale: |-
@@ -8224,42 +8429,42 @@ index 2520d3dcc..ed0bc9538 100644
  # Package libselinux cannot be uninstalled normally
  # as it would cause removal of sudo package which is
 diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
-index fa39b8af6..33e2978d4 100644
+index 5b45fae3f..c66669977 100644
 --- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
 +++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
  # reboot = true
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
-index 0b33e5768..c9b647b8e 100644
+index b0e1de6ba..e08be5aa9 100644
 --- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
 +++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
  # reboot = true
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
-index 3234ef102..9961cbdd9 100644
+index 9db746638..a2e3b6c7b 100644
 --- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
 +++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
  # reboot = false
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
-index 1f458fa5b..3a9811ea3 100644
+index 78c1d4f61..0fc55b9c0 100644
 --- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
 +++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro5
  # reboot = true
  # strategy = restrict
  # complexity = low
@@ -8514,7 +8719,7 @@ index c379700ad..6d91cec21 100644
  # strategy = unknown
  # complexity = low
 diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
-index 76181547b..eb340cb5b 100644
+index 9830ea565..c0913adb5 100644
 --- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
 +++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
 @@ -1,4 +1,4 @@
@@ -8547,7 +8752,7 @@ index c7617bc43..7de8de33c 100644
      


      For more information on GNOME and the GNOME Project, see {{{ weblink(link="https://www.gnome.org") }}}.
 diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
-index 7ef0e5992..44f95fe4f 100644
+index d4f698215..2e9f1e178 100644
 --- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
 +++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
 @@ -4,6 +4,7 @@
@@ -8555,15 +8760,15 @@ index 7ef0e5992..44f95fe4f 100644
        ") }}}
      
 +      
-       
        
        
+       
 diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
-index c6f87fb5b..e2ba81e29 100644
+index 8b47069e6..5172588ab 100644
 --- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
 +++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
 @@ -11,6 +11,9 @@ description: |-
- {{% elif product in ["sle12", "sle15"] %}}
+ {{% elif product in ["sle12", "sle15", "slmicro5"] %}}
      SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise
      vendor, SUSE is responsible for providing security patches.
 +{{% elif product == "almalinux9" %}}
@@ -8720,7 +8925,7 @@ index 56a081eca..aa25f4415 100644
  # packages = crypto-policies-scripts
  
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
-index bb3c2b1f8..40d7ba477 100644
+index a09f7bf9b..15cf91f31 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
 @@ -1,5 +1,5 @@
@@ -8891,7 +9096,7 @@ index 4e77718c8..d73aa3a79 100644
  {{% else %}}
  OPENSSL_CRYPTO_POLICY_INCLUSION='.include /etc/crypto-policies/back-ends/opensslcnf.config'
 diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
-index b3ef46578..b4d6e99cf 100644
+index de245380f..022be534a 100644
 --- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
 +++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
 @@ -9,7 +9,7 @@ title: 'Configure OpenSSL library to use System Crypto Policy'
@@ -9116,46 +9321,46 @@ index ea2a1113b..fbc6b9b8a 100644
  # strategy = restrict
  # complexity = low
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
-index 5f751bee5..2684687ff 100644
+index 1b0c304be..fe181733a 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
  # packages = aide
  
  aide --init
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
-index f80f6fd52..3d2bde623 100644
+index 236c0cebf..f91dce305 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
  # packages = aide
  
  declare -a bins
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
-index 692a60d0e..50411aad5 100644
+index 7f422b6b2..efdd460cc 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/extra_suffix.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
  # packages = aide
  
  declare -a bins
 diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
-index 65bf85123..708ef4e4d 100644
+index d76b93657..35c7a2400 100644
 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
 +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
  # packages = aide
  
  aide --init
@@ -9415,7 +9620,7 @@ index a4c5bde62..42fb94bf8 100644
  
  touch /etc/sudoers.d/empty
 diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
-index e930dc900..5db2c1329 100644
+index a0385cb00..2271b97a2 100644
 --- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
 +++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
 @@ -13,7 +13,7 @@ rationale: |-
@@ -9627,12 +9832,14 @@ index 000000000..f02f04002
 +
 diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
 new file mode 100644
-index 000000000..bc0ba8d22
+index 000000000..da73ba4c5
 --- /dev/null
 +++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
-@@ -0,0 +1,44 @@
+@@ -0,0 +1,46 @@
 +documentation_complete: true
 +
++prodtype: almalinux9
++
 +title: 'Ensure AlmaLinux GPG Key Installed'
 +
 +description: |-
@@ -9725,7 +9932,7 @@ index 04ff6e577..b97d75469 100644
  
  sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
 diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
-index fed8d1e7e..5a3335b8b 100644
+index cbd37bfad..9ec07e5cf 100644
 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
 +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
 @@ -16,6 +16,11 @@ description: |-
@@ -12703,10 +12910,10 @@ index 000000000..e2c08883c
 +journald_conf_dir_path: /etc/systemd/journald.conf.d
 diff --git a/products/almalinux9/profiles/anssi_bp28_enhanced.profile b/products/almalinux9/profiles/anssi_bp28_enhanced.profile
 new file mode 100644
-index 000000000..a85a84120
+index 000000000..a24723e8d
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_enhanced.profile
-@@ -0,0 +1,54 @@
+@@ -0,0 +1,62 @@
 +documentation_complete: true
 +
 +metadata:
@@ -12730,6 +12937,8 @@ index 000000000..a85a84120
 +
 +selections:
 +    - anssi:all:enhanced
++    - var_password_hashing_algorithm=SHA512
++    - var_password_pam_unix_rounds=65536
 +    # Following rules once had a prodtype incompatible with the rhel9 product
 +    - '!partition_for_opt'
 +    - '!accounts_passwords_pam_tally2_deny_root'
@@ -12761,12 +12970,18 @@ index 000000000..a85a84120
 +    - '!file_groupowner_efi_user_cfg'
 +    - '!file_owner_efi_user_cfg'
 +    - '!file_permissions_efi_user_cfg'
++    # disable R45: Enable AppArmor security profiles
++    - '!apparmor_configured'
++    - '!all_apparmor_profiles_enforced'
++    - '!grub2_enable_apparmor'
++    - '!package_apparmor_installed'
++    - '!package_pam_apparmor_installed'
 diff --git a/products/almalinux9/profiles/anssi_bp28_high.profile b/products/almalinux9/profiles/anssi_bp28_high.profile
 new file mode 100644
-index 000000000..6a0d74b61
+index 000000000..228289214
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_high.profile
-@@ -0,0 +1,50 @@
+@@ -0,0 +1,58 @@
 +documentation_complete: true
 +
 +metadata:
@@ -12790,6 +13005,8 @@ index 000000000..6a0d74b61
 +
 +selections:
 +    - anssi:all:high
++    - var_password_hashing_algorithm=SHA512
++    - var_password_pam_unix_rounds=65536
 +    # the following rule renders UEFI systems unbootable
 +    - '!sebool_secure_mode_insmod'
 +    # Following rules once had a prodtype incompatible with the rhel9 product
@@ -12817,12 +13034,18 @@ index 000000000..6a0d74b61
 +    - '!cracklib_accounts_password_pam_minlen'
 +    - '!cracklib_accounts_password_pam_dcredit'
 +    - '!ensure_oracle_gpgkey_installed'
++    # disable R45: Enable AppArmor security profiles
++    - '!apparmor_configured'
++    - '!all_apparmor_profiles_enforced'
++    - '!grub2_enable_apparmor'
++    - '!package_apparmor_installed'
++    - '!package_pam_apparmor_installed'
 diff --git a/products/almalinux9/profiles/anssi_bp28_intermediary.profile b/products/almalinux9/profiles/anssi_bp28_intermediary.profile
 new file mode 100644
-index 000000000..6ea26cae6
+index 000000000..3444fb828
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_intermediary.profile
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,42 @@
 +documentation_complete: true
 +
 +metadata:
@@ -12846,6 +13069,8 @@ index 000000000..6ea26cae6
 +
 +selections:
 +  - anssi:all:intermediary
++  - var_password_hashing_algorithm=SHA512
++  - var_password_pam_unix_rounds=65536
 +  # Following rules once had a prodtype incompatible with the rhel9 product
 +  - '!partition_for_opt'
 +  - '!cracklib_accounts_password_pam_minlen'
@@ -12865,10 +13090,10 @@ index 000000000..6ea26cae6
 +  - '!ensure_oracle_gpgkey_installed'
 diff --git a/products/almalinux9/profiles/anssi_bp28_minimal.profile b/products/almalinux9/profiles/anssi_bp28_minimal.profile
 new file mode 100644
-index 000000000..b58ee5990
+index 000000000..9d739a5c0
 --- /dev/null
 +++ b/products/almalinux9/profiles/anssi_bp28_minimal.profile
-@@ -0,0 +1,33 @@
+@@ -0,0 +1,35 @@
 +documentation_complete: true
 +
 +metadata:
@@ -12892,6 +13117,8 @@ index 000000000..b58ee5990
 +
 +selections:
 +  - anssi:all:minimal
++  - var_password_hashing_algorithm=SHA512
++  - var_password_pam_unix_rounds=65536
 +  # Following rules once had a prodtype incompatible with the rhel9 product
 +  - '!cracklib_accounts_password_pam_minlen'
 +  - '!accounts_passwords_pam_tally2_deny_root'
@@ -12979,18 +13206,18 @@ index 000000000..f5b86b0a3
 +    - ccn_rhel9:all:intermediate
 diff --git a/products/almalinux9/profiles/cis.profile b/products/almalinux9/profiles/cis.profile
 new file mode 100644
-index 000000000..0fd466f03
+index 000000000..13d03938c
 --- /dev/null
 +++ b/products/almalinux9/profiles/cis.profile
 @@ -0,0 +1,27 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: 1.0.0
++    version: 2.0.0
 +    SMEs:
 +        - marcusburghardt
++        - mab879
 +        - vojtapolasek
-+        - yuumasato
 +
 +reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
 +
@@ -12999,7 +13226,7 @@ index 000000000..0fd466f03
 +description: |-
 +    This profile defines a baseline that aligns to the "Level 2 - Server"
 +    configuration from the Center for Internet Security® 
-+    AlmaLinux OS 9 Benchmarkâ„¢, v1.0.0, released 2022-12-12.
++    AlmaLinux OS 9 Benchmarkâ„¢, v2.0.0, released 2024-06-24.
 +
 +    This profile includes Center for Internet Security®
 +    AlmaLinux OS 9 CIS Benchmarksâ„¢ content.
@@ -13012,18 +13239,18 @@ index 000000000..0fd466f03
 +    - '!file_owner_at_allow'
 diff --git a/products/almalinux9/profiles/cis_server_l1.profile b/products/almalinux9/profiles/cis_server_l1.profile
 new file mode 100644
-index 000000000..9a639fdae
+index 000000000..124d81d29
 --- /dev/null
 +++ b/products/almalinux9/profiles/cis_server_l1.profile
 @@ -0,0 +1,27 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: 1.0.0
++    version: 2.0.0
 +    SMEs:
 +        - marcusburghardt
++        - mab879
 +        - vojtapolasek
-+        - yuumasato
 +
 +reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
 +
@@ -13032,7 +13259,7 @@ index 000000000..9a639fdae
 +description: |-
 +    This profile defines a baseline that aligns to the "Level 1 - Server"
 +    configuration from the Center for Internet Security® 
-+    AlmaLinux OS 9 Benchmarkâ„¢, v1.0.0, released 2022-12-12.
++    AlmaLinux OS 9 Benchmarkâ„¢, v2.0.0, released 2024-06-24.
 +
 +    This profile includes Center for Internet Security®
 +    AlmaLinux OS 9 CIS Benchmarksâ„¢ content.
@@ -13045,18 +13272,18 @@ index 000000000..9a639fdae
 +    - '!file_owner_at_allow'
 diff --git a/products/almalinux9/profiles/cis_workstation_l1.profile b/products/almalinux9/profiles/cis_workstation_l1.profile
 new file mode 100644
-index 000000000..239e8dd83
+index 000000000..b0c769b82
 --- /dev/null
 +++ b/products/almalinux9/profiles/cis_workstation_l1.profile
 @@ -0,0 +1,27 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: 1.0.0
++    version: 2.0.0
 +    SMEs:
 +        - marcusburghardt
++        - mab879
 +        - vojtapolasek
-+        - yuumasato
 +
 +reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
 +
@@ -13065,7 +13292,7 @@ index 000000000..239e8dd83
 +description: |-
 +    This profile defines a baseline that aligns to the "Level 1 - Workstation"
 +    configuration from the Center for Internet Security® 
-+    AlmaLinux OS 9 Benchmarkâ„¢, v1.0.0, released 2022-12-12.
++    AlmaLinux OS 9 Benchmarkâ„¢, v2.0.0, released 2024-06-24.
 +
 +    This profile includes Center for Internet Security®
 +    AlmaLinux OS 9 CIS Benchmarksâ„¢ content.
@@ -13078,18 +13305,18 @@ index 000000000..239e8dd83
 +    - '!file_owner_at_allow'
 diff --git a/products/almalinux9/profiles/cis_workstation_l2.profile b/products/almalinux9/profiles/cis_workstation_l2.profile
 new file mode 100644
-index 000000000..6a05f77c7
+index 000000000..7115c9656
 --- /dev/null
 +++ b/products/almalinux9/profiles/cis_workstation_l2.profile
-@@ -0,0 +1,28 @@
+@@ -0,0 +1,27 @@
 +documentation_complete: true
 +
 +metadata:
-+    version: 1.0.0
++    version: 2.0.0
 +    SMEs:
 +        - marcusburghardt
++        - mab879
 +        - vojtapolasek
-+        - yuumasato
 +
 +reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
 +
@@ -13098,14 +13325,13 @@ index 000000000..6a05f77c7
 +description: |-
 +    This profile defines a baseline that aligns to the "Level 2 - Workstation"
 +    configuration from the Center for Internet Security® 
-+    AlmaLinux OS 9 Benchmarkâ„¢, v1.0.0, released 2022-12-12.
++    AlmaLinux OS 9 Benchmarkâ„¢, v2.0.0, released 2024-06-24.
 +
 +    This profile includes Center for Internet Security®
 +    AlmaLinux OS 9 CIS Benchmarksâ„¢ content.
 +
 +selections:
 +    - cis_rhel9:all:l2_workstation
-+    - '!package_avahi_removed'
 +    # Following rules once had a prodtype incompatible with the rhel9 product
 +    - '!file_ownership_home_directories'
 +    - '!group_unique_name'
@@ -13151,10 +13377,10 @@ index 000000000..686ee2c43
 +    - var_system_crypto_policy=fips
 diff --git a/products/almalinux9/profiles/default.profile b/products/almalinux9/profiles/default.profile
 new file mode 100644
-index 000000000..d22005611
+index 000000000..d1f6c1c9c
 --- /dev/null
 +++ b/products/almalinux9/profiles/default.profile
-@@ -0,0 +1,555 @@
+@@ -0,0 +1,561 @@
 +documentation_complete: true
 +
 +hidden: true
@@ -13213,6 +13439,7 @@ index 000000000..d22005611
 +    - dconf_gnome_screensaver_lock_locked
 +    - package_ntpdate_removed
 +    - package_avahi_removed
++    - package_cups_removed
 +    - file_groupowner_efi_user_cfg
 +    - set_loopback_traffic
 +    - ntpd_specify_multiple_servers
@@ -13710,6 +13937,11 @@ index 000000000..d22005611
 +    - sebool_polipo_session_users
 +    - sebool_cluster_manage_all_files
 +    - configure_firewalld_ports
++    - journald_forward_to_syslog
++    - rsyslog_filecreatemode
++    - set_nftables_table
++    - sshd_use_approved_ciphers
++    - configure_bashrc_exec_tmux
 diff --git a/products/almalinux9/profiles/e8.profile b/products/almalinux9/profiles/e8.profile
 new file mode 100644
 index 000000000..b8e703fcc
@@ -14178,10 +14410,10 @@ index 000000000..8c86a5552
 +  - file_permissions_sshd_private_key
 diff --git a/products/almalinux9/profiles/ospp.profile b/products/almalinux9/profiles/ospp.profile
 new file mode 100644
-index 000000000..744eec65d
+index 000000000..87ab9d31b
 --- /dev/null
 +++ b/products/almalinux9/profiles/ospp.profile
-@@ -0,0 +1,347 @@
+@@ -0,0 +1,343 @@
 +documentation_complete: true
 +
 +metadata:
@@ -14361,14 +14593,10 @@ index 000000000..744eec65d
 +
 +    ## Enable Screen Lock
 +    ## FMT_MOF_EXT.1 (FMT_SMF_EXT.1)
-+    - package_tmux_installed
-+    - configure_bashrc_exec_tmux
-+    - no_tmux_in_shells
-+    - configure_tmux_lock_command
-+
++    - logind_session_timeout
 +    ## Set Screen Lock Timeout Period to 30 Minutes or Less
 +    ## AC-11(a) / FMT_MOF_EXT.1 (FMT_SMF_EXT.1)
-+    - configure_tmux_lock_after_time
++    - var_logind_session_timeout=30_minutes
 +
 +    ## Disable Unauthenticated Login (such as Guest Accounts)
 +    ## FIA_UAU.1
@@ -14643,10 +14871,10 @@ index 000000000..252a98c5f
 +  - '!audit_rules_immutable_login_uids'
 diff --git a/products/almalinux9/profiles/stig_gui.profile b/products/almalinux9/profiles/stig_gui.profile
 new file mode 100644
-index 000000000..9d63ff7e5
+index 000000000..095b16dc1
 --- /dev/null
 +++ b/products/almalinux9/profiles/stig_gui.profile
-@@ -0,0 +1,49 @@
+@@ -0,0 +1,51 @@
 +documentation_complete: true
 +
 +metadata:
@@ -14696,6 +14924,8 @@ index 000000000..9d63ff7e5
 +    # Limiting user namespaces cause issues with user apps, such as Firefox and Cheese
 +    # https://issues.redhat.com/browse/RHEL-10416
 +    - '!sysctl_user_max_user_namespaces'
++    # locking of idle sessions is handled by screensaver when GUI is present, the following rule is therefore redundant
++    - '!logind_session_timeout'
 diff --git a/products/almalinux9/transforms/constants.xslt b/products/almalinux9/transforms/constants.xslt
 new file mode 100644
 index 000000000..9e1090184
@@ -14813,7 +15043,7 @@ index 000000000..168031ef5
 +
 +
 diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
-index e5cf1ffba..29e76b97e 100644
+index 14a64dbbd..21d46b509 100644
 --- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
 +++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
 @@ -14,6 +14,7 @@
@@ -14823,7 +15053,7 @@ index e5cf1ffba..29e76b97e 100644
 +multi_platform_almalinux
  	multi_platform_rhv
  	multi_platform_sle
-     multi_platform_ubuntu
+     multi_platform_slmicro5
 diff --git a/shared/references/disa-stig-almalinux9-v1r1-xccdf-scap.xml b/shared/references/disa-stig-almalinux9-v1r1-xccdf-scap.xml
 new file mode 120000
 index 000000000..6f97d155d
@@ -14924,20 +15154,20 @@ index 1d087be21..306818938 100644
  set superusers="[someuniquestringhere]"
  export superusers
  
-diff --git a/shared/references/disa-stig-ol8-v1r10-xccdf-manual.xml b/shared/references/disa-stig-ol8-v1r10-xccdf-manual.xml
-index 54f2012ff..ed7a02856 100644
---- a/shared/references/disa-stig-ol8-v1r10-xccdf-manual.xml
-+++ b/shared/references/disa-stig-ol8-v1r10-xccdf-manual.xml
-@@ -435,7 +435,7 @@ SHA_CRYPT_MIN_ROUNDS 5000SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. 
-+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. 
+-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. 
++If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. 
   
  Generate an encrypted grub2 password for the grub superusers account with the following command: 
   
-@@ -445,7 +445,7 @@ Confirm password:SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010491Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-95719V-81007CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
-+If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010491Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-95719V-81007CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
- 
- Generate an encrypted grub2 password for the grub superusers account with the following command:
- 
-@@ -919,7 +919,7 @@ For systems that are running a version of RHEL prior to 7.2, this is Not Applica
- 
- Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
- 
--$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
-+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
- GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
- 
- If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>RHEL-07-010500The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
-@@ -1847,7 +1847,7 @@ On BIOS-based machines, use the following command:
- 
- On UEFI-based machines, use the following command:
- 
--# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
-+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
- 
- If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
- 
-@@ -1878,7 +1878,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
- 
- If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
- 
--Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
-+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
- 
- # grep fips /boot/grub2/grub.cfg
- /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
-@@ -1951,23 +1951,23 @@ An example rule that includes the "sha512" rule follows:
- 
- If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>RHEL-07-021700The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the information system security officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-86699V-72075CCI-000318CCI-000368CCI-001812CCI-001813CCI-001814Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media.
- 
--Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
-+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
- 
- Check for the existence of alternate boot loader configuration files with the following command:
- 
-      # find / -name grub.cfg
--     /boot/efi/EFI/redhat/grub.cfg
-+     /boot/efi/EFI/almalinux/grub.cfg
- 
--If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/redhat/", ask the system administrator (SA) if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. 
-+If a "grub.cfg" is found in any subdirectories other than "/boot/grub2/" and "/boot/efi/EFI/almalinux/", ask the system administrator (SA) if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. 
- 
- List the number of menu entries defined in the grub configuration file with the following command (the number will vary between systems):
- 
--     # grep -cw menuentry /boot/efi/EFI/redhat/grub.cfg
-+     # grep -cw menuentry /boot/efi/EFI/almalinux/grub.cfg
-      4
- 
- Check that the grub configuration file has the "set root" command for each menu entry with the following command ("set root" defines the disk and partition or directory where the kernel and GRUB 2 modules are stored):
- 
--     # grep 'set root' /boot/efi/EFI/redhat/grub.cfg
-+     # grep 'set root' /boot/efi/EFI/almalinux/grub.cfg
-      set root='hd0,gpt2'
-      set root='hd0,gpt2'
-      set root='hd0,gpt2'
-@@ -4457,13 +4457,13 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}
- 
- Generate a new grub.cfg file with the following command:
- 
--$ sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfgFor systems that use BIOS, this is Not Applicable.
-+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
- 
- For systems that are running a version of RHEL prior to 7.2, this is Not Applicable.
- 
- Verify that a unique name is set as the "superusers" account:
- 
--$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
-+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
-     set superusers="[someuniquestringhere]"
-     export superusers
- 
-diff --git a/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml
-index 2417b5813..cad9967ce 100644
---- a/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel7-v3r14-xccdf-scap.xml
-@@ -3133,7 +3133,7 @@ Confirm password:
-           SV-95719
-           V-81007
-           CCI-000213
--          Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
-+          Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
- 
- Generate an encrypted grub2 password for the grub superusers account with the following command:
- 
-@@ -3942,7 +3942,7 @@ On BIOS-based machines, use the following command:
- 
- On UEFI-based machines, use the following command:
- 
--# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
-+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
- 
- If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
- 
-@@ -7619,7 +7619,8 @@ Remove any duplicate or conflicting lines from /etc/sudoers and /etc/sudoers.d/
-           
-             Package openssh-server Removed
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-               multi_platform_fedora
-               multi_platform_sle
-             
-@@ -8231,7 +8232,8 @@ Operating systems need to track periods of inactivity and disable application id
-           
-             Limit Password Reuse
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-               multi_platform_fedora
-             
-             The passwords to remember should be set correctly.
-@@ -8247,7 +8249,8 @@ Operating systems need to track periods of inactivity and disable application id
-           
-             RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. 
- 
-@@ -8304,7 +8307,8 @@ Terminating network connections associated with communications sessions includes
-           
-             RHEL-07-030410 - The Red Hat Enterprise Linux operating system must audit all uses of the chmod, fchmod and fchmodat syscalls.
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
- 
-@@ -8360,7 +8364,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             RHEL-07-030370 - The Red Hat Enterprise Linux operating system must audit all uses of the chown, fchown, fchownat and lchown syscalls.
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             
-             
-@@ -8406,7 +8411,8 @@ When a user logs on, the auid is set to the uid of the account that is being aut
-           
-             RHEL-07-030440 - The Red Hat Enterprise Linux operating system must audit all uses of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr syscalls.
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             
-             
-@@ -9503,7 +9509,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Disable Host-Based Authentication
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             SSH host-based authentication should be disabled.
-             
-@@ -9614,7 +9621,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Mount Remote Filesystems with nosuid
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             
-             
-@@ -9644,7 +9652,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Package net-snmp Removed
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             The RPM package net-snmp should be removed.
-             
-@@ -9671,7 +9680,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Package telnet-server Removed
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             The RPM package telnet-server should be removed.
-             
-@@ -9699,7 +9709,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Package vsftpd Removed
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             The RPM package vsftpd should be removed.
-             
-@@ -9712,7 +9723,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Package xorg-x11-server-common Removed
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-               multi_platform_fedora
-             
-             
-@@ -9741,7 +9753,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Ensure /home Located On Separate Partition
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             If user home directories will be stored locally, create a
-       separate partition for /home. If /home will be mounted from another
-@@ -9759,7 +9772,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Ensure /var Located On Separate Partition
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             
-             
-@@ -9777,7 +9791,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Ensure /var/log/audit Located On Separate Partition
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             
-             
-@@ -9796,7 +9811,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-             Verify File Hashes with RPM
-             
-               multi_platform_fedora
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             Verify the RPM digests of system binaries using the RPM database.
-             
-@@ -9853,7 +9869,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Ensure Only Protocol 2 Connections Allowed
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-               multi_platform_debian
-               multi_platform_ubuntu
-             
-@@ -9889,7 +9906,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
-           
-             Disable .rhosts Files
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             
-             
-@@ -9954,7 +9972,8 @@ This should be disabled.
-           
-             Do Not Allow Users to Set Environment Options
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-             
-             PermitUserEnvironment should be disabled
-             
-@@ -10286,7 +10305,8 @@ By specifying a cipher list with the order of ciphers being in a "strongest to w
-           
-             Package openssh-server is version 7.4 or higher
-             
--              multi_platform_rhel
-+              multi_platform_rhel
-+multi_platform_almalinux
-               multi_platform_fedora
-               multi_platform_sle
-             
-@@ -10510,12 +10530,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
-             The UEFI grub2 boot loader should have password protection enabled.
-             
-           
--          
-+          
-             
--            
-+            
-             
--              
--              
-+              
-+              
-             
-           
-         
-@@ -11729,7 +11749,7 @@ This requirement addresses concurrent sessions for information system accounts a
-         
-           
-         
--        
-+        
-           
-         
-         
-@@ -12184,10 +12204,10 @@ This requirement addresses concurrent sessions for information system accounts a
-         
-           
-         
--        
-+        
-           
-         
--        
-+        
-           
-         
-         
-@@ -13837,7 +13857,7 @@ This requirement addresses concurrent sessions for information system accounts a
-           /boot/grub2/grub.cfg
-         
-         
--          /boot/efi/EFI/redhat/grub.cfg
-+          /boot/efi/EFI/almalinux/grub.cfg
-         
-         
-           
-@@ -14554,12 +14574,12 @@ This requirement addresses concurrent sessions for information system accounts a
-           1
-         
-         
--          /boot/efi/EFI/redhat/user.cfg
-+          /boot/efi/EFI/almalinux/user.cfg
-           ^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512\.\S+$
-           1
-         
-         
--          /boot/efi/EFI/redhat/grub.cfg
-+          /boot/efi/EFI/almalinux/grub.cfg
-           ^[\s]*set[\s]+superusers=\"\S+\"$
-           1
-         
-@@ -15096,7 +15116,7 @@ This requirement addresses concurrent sessions for information system accounts a
-       
-         
-           /boot/grub2/grub.cfg
--          /boot/efi/EFI/redhat/grub.cfg
-+          /boot/efi/EFI/almalinux/grub.cfg
-         
-         
-           
-@@ -15129,7 +15149,7 @@ This requirement addresses concurrent sessions for information system accounts a
-         
-         
-           /boot/grub2/grub.cfg
--          /boot/efi/EFI/redhat/grub.cfg
-+          /boot/efi/EFI/almalinux/grub.cfg
-         
-         
-           /etc/sysctl.d
-diff --git a/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml
-index cf7ead7c0..c6400910a 100644
---- a/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml
-+++ b/shared/references/disa-stig-rhel8-v1r12-xccdf-scap.xml
-@@ -2579,7 +2579,7 @@ SHA_CRYPT_MIN_ROUNDS 5000
+diff --git a/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml
+index 2bb4af3b9..3b4e256f4 100644
+--- a/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml
++++ b/shared/references/disa-stig-rhel8-v1r13-xccdf-scap.xml
+@@ -2584,7 +2584,7 @@ SHA_CRYPT_MIN_ROUNDS 5000
              2921
            
            CCI-000213
@@ -15361,74 +15203,74 @@ index cf7ead7c0..c6400910a 100644
  
  Generate an encrypted grub2 password for the grub superusers account with the following command:
  
-@@ -10359,11 +10359,11 @@ Passwords need to be protected at all times, and encryption is the standard meth
+@@ -10400,11 +10400,11 @@ Passwords need to be protected at all times, and encryption is the standard meth
              
              If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
            
 -          
--            
+-            
 +          
-+            
++            
              
--              
--              
-+              
-+              
+-              
+-              
++              
++              
              
            
          
-@@ -10999,7 +10999,7 @@ Configuration settings are the set of parameters that can be changed in hardware
+@@ -11040,7 +11040,7 @@ Configuration settings are the set of parameters that can be changed in hardware
              The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
            
            
--            
-+            
+-            
++            
              
                
                
-@@ -14588,15 +14588,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+@@ -14645,15 +14645,15 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            
            
          
--        
-+        
+-        
++        
            
            
          
--        
-+        
+-        
++        
            
            
          
--        
-+        
+-        
++        
            
          
-         
-@@ -16399,18 +16399,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
+         
+@@ -16481,18 +16481,18 @@ By limiting the number of attempts to meet the pwquality module complexity requi
            ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b
            1
          
--        
+-        
 -          /boot/efi/EFI/redhat/grub.cfg
-+        
++        
 +          /boot/efi/EFI/almalinux/grub.cfg
            ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
            1
          
--        
+-        
 -          /boot/efi/EFI/redhat/user.cfg
-+        
++        
 +          /boot/efi/EFI/almalinux/user.cfg
            ^\s*GRUB2_PASSWORD=(\S+)\b
            1
          
--        
+-        
 -          /boot/efi/EFI/redhat/grub.cfg
-+        
++        
 +          /boot/efi/EFI/almalinux/grub.cfg
          
-         
+         
            /boot/grub2/grub.cfg
 diff --git a/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r14-xccdf-manual.xml
 index 89b69d69d..cf9365113 100644
@@ -19677,26 +19519,6 @@ index c14013393..8b6269729 100644
              
              
              RHEL 9 is installed
-diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template
-index b324dc01a..6bcaeee57 100644
---- a/shared/templates/accounts_password/ansible.template
-+++ b/shared/templates/accounts_password/ansible.template
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
-diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template
-index 46e98c147..d1e49f5a0 100644
---- a/shared/templates/accounts_password/bash.template
-+++ b/shared/templates/accounts_password/bash.template
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
- # reboot = false
- # strategy = restrict
- # complexity = low
 diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
 index 5a686b0b2..74a7d8c30 100644
 --- a/shared/templates/audit_rules_dac_modification/ansible.template
@@ -19778,50 +19600,37 @@ index 332c87def..cdcf6352c 100644
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template
-index 0edc5c732..c8d61bd1f 100644
+index 0e2a29c80..a78d71da2 100644
 --- a/shared/templates/audit_rules_privileged_commands/ansible.template
 +++ b/shared/templates/audit_rules_privileged_commands/ansible.template
 @@ -1,7 +1,7 @@
- {{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
+ {{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel8", "rhel9", "rhel10", "sle12", "sle15", "slmicro5", "ubuntu2004", "ubuntu2204"] %}}
    {{%- set perm_x=" -F perm=x" %}}
  {{%- endif %}}
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = false
  # strategy = restrict
  # complexity = low
-diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template
-index 63dfcb06c..110b94caf 100644
---- a/shared/templates/audit_rules_privileged_commands/bash.template
-+++ b/shared/templates/audit_rules_privileged_commands/bash.template
-@@ -1,7 +1,7 @@
- {{%- if product in ["fedora", "ol7", "ol8", "ol9", "rhel7", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004", "ubuntu2204"] %}}
-   {{%- set perm_x=" -F perm=x" %}}
- {{%- endif %}}
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
- 
- ACTION_ARCH_FILTERS="-a always,exit"
- OTHER_FILTERS="-F path={{{ PATH }}}{{{ perm_x }}}"
 diff --git a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
-index 26ed4807d..29b415410 100644
+index 316171011..aba627753 100644
 --- a/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
 +++ b/shared/templates/audit_rules_privileged_commands/tests/auditctl_missing_perm_x.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # packages = audit
  
  source common.sh
 diff --git a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
-index 2cfd69a19..f3c352227 100644
+index 1cad34338..55c65dbe2 100644
 --- a/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
 +++ b/shared/templates/audit_rules_privileged_commands/tests/augenrules_missing_perm_x.fail.sh
 @@ -1,5 +1,5 @@
  #!/bin/bash
--# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  
  source common.sh
  
@@ -19866,25 +19675,15 @@ index b18223c98..e82de6427 100644
  # First perform the remediation of the syscall rule
  # Retrieve hardware architecture of the underlying system
 diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template
-index 43063a18f..f0440e169 100644
+index 0ffb15ba1..a7ee3c41d 100644
 --- a/shared/templates/audit_rules_usergroup_modification/ansible.template
 +++ b/shared/templates/audit_rules_usergroup_modification/ansible.template
 @@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_slmicro,multi_platform_ubuntu
  # reboot = true
  # strategy = restrict
  # complexity = low
-diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template
-index 62faac341..3461e4e29 100644
---- a/shared/templates/audit_rules_usergroup_modification/bash.template
-+++ b/shared/templates/audit_rules_usergroup_modification/bash.template
-@@ -1,4 +1,4 @@
--# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
-+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
- 
- # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
- 
 diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template
 index a573b6a1b..7011157d8 100644
 --- a/shared/templates/grub2_bootloader_argument/ansible.template
@@ -19915,6 +19714,16 @@ index 7e9ea909e..152f27303 100644
  {{%- if ARG_VARIABLE %}}
  {{%- set ARG_NAME_VALUE = ARG_NAME ~ "=(blueprint-populate " ~ ARG_VARIABLE ~ ")" -%}}
  {{%- endif %}}
+diff --git a/shared/templates/grub2_bootloader_argument/kickstart.template b/shared/templates/grub2_bootloader_argument/kickstart.template
+index c5051bcf7..846c0e661 100644
+--- a/shared/templates/grub2_bootloader_argument/kickstart.template
++++ b/shared/templates/grub2_bootloader_argument/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = true
+ # strategy = restrict
+ # complexity = medium
 diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
 index b594abe6d..bac3e9fc6 100644
 --- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
@@ -19928,26 +19737,26 @@ index b594abe6d..bac3e9fc6 100644
  # packages = grub2
  {{%- else %}}
 diff --git a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh
-index e84c6e619..3f0ec2ea8 100644
+index c6d5b6b1b..8cbc5ae5e 100644
 --- a/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh
 +++ b/shared/templates/grub2_bootloader_argument/tests/invalid_rescue.pass.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  
--# platform = Red Hat Enterprise Linux 9,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,Red Hat Enterprise Linux 10,multi_platform_fedora
  # packages = grub2,grubby
  {{%- if ARG_VARIABLE %}}
  # variables = {{{ ARG_VARIABLE }}}=correct_value
 diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
-index c827721ef..597368b03 100644
+index f43aa99c4..176760218 100644
 --- a/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
 +++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value_entries.fail.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  
--# platform = Red Hat Enterprise Linux 9,multi_platform_fedora
-+# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,Red Hat Enterprise Linux 10,multi_platform_fedora
  # packages = grub2,grubby
  
  source common.sh
@@ -19972,36 +19781,36 @@ index 8d7d6e9ea..18b900e51 100644
     See the OVAL template for more comments.
     Product-specific categorization should be synced across all template content types
 diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
-index 46ca33623..76c1ce48e 100644
+index fc3db8ccd..a12bef4b2 100644
 --- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
 +++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_there_etcdefaultgrub.fail.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
  # packages = grub2-tools,grubby
  
  # Adds argument from kernel command line in /etc/default/grub
 diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
-index e5ce738c3..c124317b3 100644
+index e51f669fd..00a74f76f 100644
 --- a/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
 +++ b/shared/templates/grub2_bootloader_argument_absent/tests/arg_value_there_etcdefaultgrub.fail.sh
 @@ -1,6 +1,6 @@
  #!/bin/bash
  
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9
+-# platform = multi_platform_rhel
++# platform = multi_platform_rhel,multi_platform_almalinux
  # packages = grub2-tools,grubby
  
  # Adds argument with a value from kernel command line in /etc/default/grub
 diff --git a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh
-index 511a64335..5402480ab 100644
+index 9eda41566..85128bd51 100644
 --- a/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh
 +++ b/shared/templates/grub2_bootloader_argument_absent/tests/mising_arg_invalid_rescue.pass.sh
 @@ -1,4 +1,4 @@
--# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9
-+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 9,AlmaLinux 9
+-# platform = Red Hat Enterprise Linux 9,Red Hat Enterprise Linux 10
++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,Red Hat Enterprise Linux 10
  # packages = grub2,grubby
  
  # Ensure the kernel command line for each installed kernel in the bootloader
@@ -20067,6 +19876,15 @@ index 56617467d..3cdacd4db 100644
  
  [[customizations.filesystem]]
  mountpoint = "{{{ MOUNTPOINT }}}"
+diff --git a/shared/templates/mount/kickstart.template b/shared/templates/mount/kickstart.template
+index fc2bdebd7..3c7833aa7 100644
+--- a/shared/templates/mount/kickstart.template
++++ b/shared/templates/mount/kickstart.template
+@@ -1,3 +1,3 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ 
+ logvol {{{ MOUNTPOINT }}} {{{ MIN_SIZE_MB }}}
 diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template
 index 083b0ef00..14f7018a9 100644
 --- a/shared/templates/mount_option/anaconda.template
@@ -20107,6 +19925,16 @@ index 65c48d381..ee1e6386d 100644
  # reboot = false
  # strategy = enable
  # complexity = low
+diff --git a/shared/templates/package_installed/kickstart.template b/shared/templates/package_installed/kickstart.template
+index be0fc1de8..8284a5711 100644
+--- a/shared/templates/package_installed/kickstart.template
++++ b/shared/templates/package_installed/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = enable
+ # complexity = low
 diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template
 index 489f9bb0f..0120d927c 100644
 --- a/shared/templates/package_removed/anaconda.template
@@ -20117,6 +19945,121 @@ index 489f9bb0f..0120d927c 100644
  # reboot = false
  # strategy = disable
  # complexity = low
+diff --git a/shared/templates/package_removed/kickstart.template b/shared/templates/package_removed/kickstart.template
+index 486ebbbdc..963412bac 100644
+--- a/shared/templates/package_removed/kickstart.template
++++ b/shared/templates/package_removed/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
+diff --git a/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh b/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
+index b3232cc93..97b5d1069 100644
+--- a/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/authselect_modified_pam.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # remediation = none
+ 
+ SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
+diff --git a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
+index 24f5731f6..875972eb2 100644
+--- a/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/conflicting_settings_authselect.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect,pam
+-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
++# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9
+ 
+ pam_files=("password-auth" "system-auth")
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
+index aa3ca061d..64992df97 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_conflicting_settings.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
+index 67c1b593b..74bb77abe 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_disabled.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
+index e770e300f..ae701fdab 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_expected_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
+index fd57152b8..664e42beb 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_lenient_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+index efb57601c..bac7a6401 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
+index e3ec96da0..56c6b75f3 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_not_required_pam_files.fail.sh
+@@ -1,5 +1,5 @@
+ #!/bin/bash
+-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
++# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+ # packages = authselect
+ # remediation = none
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+diff --git a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
+index 595b85192..f547b7431 100644
+--- a/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
++++ b/shared/templates/pam_account_password_faillock/tests/pam_faillock_stricter_faillock_conf.pass.sh
+@@ -1,6 +1,6 @@
+ #!/bin/bash
+ # packages = authselect
+-# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
++# platform = multi_platform_fedora,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,AlmaLinux 9,Oracle Linux 8
+ # variables = var_accounts_passwords_pam_faillock_deny=3
+ 
+ authselect select sssd --force
 diff --git a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh b/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
 index 0fa452ba0..8e9abbe3a 100755
 --- a/shared/templates/rsyslog_logfiles_attributes_modify/tests/legacy_correct_attr.pass.sh
@@ -20349,7 +20292,7 @@ index abdb09c48..9cc24d061 100755
  # Declare variables used for the tests and define the create_rsyslog_test_logs function
  source $SHARED/rsyslog_log_utils.sh
 diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template
-index 53a67710f..12e9f9b3b 100644
+index a17337508..1e9769b17 100644
 --- a/shared/templates/sebool/ansible.template
 +++ b/shared/templates/sebool/ansible.template
 @@ -1,4 +1,4 @@
@@ -20359,7 +20302,7 @@ index 53a67710f..12e9f9b3b 100644
  # strategy = enable
  # complexity = low
 diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template
-index 8cf8e262d..9a8eddad1 100644
+index 7bc1bd15d..b5534afd7 100644
 --- a/shared/templates/sebool/bash.template
 +++ b/shared/templates/sebool/bash.template
 @@ -1,4 +1,4 @@
@@ -20378,6 +20321,16 @@ index c8b6826b2..6bbb8eb2a 100644
  # reboot = false
  # strategy = disable
  # complexity = low
+diff --git a/shared/templates/service_disabled/kickstart.template b/shared/templates/service_disabled/kickstart.template
+index d1e39ae29..7ecd5523e 100644
+--- a/shared/templates/service_disabled/kickstart.template
++++ b/shared/templates/service_disabled/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
 diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template
 index 1ab456524..724e7b779 100644
 --- a/shared/templates/service_disabled/kubernetes.template
@@ -20398,6 +20351,16 @@ index 00fd1ee2f..2d99ec854 100644
  # reboot = false
  # strategy = enable
  # complexity = low
+diff --git a/shared/templates/service_enabled/kickstart.template b/shared/templates/service_enabled/kickstart.template
+index 451af774a..27ac615a2 100644
+--- a/shared/templates/service_enabled/kickstart.template
++++ b/shared/templates/service_enabled/kickstart.template
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora
++# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
+ # reboot = false
+ # strategy = disable
+ # complexity = low
 diff --git a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh b/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
 index 7db352eda..8746cc887 100644
 --- a/shared/templates/sshd_lineinfile/tests/correct_value_directory.pass.sh
@@ -20459,7 +20422,7 @@ index 1810d779a..bd4386724 100644
  SSHD_PARAM={{{ PARAMETER }}}
  SSHD_VAL="bad_val"
 diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template
-index 166788260..fa79e7262 100644
+index 887adae43..b4395c5a7 100644
 --- a/shared/templates/sysctl/bash.template
 +++ b/shared/templates/sysctl/bash.template
 @@ -1,4 +1,4 @@
@@ -20499,7 +20462,7 @@ index 25cd7432c..1ba5c29b7 100644
  # Correct BLS option using grubby, which is a thin wrapper around BLS operations
  grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
 diff --git a/ssg/constants.py b/ssg/constants.py
-index c02858096..4bf8ea1ea 100644
+index 7f8910743..478c9fab8 100644
 --- a/ssg/constants.py
 +++ b/ssg/constants.py
 @@ -40,6 +40,7 @@ SSG_REF_URIS = {
@@ -20509,16 +20472,16 @@ index c02858096..4bf8ea1ea 100644
 +    'almalinux9',
      'anolis8',
      'anolis23',
-     'chromium',
-@@ -198,6 +199,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
+     'al2023',
+@@ -201,6 +202,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
  FULL_NAME_TO_PRODUCT_MAPPING = {
      "Alibaba Cloud Linux 2": "alinux2",
      "Alibaba Cloud Linux 3": "alinux3",
 +    "AlmaLinux 9": "almalinux9",
      "Anolis OS 8": "anolis8",
      "Anolis OS 23": "anolis23",
-     "Chromium": "chromium",
-@@ -278,13 +280,14 @@ REFERENCES = dict(
+     "Amazon Linux 2023": "al2023",
+@@ -281,7 +283,7 @@ REFERENCES = dict(
  )
  
  
@@ -20526,15 +20489,16 @@ index c02858096..4bf8ea1ea 100644
 +MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhv", "debian", "ubuntu",
                         "openeuler",
                         "opensuse", "sle", "ol", "ocp", "rhcos",
-                        "example", "eks", "alinux", "uos", "anolis", "openembedded"]
+                        "example", "eks", "alinux", "uos", "anolis", "openembedded", "al",
+@@ -289,6 +291,7 @@ MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhv", "debian", "ubuntu",
  
  MULTI_PLATFORM_MAPPING = {
      "multi_platform_alinux": ["alinux2", "alinux3"],
 +    "multi_platform_almalinux": ["almalinux9"],
      "multi_platform_anolis": ["anolis8", "anolis23"],
-     "multi_platform_debian": ["debian10", "debian11", "debian12"],
+     "multi_platform_debian": ["debian11", "debian12"],
      "multi_platform_example": ["example"],
-@@ -452,6 +455,7 @@ XCCDF_PLATFORM_TO_PACKAGE = {
+@@ -413,6 +416,7 @@ XCCDF_PLATFORM_TO_PACKAGE = {
  # _version_name_map = {
  MAKEFILE_ID_TO_PRODUCT_MAP = {
      'alinux': 'Alibaba Cloud Linux',
@@ -20542,6 +20506,29 @@ index c02858096..4bf8ea1ea 100644
      'anolis': 'Anolis OS',
      'chromium': 'Google Chromium Browser',
      'fedora': 'Fedora',
+diff --git a/tests/README.md b/tests/README.md
+index 0f7312877..de0e14626 100644
+--- a/tests/README.md
++++ b/tests/README.md
+@@ -205,7 +205,7 @@ Using `platform` and `variables` metadata:
+ 
+ ```bash
+ #!/bin/bash
+-# platform = Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # variables = auth_enabled=yes,var_example_1=value_example
+ 
+ echo "KerberosAuthentication $auth_enabled" >> /etc/ssh/sshd_config
+diff --git a/tests/unit/ssg-module/data/group_dir/rule_dir/bash/rhel.sh b/tests/unit/ssg-module/data/group_dir/rule_dir/bash/rhel.sh
+index 7ea036bf0..b13a6526b 100644
+--- a/tests/unit/ssg-module/data/group_dir/rule_dir/bash/rhel.sh
++++ b/tests/unit/ssg-module/data/group_dir/rule_dir/bash/rhel.sh
+@@ -1,4 +1,4 @@
+-# platform = Red Hat Enterprise Linux 9,multi_platform_fedora
++# platform = Red Hat Enterprise Linux 9,AlmaLinux 9,multi_platform_fedora
+ # reboot = false
+ # complexity = low
+ # strategy = configure
 diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
 index ff0b30f03..0116294f1 100644
 --- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
@@ -20716,7 +20703,7 @@ index 10ecee505..3d3098f4e 100644
  # strategy = restrict
  # complexity = low
 diff --git a/tests/unit/ssg_test_suite/data/correct.pass.sh b/tests/unit/ssg_test_suite/data/correct.pass.sh
-index 8e5e284ee..ce1b79416 100644
+index 5a2bc1005..c3dfe6dce 100644
 --- a/tests/unit/ssg_test_suite/data/correct.pass.sh
 +++ b/tests/unit/ssg_test_suite/data/correct.pass.sh
 @@ -1,6 +1,6 @@
@@ -20725,14 +20712,14 @@ index 8e5e284ee..ce1b79416 100644
 -# platform = multi_platform_rhel,Fedora
 +# platform = multi_platform_rhel,multi_platform_almalinux,Fedora
  # profiles = xccdf_org.ssgproject.content_profile_cis
+ # check = oval
  # remediation = none
- # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
 diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
-index e9a7a9618..5b61e9f94 100755
+index e3c4bc4ae..c2d21331f 100755
 --- a/utils/ansible_playbook_to_role.py
 +++ b/utils/ansible_playbook_to_role.py
-@@ -66,6 +66,7 @@ PRODUCT_ALLOWLIST = set([
-     "rhel7",
+@@ -65,6 +65,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
+ PRODUCT_ALLOWLIST = set([
      "rhel8",
      "rhel9",
 +    "almalinux9",