From fabf8243993373bdb9f569cabdff3b859e40a9da Mon Sep 17 00:00:00 2001
From: Gabriel Becker <ggasparb@redhat.com>
Date: Thu, 25 Aug 2022 17:00:49 +0200
Subject: [PATCH] OSPP: fix rule related to coredump.

Resolves: RHBZ#2081688
---
 ...ix_core_pattern_empty_string-PR_9396.patch | 826 ++++++++++++++++++
 scap-security-guide.spec                      |   6 +-
 2 files changed, 831 insertions(+), 1 deletion(-)
 create mode 100644 scap-security-guide-0.1.64-fix_core_pattern_empty_string-PR_9396.patch

diff --git a/scap-security-guide-0.1.64-fix_core_pattern_empty_string-PR_9396.patch b/scap-security-guide-0.1.64-fix_core_pattern_empty_string-PR_9396.patch
new file mode 100644
index 0000000..457d139
--- /dev/null
+++ b/scap-security-guide-0.1.64-fix_core_pattern_empty_string-PR_9396.patch
@@ -0,0 +1,826 @@
+From 796d3630621847b478896ee4a773cdb605821882 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 18 Aug 2022 13:06:49 +0200
+Subject: [PATCH 1/8] Create custom sysctl_kernel_core_pattern_empty_string
+ content.
+
+---
+ .../ansible/shared.yml                        |  32 +++
+ .../bash/shared.sh                            |  60 +++++
+ .../oval/shared.xml                           | 221 ++++++++++++++++++
+ .../rule.yml                                  |  23 +-
+ .../tests/correct_value.pass.sh               |  10 +
+ .../tests/wrong_value.fail.sh                 |  10 +
+ .../tests/wrong_value_three_entries.fail.sh   |  11 +
+ .../tests/wrong_value_two_entries.fail.sh     |  10 +
+ products/rhel9/profiles/ospp.profile          |   2 +-
+ 9 files changed, 366 insertions(+), 13 deletions(-)
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value.pass.sh
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value.fail.sh
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_three_entries.fail.sh
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_two_entries.fail.sh
+
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
+new file mode 100644
+index 00000000000..a6e7bf54b56
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
+@@ -0,0 +1,32 @@
++# platform = multi_platform_all
++# reboot = true
++# strategy = disable
++# complexity = low
++# disruption = medium
++- name: List /etc/sysctl.d/*.conf files
++  find:
++    paths:
++    - /etc/sysctl.d/
++    - /run/sysctl.d/
++    contains: ^[\s]*kernel.core_pattern.*$
++    patterns: '*.conf'
++    file_type: any
++  register: find_sysctl_d
++- name: Comment out any occurrences of kernel.core_pattern from /etc/sysctl.d/*.conf
++    files
++  replace:
++    path: '{{ item.path }}'
++    regexp: ^[\s]*kernel.core_pattern
++    replace: '#kernel.core_pattern'
++  loop: '{{ find_sysctl_d.files }}'
++- name: Comment out any occurrences of kernel.core_pattern with value from /etc/sysctl.conf files
++  replace:
++    path: /etc/sysctl.conf
++    regexp: ^[\s]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*\S+
++    replace: '#kernel.core_pattern'
++- name: Ensure sysctl kernel.core_pattern is set to empty
++  sysctl:
++    name: kernel.core_pattern
++    value: ' ' # ansible sysctl module doesn't allow empty string, a space string is allowed and has the same semantics as sysctl will ignore spaces
++    state: present
++    reload: true
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh
+new file mode 100644
+index 00000000000..989987250bc
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh
+@@ -0,0 +1,60 @@
++# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# reboot = true
++# strategy = disable
++# complexity = low
++# disruption = medium
++# Remediation is applicable only in certain platforms
++if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then
++
++# Comment out any occurrences of kernel.core_pattern from /etc/sysctl.d/*.conf files
++
++for f in /etc/sysctl.d/*.conf /run/sysctl.d/*.conf; do
++
++  matching_list=$(grep -P '^(?!#).*[\s]*kernel.core_pattern.*$' $f | uniq )
++  if ! test -z "$matching_list"; then
++    while IFS= read -r entry; do
++      escaped_entry=$(sed -e 's|/|\\/|g' <<< "$entry")
++      # comment out "kernel.core_pattern" matches to preserve user data
++      sed -i "s/^${escaped_entry}$/# &/g" $f
++    done <<< "$matching_list"
++  fi
++done
++
++#
++# Set runtime for kernel.core_pattern
++#
++/sbin/sysctl -q -n -w kernel.core_pattern=""
++
++#
++# If kernel.core_pattern present in /etc/sysctl.conf, change value to empty
++#	else, add "kernel.core_pattern =" to /etc/sysctl.conf
++#
++# Test if the config_file is a symbolic link. If so, use --follow-symlinks with sed.
++# Otherwise, regular sed command will do.
++sed_command=('sed' '-i')
++if test -L "/etc/sysctl.conf"; then
++    sed_command+=('--follow-symlinks')
++fi
++
++# Strip any search characters in the key arg so that the key can be replaced without
++# adding any search characters to the config file.
++stripped_key=$(sed 's/[\^=\$,;+]*//g' <<< "^kernel.core_pattern")
++
++# shellcheck disable=SC2059
++printf -v formatted_output "%s=" "$stripped_key"
++
++# If the key exists, change it. Otherwise, add it to the config_file.
++# We search for the key string followed by a word boundary (matched by \>),
++# so if we search for 'setting', 'setting2' won't match.
++if LC_ALL=C grep -q -m 1 -i -e "^kernel.core_pattern\\>" "/etc/sysctl.conf"; then
++    escaped_formatted_output=$(sed -e 's|/|\\/|g' <<< "$formatted_output")
++    "${sed_command[@]}" "s/^kernel.core_pattern\\>.*/$escaped_formatted_output/gi" "/etc/sysctl.conf"
++else
++    # \n is precaution for case where file ends without trailing newline
++
++    printf '%s\n' "$formatted_output" >> "/etc/sysctl.conf"
++fi
++
++else
++    >&2 echo 'Remediation is not applicable, nothing was done'
++fi
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml
+new file mode 100644
+index 00000000000..39654259dcb
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml
+@@ -0,0 +1,221 @@
++
++
++<def-group>
++  <definition class="compliance" id="sysctl_kernel_core_pattern_empty_string" version="3">
++    {{{ oval_metadata("The kernel 'kernel.core_pattern' parameter should be set to the appropriate value in both system configuration and system runtime.") }}}
++    <criteria operator="AND">
++      <extend_definition comment="kernel.core_pattern configuration setting check"
++                         definition_ref="sysctl_kernel_core_pattern_empty_string_static"/>
++      <extend_definition comment="kernel.core_pattern runtime setting check"
++                         definition_ref="sysctl_kernel_core_pattern_empty_string_runtime"/>
++    </criteria>
++  </definition>
++</def-group><def-group>
++  <definition class="compliance" id="sysctl_kernel_core_pattern_empty_string_runtime" version="3">
++    {{{ oval_metadata("The kernel 'kernel.core_pattern' parameter should be set to an empty string in the system runtime.") }}}
++    <criteria operator="AND">
++      <criterion comment="kernel runtime parameter kernel.core_pattern set to an empty string"
++                 test_ref="test_sysctl_kernel_core_pattern_empty_string_runtime"/>
++    </criteria>
++  </definition>
++
++  <unix:sysctl_test id="test_sysctl_kernel_core_pattern_empty_string_runtime" version="1"
++                    comment="kernel runtime parameter kernel.core_pattern set to an empty string"
++                    check="all" check_existence="all_exist" state_operator="OR">
++    <unix:object object_ref="object_sysctl_kernel_core_pattern_empty_string_runtime"/>
++
++    <unix:state state_ref="state_sysctl_kernel_core_pattern_empty_string_runtime"/>
++
++  </unix:sysctl_test>
++
++  <unix:sysctl_object id="object_sysctl_kernel_core_pattern_empty_string_runtime" version="1">
++    <unix:name>kernel.core_pattern</unix:name>
++  </unix:sysctl_object>
++
++
++  <unix:sysctl_state id="state_sysctl_kernel_core_pattern_empty_string_runtime" version="1">
++
++    <unix:value datatype="string"
++                operation="equals"></unix:value>
++
++  </unix:sysctl_state>
++
++</def-group>
++<def-group>
++  <definition class="compliance" id="sysctl_kernel_core_pattern_empty_string_static" version="3">
++    {{{ oval_metadata("The kernel 'kernel.core_pattern' parameter should be set to an empty string in the system configuration.") }}}
++    <criteria operator="AND">
++      <criteria operator="OR">
++        <criterion comment="kernel static parameter kernel.core_pattern set to an empty string in /etc/sysctl.conf"
++                   test_ref="test_sysctl_kernel_core_pattern_empty_string_static"/>
++        <!-- see sysctl.d(5) -->
++        <criterion comment="kernel static parameter kernel.core_pattern set to an empty string in /etc/sysctl.d/*.conf"
++                   test_ref="test_sysctl_kernel_core_pattern_empty_string_static_etc_sysctld"/>
++        <criterion comment="kernel static parameter kernel.core_pattern set to an empty string in /run/sysctl.d/*.conf"
++                   test_ref="test_sysctl_kernel_core_pattern_empty_string_static_run_sysctld"/>
++
++      </criteria>
++
++      <criterion comment="Check that kernel_core_pattern is defined in only one file" test_ref="test_sysctl_kernel_core_pattern_empty_string_defined_in_one_file" />
++    </criteria>
++  </definition>
++  <ind:textfilecontent54_test id="test_sysctl_kernel_core_pattern_empty_string_static" version="1"
++                              check="all" check_existence="all_exist"
++                              comment="kernel.core_pattern static configuration" state_operator="OR">
++    <ind:object object_ref="object_static_sysctl_sysctl_kernel_core_pattern_empty_string"/>
++    <ind:state state_ref="state_static_sysctld_sysctl_kernel_core_pattern_empty_string"/>
++
++  </ind:textfilecontent54_test>
++
++  <ind:textfilecontent54_test id="test_sysctl_kernel_core_pattern_empty_string_static_etc_sysctld" version="1" check="all"
++                          comment="kernel.core_pattern static configuration in /etc/sysctl.d/*.conf" state_operator="OR">
++    <ind:object object_ref="object_static_etc_sysctld_sysctl_kernel_core_pattern_empty_string"/>
++    <ind:state state_ref="state_static_sysctld_sysctl_kernel_core_pattern_empty_string"/>
++
++  </ind:textfilecontent54_test>
++
++  <ind:textfilecontent54_test id="test_sysctl_kernel_core_pattern_empty_string_static_run_sysctld" version="1" check="all"
++                          comment="kernel.core_pattern static configuration in /run/sysctl.d/*.conf" state_operator="OR">
++    <ind:object object_ref="object_static_run_sysctld_sysctl_kernel_core_pattern_empty_string"/>
++    <ind:state state_ref="state_static_sysctld_sysctl_kernel_core_pattern_empty_string"/>
++
++  </ind:textfilecontent54_test>
++  <ind:variable_test check="all" check_existence="all_exist" comment="Check that only one file contains kernel_core_pattern"
++  id="test_sysctl_kernel_core_pattern_empty_string_defined_in_one_file" version="1">
++    <ind:object object_ref="object_sysctl_kernel_core_pattern_empty_string_defined_in_one_file" />
++    <ind:state state_ref="state_sysctl_kernel_core_pattern_empty_string_defined_in_one_file" />
++  </ind:variable_test>
++
++  <ind:variable_object id="object_sysctl_kernel_core_pattern_empty_string_defined_in_one_file" version="1">
++    <ind:var_ref>local_var_sysctl_kernel_core_pattern_empty_string_counter</ind:var_ref>
++  </ind:variable_object>
++
++  <ind:variable_state id="state_sysctl_kernel_core_pattern_empty_string_defined_in_one_file" version="1">
++    <ind:value operation="equals" datatype="int">1</ind:value>
++  </ind:variable_state>
++
++  <local_variable comment="Count unique sysctls" datatype="int" id="local_var_sysctl_kernel_core_pattern_empty_string_counter" version="1">
++    <count>
++      <unique>
++        <object_component object_ref="object_sysctl_kernel_core_pattern_empty_string_static_set_sysctls" item_field="filepath" />
++      </unique>
++    </count>
++  </local_variable>
++
++  <ind:textfilecontent54_object id="object_sysctl_kernel_core_pattern_empty_string_static_set_sysctls" version="1">
++    <set>
++      <object_reference>object_sysctl_kernel_core_pattern_empty_string_static_set_sysctls_unfiltered</object_reference>
++      <filter action="exclude">state_sysctl_kernel_core_pattern_empty_string_filepath_is_symlink</filter>
++    </set>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_state id="state_sysctl_kernel_core_pattern_empty_string_filepath_is_symlink" version="1">
++    <ind:filepath operation="equals" var_check="at least one" var_ref="local_var_sysctl_kernel_core_pattern_empty_string_safe_symlinks" datatype="string" />
++  </ind:textfilecontent54_state>
++
++  <!-- <no symlink handling> -->
++  <!-- We craft a variable with blank string to combine with the symlink paths found.
++       This ultimately avoids referencing a variable with "no values",
++       we reference a variable with a blank string -->
++  <local_variable comment="Unique list of symlink conf files" datatype="string" id="local_var_sysctl_kernel_core_pattern_empty_string_safe_symlinks" version="1">
++    <unique>
++      <object_component object_ref="var_object_symlink_sysctl_kernel_core_pattern_empty_string" item_field="value" />
++    </unique>
++  </local_variable>
++
++  <ind:variable_object id="var_object_symlink_sysctl_kernel_core_pattern_empty_string" comment="combine the blank string with symlink paths found" version="1">
++    <set>
++      <object_reference>var_obj_symlink_sysctl_kernel_core_pattern_empty_string</object_reference>
++      <object_reference>var_obj_blank_sysctl_kernel_core_pattern_empty_string</object_reference>
++    </set>
++  </ind:variable_object>
++
++  <ind:variable_object id="var_obj_blank_sysctl_kernel_core_pattern_empty_string" comment="variable object of the blank string" version="1">
++    <ind:var_ref>local_var_blank_path_sysctl_kernel_core_pattern_empty_string</ind:var_ref>
++  </ind:variable_object>
++
++  <local_variable comment="Blank string" datatype="string" id="local_var_blank_path_sysctl_kernel_core_pattern_empty_string" version="1">
++    <literal_component datatype="string"></literal_component>
++  </local_variable>
++
++  <ind:variable_object id="var_obj_symlink_sysctl_kernel_core_pattern_empty_string" comment="variable object of the symlinks found" version="1">
++    <ind:var_ref>local_var_symlinks_sysctl_kernel_core_pattern_empty_string</ind:var_ref>
++  </ind:variable_object>
++  <!-- </no symlink handling> -->
++
++  <local_variable comment="Unique list of symlink conf files" datatype="string" id="local_var_symlinks_sysctl_kernel_core_pattern_empty_string" version="1">
++    <unique>
++      <object_component object_ref="object_sysctl_kernel_core_pattern_empty_string_symlinks" item_field="filepath" />
++    </unique>
++  </local_variable>
++
++  <!-- "pattern match" doesn't seem to work with symlink_object, not sure if a bug or not.
++       Workaround by querying for all conf files found -->
++  <unix:symlink_object comment="Symlinks referencing files in default dirs" id="object_sysctl_kernel_core_pattern_empty_string_symlinks" version="1">
++    <unix:filepath operation="equals" var_ref="local_var_conf_files_sysctl_kernel_core_pattern_empty_string" />
++    <filter action="exclude">state_symlink_points_outside_usual_dirs_sysctl_kernel_core_pattern_empty_string</filter>
++  </unix:symlink_object>
++
++  <!-- The state matches symlinks that don't point to the default dirs, i.e. paths that are not:
++       ^/etc/sysctl.conf$
++       ^/etc/sysctl.d/.*$
++       ^/run/sysctl.d/.*$
++       ^/usr/lib/sysctl.d/.*$ -->
++  <unix:symlink_state comment="State that matches symlinks referencing files not in the default dirs" id="state_symlink_points_outside_usual_dirs_sysctl_kernel_core_pattern_empty_string" version="1">
++    <unix:canonical_path operation="pattern match">^(?!(\/etc\/sysctl\.conf$|(\/etc|\/run|\/usr\/lib)\/sysctl\.d\/)).*$</unix:canonical_path>
++  </unix:symlink_state>
++
++
++  <local_variable comment="List of conf files" datatype="string" id="local_var_conf_files_sysctl_kernel_core_pattern_empty_string" version="1">
++    <object_component object_ref="object_sysctl_kernel_core_pattern_empty_string_static_set_sysctls_unfiltered" item_field="filepath" />
++  </local_variable>
++
++  <!-- Avoid directly referencing a possibly empty collection, one empty collection will cause the
++       variable to have no value even when there are valid objects. -->
++  <ind:textfilecontent54_object id="object_sysctl_kernel_core_pattern_empty_string_static_set_sysctls_unfiltered" version="1">
++    <set>
++      <object_reference>object_static_etc_sysctls_sysctl_kernel_core_pattern_empty_string</object_reference>
++      <object_reference>object_static_run_usr_sysctls_sysctl_kernel_core_pattern_empty_string</object_reference>
++    </set>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_object id="object_static_etc_sysctls_sysctl_kernel_core_pattern_empty_string" version="1">
++    <set>
++      <object_reference>object_static_sysctl_sysctl_kernel_core_pattern_empty_string</object_reference>
++      <object_reference>object_static_etc_sysctld_sysctl_kernel_core_pattern_empty_string</object_reference>
++    </set>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_object id="object_static_run_usr_sysctls_sysctl_kernel_core_pattern_empty_string" version="1">
++    <set>
++      <object_reference>object_static_run_sysctld_sysctl_kernel_core_pattern_empty_string</object_reference>
++
++    </set>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_object id="object_static_sysctl_sysctl_kernel_core_pattern_empty_string" version="1">
++    <ind:filepath>/etc/sysctl.conf</ind:filepath>
++    <ind:pattern operation="pattern match">^[[:blank:]]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*(.*)$</ind:pattern>
++    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_object id="object_static_etc_sysctld_sysctl_kernel_core_pattern_empty_string" version="1">
++    <ind:path>/etc/sysctl.d</ind:path>
++    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
++    <ind:pattern operation="pattern match">^[[:blank:]]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*(.*)$</ind:pattern>
++    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++  </ind:textfilecontent54_object>
++
++  <ind:textfilecontent54_object id="object_static_run_sysctld_sysctl_kernel_core_pattern_empty_string" version="1">
++    <ind:path>/run/sysctl.d</ind:path>
++    <ind:filename operation="pattern match">^.*\.conf$</ind:filename>
++    <ind:pattern operation="pattern match">^[[:blank:]]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*(.*)$</ind:pattern>
++    <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
++  </ind:textfilecontent54_object>
++  <ind:textfilecontent54_state id="state_static_sysctld_sysctl_kernel_core_pattern_empty_string" version="1">
++
++    <ind:subexpression operation="equals" datatype="string"></ind:subexpression>
++
++  </ind:textfilecontent54_state>
++
++</def-group>
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml
+index dc21f53c98c..2babb28e361 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/rule.yml
+@@ -1,18 +1,18 @@
+ documentation_complete: true
+ 
+-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
++prodtype: rhel9
+ 
+ title: 'Disable storing core dumps'
+ 
+ description: |-
+     The <tt>kernel.core_pattern</tt> option specifies the core dumpfile pattern
+-    name. It can be set to an empty string <tt>''</tt>. In this case, the kernel
++    name. It can be set to an empty string. In this case, the kernel
+     behaves differently based on another related option. If
+     <tt>kernel.core_uses_pid</tt> is set to <tt>1</tt>, then a file named as
+     <tt>.PID</tt> (where <tt>PID</tt> is process ID of the crashed process) is
+     created in the working directory. If <tt>kernel.core_uses_pid</tt> is set to
+     <tt>0</tt>, no coredump is saved.
+-    {{{ describe_sysctl_option_value(sysctl="kernel.core_pattern", value="''") }}}'
++    {{{ describe_sysctl_option_value(sysctl="kernel.core_pattern", value="") }}}
+ 
+ rationale: |-
+     A core dump includes a memory image taken at the time the operating system
+@@ -30,17 +30,16 @@ conflicts:
+ identifiers:
+     cce@rhel9: CCE-86005-6
+ 
++references:
++    ospp: FMT_SMF_EXT.1
++
+ ocil_clause: |-
+-    the returned line does not have a value of ''.
++    the returned line does not have an empty string
+ 
+ ocil: |
+-    {{{ ocil_sysctl_option_value(sysctl="kernel.core_pattern", value="''") }}}
++    The runtime status of the <code>kernel.core_pattern</code> kernel parameter can be queried
++    by running the following command:
++    <pre>$ sysctl kernel.core_pattern | cat -A</pre>
++    <code>kernel.core_pattern = $</code>
+ 
+ platform: machine
+-
+-template:
+-    name: sysctl
+-    vars:
+-        sysctlvar: kernel.core_pattern
+-        sysctlval: "''"
+-        datatype: string
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value.pass.sh
+new file mode 100644
+index 00000000000..71f0f5db142
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value.pass.sh
+@@ -0,0 +1,10 @@
++#!/bin/bash
++
++# Clean sysctl config directories
++rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
++
++sed -i "/kernel.core_pattern/d" /etc/sysctl.conf
++echo "kernel.core_pattern=" >> /etc/sysctl.conf
++
++# set correct runtime value to check if the filesystem configuration is evaluated properly
++sysctl -w kernel.core_pattern=""
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value.fail.sh
+new file mode 100644
+index 00000000000..1c5fabcc136
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value.fail.sh
+@@ -0,0 +1,10 @@
++#!/bin/bash
++
++# Clean sysctl config directories
++rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
++
++sed -i "/kernel.core_pattern/d" /etc/sysctl.conf
++echo "kernel.core_pattern=|/bin/false" >> /etc/sysctl.conf
++
++# set correct runtime value to check if the filesystem configuration is evaluated properly
++sysctl -w kernel.core_pattern="|/bin/false"
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_three_entries.fail.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_three_entries.fail.sh
+new file mode 100644
+index 00000000000..e56e927ec56
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_three_entries.fail.sh
+@@ -0,0 +1,11 @@
++#!/bin/bash
++
++# Clean sysctl config directories
++rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
++
++sed -i "/kernel.core_pattern/d" /etc/sysctl.conf
++echo "kernel.core_pattern=|/bin/false" >> /etc/sysctl.conf
++echo "kernel.core_pattern=" >> /etc/sysctl.conf
++echo "kernel.core_pattern=|/bin/false" >> /etc/sysctl.conf
++# set correct runtime value to check if the filesystem configuration is evaluated properly
++sysctl -w kernel.core_pattern=""
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_two_entries.fail.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_two_entries.fail.sh
+new file mode 100644
+index 00000000000..6c065b1e038
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_two_entries.fail.sh
+@@ -0,0 +1,10 @@
++#!/bin/bash
++
++# Clean sysctl config directories
++rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
++
++sed -i "/kernel.core_pattern/d" /etc/sysctl.conf
++echo "kernel.core_pattern=|/bin/false" >> /etc/sysctl.conf
++echo "kernel.core_pattern=" >> /etc/sysctl.conf
++# set correct runtime value to check if the filesystem configuration is evaluated properly
++sysctl -w kernel.core_pattern=""
+diff --git a/products/rhel9/profiles/ospp.profile b/products/rhel9/profiles/ospp.profile
+index 9fdd1354e38..b1b18261d48 100644
+--- a/products/rhel9/profiles/ospp.profile
++++ b/products/rhel9/profiles/ospp.profile
+@@ -110,7 +110,7 @@ selections:
+     - package_gnutls-utils_installed
+ 
+     ### Login
+-    - sysctl_kernel_core_pattern
++    - sysctl_kernel_core_pattern_empty_string
+     - sysctl_kernel_core_uses_pid
+     - service_systemd-coredump_disabled
+     - var_authselect_profile=minimal
+
+From a77abaf442d411fe7bc59e94a1c0330163e03a16 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Aug 2022 11:13:04 +0200
+Subject: [PATCH 2/8] Make the conflicts attribute appblicable only to RHEL9.
+
+The new rule empty is applicable only to RHEL9 and if there would not be
+the restriction, then dangling references would be produced.
+---
+ .../restrictions/sysctl_kernel_core_pattern/rule.yml            | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+index 1a540ce20b3..e369854060b 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+@@ -13,8 +13,10 @@ rationale: |-
+ 
+ severity: medium
+ 
++{{% if product in ["rhel9"] %}}
+ conflicts:
+     - sysctl_kernel_core_pattern_empty_string
++{{% endif %}}
+ 
+ identifiers:
+     cce@rhcos4: CCE-82527-3
+
+From ec71ac98b89cc8295324c90b1610a5ff01126895 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Aug 2022 11:16:41 +0200
+Subject: [PATCH 3/8] Switch bash remediation applicable to all products in
+ sysctl_kernel_core_pattern_empty_string.
+
+---
+ .../sysctl_kernel_core_pattern_empty_string/bash/shared.sh      | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh
+index 989987250bc..9e84d41056d 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/bash/shared.sh
+@@ -1,4 +1,4 @@
+-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
++# platform = multi_platform_all
+ # reboot = true
+ # strategy = disable
+ # complexity = low
+
+From bac544446d3c5a1d87a2b4934cbb94ebc00d2ce9 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Aug 2022 11:23:04 +0200
+Subject: [PATCH 4/8] Address feedback.
+
+---
+ .../ansible/shared.yml                        |  3 +++
+ .../oval/shared.xml                           | 19 +++++--------------
+ 2 files changed, 8 insertions(+), 14 deletions(-)
+
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
+index a6e7bf54b56..22a8d99dae8 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
+@@ -12,6 +12,7 @@
+     patterns: '*.conf'
+     file_type: any
+   register: find_sysctl_d
++
+ - name: Comment out any occurrences of kernel.core_pattern from /etc/sysctl.d/*.conf
+     files
+   replace:
+@@ -19,11 +20,13 @@
+     regexp: ^[\s]*kernel.core_pattern
+     replace: '#kernel.core_pattern'
+   loop: '{{ find_sysctl_d.files }}'
++
+ - name: Comment out any occurrences of kernel.core_pattern with value from /etc/sysctl.conf files
+   replace:
+     path: /etc/sysctl.conf
+     regexp: ^[\s]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*\S+
+     replace: '#kernel.core_pattern'
++
+ - name: Ensure sysctl kernel.core_pattern is set to empty
+   sysctl:
+     name: kernel.core_pattern
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml
+index 39654259dcb..1c3bbfd9a3e 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/oval/shared.xml
+@@ -10,7 +10,9 @@
+                          definition_ref="sysctl_kernel_core_pattern_empty_string_runtime"/>
+     </criteria>
+   </definition>
+-</def-group><def-group>
++</def-group>
++
++<def-group>
+   <definition class="compliance" id="sysctl_kernel_core_pattern_empty_string_runtime" version="3">
+     {{{ oval_metadata("The kernel 'kernel.core_pattern' parameter should be set to an empty string in the system runtime.") }}}
+     <criteria operator="AND">
+@@ -23,21 +25,15 @@
+                     comment="kernel runtime parameter kernel.core_pattern set to an empty string"
+                     check="all" check_existence="all_exist" state_operator="OR">
+     <unix:object object_ref="object_sysctl_kernel_core_pattern_empty_string_runtime"/>
+-
+     <unix:state state_ref="state_sysctl_kernel_core_pattern_empty_string_runtime"/>
+-
+   </unix:sysctl_test>
+ 
+   <unix:sysctl_object id="object_sysctl_kernel_core_pattern_empty_string_runtime" version="1">
+     <unix:name>kernel.core_pattern</unix:name>
+   </unix:sysctl_object>
+ 
+-
+   <unix:sysctl_state id="state_sysctl_kernel_core_pattern_empty_string_runtime" version="1">
+-
+-    <unix:value datatype="string"
+-                operation="equals"></unix:value>
+-
++    <unix:value datatype="string" operation="equals"></unix:value>
+   </unix:sysctl_state>
+ 
+ </def-group>
+@@ -53,18 +49,17 @@
+                    test_ref="test_sysctl_kernel_core_pattern_empty_string_static_etc_sysctld"/>
+         <criterion comment="kernel static parameter kernel.core_pattern set to an empty string in /run/sysctl.d/*.conf"
+                    test_ref="test_sysctl_kernel_core_pattern_empty_string_static_run_sysctld"/>
+-
+       </criteria>
+ 
+       <criterion comment="Check that kernel_core_pattern is defined in only one file" test_ref="test_sysctl_kernel_core_pattern_empty_string_defined_in_one_file" />
+     </criteria>
+   </definition>
++
+   <ind:textfilecontent54_test id="test_sysctl_kernel_core_pattern_empty_string_static" version="1"
+                               check="all" check_existence="all_exist"
+                               comment="kernel.core_pattern static configuration" state_operator="OR">
+     <ind:object object_ref="object_static_sysctl_sysctl_kernel_core_pattern_empty_string"/>
+     <ind:state state_ref="state_static_sysctld_sysctl_kernel_core_pattern_empty_string"/>
+-
+   </ind:textfilecontent54_test>
+ 
+   <ind:textfilecontent54_test id="test_sysctl_kernel_core_pattern_empty_string_static_etc_sysctld" version="1" check="all"
+@@ -165,7 +160,6 @@
+     <unix:canonical_path operation="pattern match">^(?!(\/etc\/sysctl\.conf$|(\/etc|\/run|\/usr\/lib)\/sysctl\.d\/)).*$</unix:canonical_path>
+   </unix:symlink_state>
+ 
+-
+   <local_variable comment="List of conf files" datatype="string" id="local_var_conf_files_sysctl_kernel_core_pattern_empty_string" version="1">
+     <object_component object_ref="object_sysctl_kernel_core_pattern_empty_string_static_set_sysctls_unfiltered" item_field="filepath" />
+   </local_variable>
+@@ -189,7 +183,6 @@
+   <ind:textfilecontent54_object id="object_static_run_usr_sysctls_sysctl_kernel_core_pattern_empty_string" version="1">
+     <set>
+       <object_reference>object_static_run_sysctld_sysctl_kernel_core_pattern_empty_string</object_reference>
+-
+     </set>
+   </ind:textfilecontent54_object>
+ 
+@@ -213,9 +206,7 @@
+     <ind:instance datatype="int" operation="greater than or equal">1</ind:instance>
+   </ind:textfilecontent54_object>
+   <ind:textfilecontent54_state id="state_static_sysctld_sysctl_kernel_core_pattern_empty_string" version="1">
+-
+     <ind:subexpression operation="equals" datatype="string"></ind:subexpression>
+-
+   </ind:textfilecontent54_state>
+ 
+ </def-group>
+
+From 39bb8e75c95c469a4f6428664f24f7f9688ffa87 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Aug 2022 14:46:15 +0200
+Subject: [PATCH 5/8] Fix test parse affected to support OVAL with multiple
+ def-group tags.
+
+---
+ tests/test_parse_affected.py | 26 ++++++++++++++++----------
+ 1 file changed, 16 insertions(+), 10 deletions(-)
+
+diff --git a/tests/test_parse_affected.py b/tests/test_parse_affected.py
+index 8407794b972..947b56636c0 100755
+--- a/tests/test_parse_affected.py
++++ b/tests/test_parse_affected.py
+@@ -3,6 +3,7 @@
+ from __future__ import print_function
+ 
+ import os
++import re
+ import sys
+ 
+ import ssg.constants
+@@ -73,19 +74,24 @@ def parse_affected(cur_dir, env_yaml):
+             if not xml_content:
+                 continue
+ 
+-            oval_contents = ssg.utils.split_string_content(xml_content)
++            # split multiple def group into a list so multiple definitions in one OVAL also work
++            # this findall does not preserv the <def-group> tag but it's not necessary for the
++            # purpose of the test
++            xml_content_list = re.findall(r'<def-group>(.+?)</def-group>', xml_content, re.DOTALL)
++            for item in xml_content_list:
++                oval_contents = ssg.utils.split_string_content(item)
+ 
+-            try:
+-                results = ssg.oval.parse_affected(oval_contents)
++                try:
++                    results = ssg.oval.parse_affected(oval_contents)
+ 
+-                assert len(results) == 3
+-                assert isinstance(results[0], int)
+-                assert isinstance(results[1], int)
++                    assert len(results) == 3
++                    assert isinstance(results[0], int)
++                    assert isinstance(results[1], int)
+ 
+-            except ValueError as e:
+-                print("No <affected> element found in file {}. "
+-                      " Parsed XML was:\n{}".format(oval, xml_content))
+-                raise e
++                except ValueError as e:
++                    print("No <affected> element found in file {}. "
++                        " Parsed XML was:\n{}".format(oval, item))
++                    raise e
+ 
+ 
+ if __name__ == "__main__":
+
+From 8d6176c1f96f983aaa0134d19cc66fd3c7b29e15 Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Aug 2022 15:14:57 +0200
+Subject: [PATCH 6/8] Fix ansible remediation to preserve old non compliant
+ values.
+
+Comment out any offending line.
+---
+ .../ansible/shared.yml                                        | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
+index 22a8d99dae8..f4dc5110fee 100644
+--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/ansible/shared.yml
+@@ -24,8 +24,8 @@
+ - name: Comment out any occurrences of kernel.core_pattern with value from /etc/sysctl.conf files
+   replace:
+     path: /etc/sysctl.conf
+-    regexp: ^[\s]*kernel.core_pattern[[:blank:]]*=[[:blank:]]*\S+
+-    replace: '#kernel.core_pattern'
++    regexp: '^[\s]*kernel.core_pattern([ \t]*=[ \t]*\S+)'
++    replace: '#kernel.core_pattern\1'
+ 
+ - name: Ensure sysctl kernel.core_pattern is set to empty
+   sysctl:
+
+From c5bcea37000f54f3273d529237e02fe0979e6d6d Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Aug 2022 15:20:41 +0200
+Subject: [PATCH 7/8] Fix PEP8 issue.
+
+---
+ tests/test_parse_affected.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tests/test_parse_affected.py b/tests/test_parse_affected.py
+index 947b56636c0..53690df5ce1 100755
+--- a/tests/test_parse_affected.py
++++ b/tests/test_parse_affected.py
+@@ -90,7 +90,7 @@ def parse_affected(cur_dir, env_yaml):
+ 
+                 except ValueError as e:
+                     print("No <affected> element found in file {}. "
+-                        " Parsed XML was:\n{}".format(oval, item))
++                          " Parsed XML was:\n{}".format(oval, item))
+                     raise e
+ 
+ 
+
+From 243347ad56fcd4f83f0b77e9b3b7fcd98d0d4acb Mon Sep 17 00:00:00 2001
+From: Gabriel Becker <ggasparb@redhat.com>
+Date: Thu, 25 Aug 2022 16:31:31 +0200
+Subject: [PATCH 8/8] Add more test scenarios for
+ sysctl_kernel_core_pattern_empty_string.
+
+---
+ .../tests/correct_value_with_spaces.pass.sh            | 10 ++++++++++
+ .../tests/wrong_value_d_directory.fail.sh              |  9 +++++++++
+ .../tests/wrong_value_runtime.fail.sh                  | 10 ++++++++++
+ 3 files changed, 29 insertions(+)
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value_with_spaces.pass.sh
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_d_directory.fail.sh
+ create mode 100644 linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_runtime.fail.sh
+
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value_with_spaces.pass.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value_with_spaces.pass.sh
+new file mode 100644
+index 00000000000..b6688e6ca91
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/correct_value_with_spaces.pass.sh
+@@ -0,0 +1,10 @@
++#!/bin/bash
++
++# Clean sysctl config directories
++rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
++
++sed -i "/kernel.core_pattern/d" /etc/sysctl.conf
++echo "kernel.core_pattern=    " >> /etc/sysctl.conf
++
++# set correct runtime value to check if the filesystem configuration is evaluated properly
++sysctl -w kernel.core_pattern=""
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_d_directory.fail.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_d_directory.fail.sh
+new file mode 100644
+index 00000000000..6c574b92762
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_d_directory.fail.sh
+@@ -0,0 +1,9 @@
++#!/bin/bash
++# Clean sysctl config directories
++rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
++
++sed -i "/kernel.core_pattern/d" /etc/sysctl.conf
++echo "kernel.core_pattern=|/bin/false" >> /etc/sysctl.d/98-sysctl.conf
++
++# set correct runtime value to check if the filesystem configuration is evaluated properly
++sysctl -w kernel.core_pattern=""
+diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_runtime.fail.sh b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_runtime.fail.sh
+new file mode 100644
+index 00000000000..8c729677b86
+--- /dev/null
++++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern_empty_string/tests/wrong_value_runtime.fail.sh
+@@ -0,0 +1,10 @@
++#!/bin/bash
++
++# Clean sysctl config directories
++rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
++
++sed -i "/kernel.core_pattern/d" /etc/sysctl.conf
++echo "kernel.core_pattern=" >> /etc/sysctl.conf
++
++# set correct runtime value to check if the filesystem configuration is evaluated properly
++sysctl -w kernel.core_pattern="|/bin/false"
diff --git a/scap-security-guide.spec b/scap-security-guide.spec
index 3117f72..89f26f7 100644
--- a/scap-security-guide.spec
+++ b/scap-security-guide.spec
@@ -6,7 +6,7 @@
 
 Name:		scap-security-guide
 Version:	0.1.63
-Release:	4%{?dist}
+Release:	5%{?dist}
 Summary:	Security guidance and baselines in SCAP formats
 License:	BSD-3-Clause
 URL:		https://github.com/ComplianceAsCode/content/
@@ -21,6 +21,7 @@ Patch4:		scap-security-guide-0.1.64-authselect_minimal_for_ospp-PR_9298.patch
 Patch5:		scap-security-guide-0.1.64-coredump_rules_for_ospp-PR_9285.patch
 Patch6:		scap-security-guide-0.1.64-readd_rules-PR_9334.patch
 Patch7:		scap-security-guide-0.1.64-put_back_kernel_core_pattern_bin_false-PR_9384.patch
+Patch8:		scap-security-guide-0.1.64-fix_core_pattern_empty_string-PR_9396.patch
 
 BuildRequires:	libxslt
 BuildRequires:	expat
@@ -107,6 +108,9 @@ rm %{buildroot}/%{_docdir}/%{name}/Contributors.md
 %endif
 
 %changelog
+* Thu Aug 25 2022 Gabriel Becker <ggasparb@redhat.com> - 0.1.63-5
+- OSPP: fix rule related to coredump (RHBZ#2081688)
+
 * Tue Aug 23 2022 Vojtech Polasek <vpolasek@redhat.com> - 0.1.63-4
 - use sysctl_kernel_core_pattern rule again in RHEL9 OSPP (RHBZ#2081688)