[pam]
pam_cert_auth = True
- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9"] %}}
Add or update "pam_sss.so" line in auth section of "/etc/pam.d/system-auth" file to include
"try_cert_auth" or "require_cert_auth" option, like in the following example:
@@ -50,7 +50,7 @@ references:
ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052,SRG-OS-000106-GPOS-00053,SRG-OS-000107-GPOS-00054,SRG-OS-000108-GPOS-00055
stigid@ol8: OL08-00-020250
- stigid@rhel8: RHEL-08-020250
+ stigid@almalinux8: RHEL-08-020250
vmmsrg: SRG-OS-000107-VMM-000530
ocil_clause: 'smart cards are not enabled in SSSD'
@@ -61,7 +61,7 @@ ocil: |-
If configured properly, output should be
pam_cert_auth = True
- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9"] %}}
To verify that smart cards are enabled in PAM files, run the following command:
$ sudo grep -e "auth.*pam_sss.so.*\(allow_missing_name\|try_cert_auth\)" /etc/pam.d/smartcard-auth /etc/pam.d/system-auth
If configured properly, output should be
@@ -76,7 +76,7 @@ fixtext: |-
pam_cert_auth = True
- {{% if product in ["fedora", "ol8", "rhel8", "rhel9"] %}}
+ {{% if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9"] %}}
Enable the with-smartcard feature using the authselect command:
sudo authselect enable-feature with-smartcard
sudo authselect apply-changes -b
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
index 3b5070ba..60f7b3f3 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# remediation = none
SSSD_FILE="/etc/sssd/sssd.conf"
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
index 9469edff..3008252d 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_disabled.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
index 9e17febc..8483ae07 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
index ba04367c..d1c9defa 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_smartcard_enabled_lower.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
index c36988aa..3ed4e17c 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_false.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
index 8d06f45d..d06f4914 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
SSSD_FILE="/etc/sssd/sssd.conf"
echo "[pam]" > $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
index d08ab39e..5625c750 100644
--- a/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
+++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/tests/authselect_sssd_parameter_missing_file.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,sssd
-# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
SSSD_FILE="/etc/sssd/sssd.conf"
rm -f $SSSD_FILE
diff --git a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
index 4733dae8..aedf9c9b 100644
--- a/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_has_trust_anchor/rule.yml
@@ -36,7 +36,7 @@ references:
nist: IA-5 (2) (a)
srg: SRG-OS-000066-GPOS-00034,SRG-OS-000384-GPOS-00167
stigid@ol8: OL08-00-010090
- stigid@rhel8: RHEL-08-010090
+ stigid@almalinux8: RHEL-08-010090
warnings:
- general: |-
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
index 7cfba003..fb36bb09 100644
--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
index d749de10..9ee21747 100644
--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
{{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}}
diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
index ae98eb6e..ef2e1802 100644
--- a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15
title: 'Configure SSSD''s Memory Cache to Expire'
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml
index ebdf0136..73916d8d 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh
index a7c8bedc..f255d3dd 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
index 9741e2e5..6bcb1102 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/oval/shared.xml
@@ -4,7 +4,7 @@
^[\s]*\[pam](?:[^\n\[]*\n+)+?[\s]*offline_credentials_expiration[\s]*=[\s]*1\s*(?:#.*)?$
1
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
index 45695598..ba99d222 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml
@@ -1,12 +1,12 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Configure SSSD to Expire Offline Credentials'
description: |-
SSSD should be configured to expire offline credentials after 1 day.
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
Check if SSSD allows cached authentications with the following command:
$ sudo grep cache_credentials /etc/sssd/sssd.conf
@@ -47,7 +47,7 @@ references:
nist-csf: PR.AC-1,PR.AC-6,PR.AC-7
srg: SRG-OS-000383-GPOS-00166
stigid@ol8: OL08-00-020290
- stigid@rhel8: RHEL-08-020290
+ stigid@almalinux8: RHEL-08-020290
stigid@sle12: SLES-12-010680
stigid@sle15: SLES-15-010500
stigid@ubuntu2004: UBTU-20-010441
@@ -56,7 +56,7 @@ references:
ocil_clause: 'it does not exist or is not configured properly'
ocil: |-
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
Check if SSSD allows cached authentications with the following command:
$ sudo grep cache_credentials /etc/sssd/sssd.conf
diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
index b2d1fe15..93d7ed93 100644
--- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
+++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/tests/cache_credentials_false.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8
source common.sh
echo -e "[pam]\noffline_credentials_expiration = 2" >> $SSSD_CONF
diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
index ffb443d7..4444d8af 100644
--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
MAIN_CONF="/etc/sssd/conf.d/ospp.conf"
diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml
index 87d8b19f..f10f4648 100644
--- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhcos4,rhel8
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8
title: 'Configure SSSD to run as user sssd'
diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
index 59968356..8fa06fa6 100644
--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
index 21e0b485..9658e047 100644
--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_instantiate_variables("var_sssd_ssh_known_hosts_timeout") }}}
diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml
index 0e2898a5..6ef9217e 100644
--- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml
+++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
title: 'Configure SSSD to Expire SSH Known Hosts'
diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
index 33162749..72a361b3 100644
--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml
@@ -1,3 +1,3 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
{{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}}
diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
index 665fc9c7..a8ae15c6 100644
--- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
+++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Log USBGuard daemon audit events using Linux Audit'
@@ -27,7 +27,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000062-GPOS-00031,SRG-OS-000471-GPOS-00215
stigid@ol8: OL08-00-030603
- stigid@rhel8: RHEL-08-030603
+ stigid@almalinux8: RHEL-08-030603
platform: usbguard
diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
index 9f18591b..b49d5217 100644
--- a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
index 5b903676..983dbebd 100644
--- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
+++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Install usbguard Package'
@@ -50,7 +50,7 @@ references:
nist: CM-8(3),IA-3
srg: SRG-OS-000378-GPOS-00163
stigid@ol8: OL08-00-040139
- stigid@rhel8: RHEL-08-040139
+ stigid@almalinux8: RHEL-08-040139
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
index e9c55dfb..9be805c1 100644
--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
metadata:
diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
index 6bae6e0f..bc4225a6 100644
--- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
+++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Enable the USBGuard Service'
@@ -28,7 +28,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000378-GPOS-00163
stigid@ol8: OL08-00-040141
- stigid@rhel8: RHEL-08-040141
+ stigid@almalinux8: RHEL-08-040141
ocil_clause: 'the service is not enabled'
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml
index 095c6f0b..0767ec9e 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
title: 'Authorize Human Interface Devices in USBGuard daemon'
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
index 5ef460be..8a12559f 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
{{% macro usbguard_hid_and_hub_config_source() %}}
allow with-interface match-all { 03:*:* 09:00:* }
{{%- endmacro -%}}
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml
index be1a2d2d..a5e43efa 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon'
diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml
index a5ff5255..324a058b 100644
--- a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
title: 'Authorize USB hubs in USBGuard daemon'
diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
index aa7a3aa3..099e3f47 100644
--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
index 88d55f16..f2f33670 100644
--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
index 12361452..e9eb7ff5 100644
--- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
+++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
title: 'Generate USBGuard Policy'
@@ -28,7 +28,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000378-GPOS-00163
stigid@ol8: OL08-00-040140
- stigid@rhel8: RHEL-08-040140
+ stigid@almalinux8: RHEL-08-040140
ocil_clause: 'there is no evidence that unauthorized peripherals are being blocked before establishing a connection'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
index fd0b0f42..8f4cafac 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Remove the X Windows Package Group'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
index 67d6836e..98357e4c 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
index 9be857e9..29aa62d9 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Disable graphical user interface'
@@ -43,7 +43,7 @@ references:
stigid@ol7: OL07-00-040730
stigid@ol8: OL08-00-040320
stigid@rhel7: RHEL-07-040730
- stigid@rhel8: RHEL-08-040320
+ stigid@almalinux8: RHEL-08-040320
ocil_clause: 'xorg related packages are not removed and run level is not correctly configured'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml
index 7c3ef557..fbf7bcec 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol
+# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
index b2f44761..77f6142a 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Disable X Windows Startup By Setting Default Target'
@@ -40,7 +40,7 @@ references:
nist-csf: PR.AC-3,PR.PT-4
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040321
- stigid@rhel8: RHEL-08-040321
+ stigid@almalinux8: RHEL-08-040321
ocil_clause: 'the system default target is not set to "multi-user.target" and the Information System Security Officer (ISSO) lacks a documented requirement for a graphical user interface'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
index f7837a25..232f3740 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
systemctl set-default multi-user.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
index dc698edc..bd52c73a 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
index 5a20e8ce..5c80ef64 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
systemctl set-default graphical.target
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
index 408409b9..3cc5a7b9 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
index 4f6d64fd..3c980eea 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
index ae7d79d3..a4eec5d3 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("login_banner_text") }}}
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
index bbb16cd6..93f170d5 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Modify the System Login Banner'
@@ -116,7 +116,7 @@ references:
stigid@ol7: OL07-00-010050
stigid@ol8: OL08-00-010060
stigid@rhel7: RHEL-07-010050
- stigid@rhel8: RHEL-08-010060
+ stigid@almalinux8: RHEL-08-010060
stigid@sle12: SLES-12-010030
stigid@sle15: SLES-15-010020
vmmsrg: SRG-OS-000023-VMM-000060,SRG-OS-000024-VMM-000070
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
index d804a28c..d2a1f1bc 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
index 1d9f9251..08b999cf 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("login_banner_text") }}}
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
index cdc981fc..7442d0f3 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Modify the System Message of the Day Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
index 66a7f830..e3379b61 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004
title: 'Verify Group Ownership of System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
index 4be94f2b..a097f786 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004
title: 'Verify Group Ownership of Message of the Day Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
index a3d6b97b..d0d78584 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004
title: 'Verify ownership of System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
index d42b8434..943781bb 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004
title: 'Verify ownership of Message of the Day Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
index 2b9349f7..a6c6189e 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Verify permissions on System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
index f5d9279b..6957c02c 100644
--- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Verify permissions on Message of the Day Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
index 5814a30b..aa4aa4c5 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
index 606951b3..b7b86311 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Enable GNOME3 Login Warning Banner'
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-010030
stigid@ol8: OL08-00-010049
stigid@rhel7: RHEL-07-010030
- stigid@rhel8: RHEL-08-010049
+ stigid@almalinux8: RHEL-08-010049
stigid@sle12: SLES-12-010040
stigid@sle15: SLES-15-010080
stigid@ubuntu2004: UBTU-20-010002
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
index 86aff54f..b295782b 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
index c4ef4d12..f160a1fc 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Set the GNOME3 Login Warning Banner Text'
@@ -62,7 +62,7 @@ references:
stigid@ol7: OL07-00-010040
stigid@ol8: OL08-00-010050
stigid@rhel7: RHEL-07-010040
- stigid@rhel8: RHEL-08-010050
+ stigid@almalinux8: RHEL-08-010050
stigid@sle12: SLES-12-010050
stigid@sle15: SLES-15-010090
stigid@ubuntu2004: UBTU-20-010003
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
index 25e2cc75..a0ae0fe5 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8
# profiles = xccdf_org.ssgproject.content_profile_ncp
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
index 4f31757c..0ed60e11 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
index 92e8190e..641b0fd7 100644
--- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/missing_value_stig.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8
# profiles = xccdf_org.ssgproject.content_profile_stig
# packages = dconf,gdm
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
index c5b62c25..66d3473b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,Red Hat Virtualization 4
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Red Hat Virtualization 4
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
index cde0bd13..786aa440 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu
+# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu
{{% if product in ["sle12", "sle15"] or "ubuntu" in product %}}
{{{ bash_ensure_pam_module_configuration('/etc/pam.d/login', 'session', 'required', 'pam_lastlog.so', 'showfailed', '', 'BOF') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
index 02408d86..b62f8c33 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-040530
stigid@ol8: OL08-00-020340
stigid@rhel7: RHEL-07-040530
- stigid@rhel8: RHEL-08-020340
+ stigid@almalinux8: RHEL-08-020340
stigid@sle12: SLES-12-010390
stigid@sle15: SLES-15-020080
stigid@ubuntu2004: UBTU-20-010453
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh
index 745560a8..1a01cc0c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh
index 5d5de96f..319577fb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
index 84b10027..4425caae 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh
index fb1d07f7..6c6f49cc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh
index e32983dd..2d591a46 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh
index b094c31c..dd201b92 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_showfailed.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh
index d0e9ebd6..36ee0371 100644
--- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/no_space_before_silent.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
index 7144a4e5..525180f6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
index 9c752e05..c38f0caf 100644
--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle
if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then
echo "session required pam_namespace.so" >> "/etc/pam.d/login"
fi
diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml
index 9a8bc6dd..88244313 100644
--- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15
title: Set Up a Private Namespace in PAM Configuration
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
index d34f78c5..b27a39b2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_password_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9
+prodtype: rhel8,almalinux8,rhel9
title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/password-auth File.'
@@ -21,7 +21,7 @@ references:
disa: CCI-000044
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
- stigid@rhel8: RHEL-08-020026
+ stigid@almalinux8: RHEL-08-020026
ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/password-auth" file with the "preauth" line listed before pam_unix.so'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
index a2e72e0d..1ff3c75e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_pam_faillock_system_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9
+prodtype: rhel8,almalinux8,rhel9
title: 'Configure the Use of the pam_faillock.so Module in the /etc/pam.d/system-auth File.'
@@ -21,7 +21,7 @@ references:
disa: CCI-000044
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
- stigid@rhel8: RHEL-08-020025
+ stigid@almalinux8: RHEL-08-020025
ocil_clause: 'the pam_faillock.so module is not present in the "/etc/pam.d/system-auth" file with the "preauth" line listed before pam_unix.so'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
index 64500547..407f6453 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_password_selinux_faillock_dir/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhel9
+prodtype: rhel8,almalinux8,rhel9
title: 'An SELinux Context must be configued for the Faillock directory'
@@ -21,7 +21,7 @@ references:
disa: CCI-000044
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
- stigid@rhel8: RHEL-08-020027
+ stigid@almalinux8: RHEL-08-020027
platform: machine
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/rule.yml
index c2ff0961..9e2c3e22 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_audit/rule.yml
@@ -19,7 +19,7 @@ references:
disa: CCI-000044
nist: AC-7 (a)
srg: SRG-OS-000021-GPOS-00005
- stigid@rhel8: RHEL-08-020021
+ stigid@almalinux8: RHEL-08-020021
ocil_clause: 'the "audit" option is not set, is missing or commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_dir/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_dir/rule.yml
index afdf6bb8..be961a57 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_dir/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/account_passwords_pam_faillock_dir/rule.yml
@@ -19,7 +19,7 @@ references:
disa: CCI-000044
nist: 'AC-7 (a)'
srg: SRG-OS-000021-GPOS-00005
- stigid@rhel8: RHEL-08-020017
+ stigid@almalinux8: RHEL-08-020017
ocil_clause: 'the "dir" option is not set to a non-default documented tally log directory, is missing or commented out'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
index ec1be903..edb2c532 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
index 6c3b08a9..2a43f24a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
{{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
index 73f2afff..1f570bdc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Limit Password Reuse: password-auth'
@@ -38,7 +38,7 @@ references:
stigid@ol7: OL07-00-010270
stigid@ol8: OL08-00-020220
stigid@rhel7: RHEL-07-010270
- stigid@rhel8: RHEL-08-020220
+ stigid@almalinux8: RHEL-08-020220
vmmsrg: SRG-OS-000077-VMM-000440
ocil_clause: |-
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh
index 601400d7..aa768167 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
index 70ffeb21..3daa780d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_argument.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
index 95048760..8c5d90bb 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_missing_line.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
index 84b10027..4425caae 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
index a1f7ed3c..6a03cccd 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh
index 91953352..36ae78c6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
index 61a83d7b..079800db 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
index b7a5cedf..f158b651 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
{{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
index fd85b25e..f462f45d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Limit Password Reuse: system-auth'
@@ -38,7 +38,7 @@ references:
stigid@ol7: OL07-00-010270
stigid@ol8: OL08-00-020221
stigid@rhel7: RHEL-07-010270
- stigid@rhel8: RHEL-08-020221
+ stigid@almalinux8: RHEL-08-020221
vmmsrg: SRG-OS-000077-VMM-000440
ocil_clause: |-
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh
index d0e5ea66..26c5a3e1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
index 3acc798e..23ebf802 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_argument.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
index 66005a37..eeae87ff 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_missing_line.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
index 84b10027..4425caae 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
index 4891c441..314a2fad 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh
index 1523a9aa..53261854 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
index ba2ff2fa..ec59e9bd 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
index b0e7b27b..ddcf25ca 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("var_password_pam_unix_remember") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
index a00a273a..abac3939 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Limit Password Reuse'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh
index 520ce05a..38816afe 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
remember_cnt=5
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
index 9d150e25..f93697d4 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_argument.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
index ee762d86..30762945 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_missing_line.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
index 84b10027..4425caae 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh
index 48138ce3..bcb790e6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_remember=5
remember_cnt=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
index fed1dea1..0c6a8c9b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
index f392618d..1f47e39b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
index 1edc61c6..6d21e369 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Lock Accounts After Failed Password Attempts'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020010
stigid@rhel7: RHEL-07-010320
- stigid@rhel8: RHEL-08-020010
+ stigid@almalinux8: RHEL-08-020010
vmmsrg: SRG-OS-000021-VMM-000050
ocil_clause: 'limiting the number of failed logon attempts for users is not configured'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
index 1698c1c7..eefea7dc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
index b844a27d..ed56d461 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/conflicting_settings_authselect.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
pam_files=("password-auth" "system-auth")
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
index 3ace8942..892d2841 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_deny=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
index 1f3098d5..e7908d00 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_deny=3
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
index fd3ef218..be2476a9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_deny=3
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index 7cc53fce..fe906797 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_deny=3
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
index fa81b645..f05ad984 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_deny=3
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
index 18f1a23f..41d87be9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
index bf493872..8c845063 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_pam_faillock_enable() }}}
{{{ bash_pam_faillock_parameter_value("even_deny_root", "") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
index 684e6f7e..a5801216 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Configure the root Account for Failed Password Attempts'
@@ -43,7 +43,7 @@ references:
stigid@ol7: OL07-00-010330
stigid@ol8: OL08-00-020022
stigid@rhel7: RHEL-07-010330
- stigid@rhel8: RHEL-08-020022
+ stigid@almalinux8: RHEL-08-020022
ocil_clause: 'limiting the number of failed logon attempts for the root user is not configured'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
index 1698c1c7..eefea7dc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
index 851beef5..95332697 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/conflicting_settings_authselect.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
pam_files=("password-auth" "system-auth")
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
index cc8c766a..b5274885 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
index ce8ab690..4ef28d9b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
authselect select sssd --force
authselect enable-feature with-faillock
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index d055d651..bab42079 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
index fd8e4444..9240e6cf 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
index e9c09b71..9fc45f3d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
{{{ bash_pam_faillock_enable() }}}
{{{ bash_pam_faillock_parameter_value("local_users_only", "") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml
index f495cc9c..bb5e9d15 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel8,rhel9
+prodtype: fedora,rhel8,almalinux8,rhel9
title: 'Enforce pam_faillock for Local Accounts Only'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
index 856bd56e..71194a32 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
authselect select sssd --force
authselect disable-feature with-faillock
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
index 075791de..1ccb03db 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
authselect select sssd --force
authselect enable-feature with-faillock
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index 978cccce..8cc6c0b5 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
index 053f9110..04f36271 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# This test scenario manually modify the pam_faillock.so entries in auth section from
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
index ac3b9789..bf2620cc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
index f6cb7304..8c2357ad 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_fail_interval") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
index 05c43275..ee6bdefa 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Set Interval For Counting Failed Password Attempts'
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020012
stigid@rhel7: RHEL-07-010320
- stigid@rhel8: RHEL-08-020012
+ stigid@almalinux8: RHEL-08-020012
vmmsrg: SRG-OS-000021-VMM-000050
ocil_clause: 'fail_interval is less than the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
index 1698c1c7..eefea7dc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
index 5d2a2a5b..be6b45d2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/conflicting_settings_authselect.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
pam_files=("password-auth" "system-auth")
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
index 03aa084e..69025637 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
index 33d3847d..6c6ff204 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
index 9ff681e5..c46804ea 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index 29f65d50..fe3dbe7a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
index bcd46e74..6cd56ad2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_fail_interval=900
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
index 32bf2c48..63d101b6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
index d1b2d7a6..6e60aaad 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
index 1d2af2b4..c9624bf2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Set Lockout Time for Failed Password Attempts'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-010320
stigid@ol8: OL08-00-020014
stigid@rhel7: RHEL-07-010320
- stigid@rhel8: RHEL-08-020016
+ stigid@almalinux8: RHEL-08-020016
vmmsrg: SRG-OS-000329-VMM-001180
ocil_clause: 'unlock_time is less than the expected value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
index 1698c1c7..eefea7dc 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
index f2afacec..5516ad83 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/conflicting_settings_authselect.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect,pam
-# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Oracle Linux 8,Oracle Linux 9,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
pam_files=("password-auth" "system-auth")
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
index d68ebfad..9e3f6a72 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
index 2dc848cb..f2dce610 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
index 38d95831..c4205265 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
index a4e91c71..fddde09a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# remediation = none
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
index 5c59de7c..35ad23e6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8
# variables = var_accounts_passwords_pam_faillock_unlock_time=600
authselect select sssd --force
diff --git a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
index b84185a6..ebd9a8c1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/package_pam_pwquality_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9,ubuntu2004
+prodtype: rhel7,rhel8,almalinux8,rhel9,ubuntu2004
title: 'Install pam_pwquality Package'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
index 857933a4..e1e7b371 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters'
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-010140
stigid@ol8: OL08-00-020130
stigid@rhel7: RHEL-07-010140
- stigid@rhel8: RHEL-08-020130
+ stigid@almalinux8: RHEL-08-020130
stigid@ubuntu2004: UBTU-20-010052
vmmsrg: SRG-OS-000071-VMM-000380
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
index 67a5b70c..51a3ae95 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words'
@@ -30,7 +30,7 @@ references:
nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4)
srg: SRG-OS-000480-GPOS-00225
stigid@ol8: OL08-00-020300
- stigid@rhel8: RHEL-08-020300
+ stigid@almalinux8: RHEL-08-020300
stigid@ubuntu2004: UBTU-20-010056
ocil_clause: 'dictcheck is not found or not equal to the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
index 883ddd16..33f81ca1 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters'
@@ -48,7 +48,7 @@ references:
stigid@ol7: OL07-00-010160
stigid@ol8: OL08-00-020170
stigid@rhel7: RHEL-07-010160
- stigid@rhel8: RHEL-08-020170
+ stigid@almalinux8: RHEL-08-020170
stigid@ubuntu2004: UBTU-20-010053
vmmsrg: SRG-OS-000072-VMM-000390
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml
index ae762335..9fb6286e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel8,rhel9
+prodtype: fedora,rhel8,almalinux8,rhel9
title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
index 19a61043..8f90671a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel8,rhel9
+prodtype: fedora,rhel8,almalinux8,rhel9
title: 'Ensure PAM Enforces Password Requirements - Enforce for root User'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
index 236048f7..4999e209 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters'
@@ -54,7 +54,7 @@ references:
stigid@ol7: OL07-00-010130
stigid@ol8: OL08-00-020120
stigid@rhel7: RHEL-07-010130
- stigid@rhel8: RHEL-08-020120
+ stigid@almalinux8: RHEL-08-020120
stigid@ubuntu2004: UBTU-20-010051
vmmsrg: SRG-OS-000070-VMM-000370
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
index 768e70ef..abc3e412 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class'
@@ -40,7 +40,7 @@ references:
stigid@ol7: OL07-00-010190
stigid@ol8: OL08-00-020140
stigid@rhel7: RHEL-07-010190
- stigid@rhel8: RHEL-08-020140
+ stigid@almalinux8: RHEL-08-020140
ocil_clause: the value of "maxclassrepeat" is set to "0", more than "{{{ xccdf_value("var_password_pam_maxclassrepeat") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
index 46af5fea..7e3cb7f5 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Set Password Maximum Consecutive Repeating Characters'
@@ -42,7 +42,7 @@ references:
stigid@ol7: OL07-00-010180
stigid@ol8: OL08-00-020150
stigid@rhel7: RHEL-07-010180
- stigid@rhel8: RHEL-08-020150
+ stigid@almalinux8: RHEL-08-020150
ocil_clause: the value of "maxrepeat" is set to more than "{{{ xccdf_value("var_password_pam_maxrepeat") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
index 37bd49f6..caa93871 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories'
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-010170
stigid@ol8: OL08-00-020160
stigid@rhel7: RHEL-07-010170
- stigid@rhel8: RHEL-08-020160
+ stigid@almalinux8: RHEL-08-020160
ocil_clause: the value of "minclass" is set to less than "{{{ xccdf_value("var_password_pam_minclass") }}}" or is commented out
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
index 3dc5600b..aa7d138d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Minimum Length'
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-010280
stigid@ol8: OL08-00-020230
stigid@rhel7: RHEL-07-010280
- stigid@rhel8: RHEL-08-020230
+ stigid@almalinux8: RHEL-08-020230
stigid@ubuntu2004: UBTU-20-010054
vmmsrg: SRG-OS-000072-VMM-000390,SRG-OS-000078-VMM-000450
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
index 380979e0..31439ed3 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters'
@@ -54,7 +54,7 @@ references:
stigid@ol7: OL07-00-010150
stigid@ol8: OL08-00-020280
stigid@rhel7: RHEL-07-010150
- stigid@rhel8: RHEL-08-020280
+ stigid@almalinux8: RHEL-08-020280
stigid@ubuntu2004: UBTU-20-010055
vmmsrg: SRG-OS-000266-VMM-000940
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
index 276853c6..96b16f5d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
index dfa1d523..a573c86a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
{{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit.so') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
index 30384def..57c776e9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Ensure PAM password complexity module is enabled in password-auth'
@@ -25,7 +25,7 @@ references:
disa: CCI-000366
srg: SRG-OS-000069-GPOS-00037,SRG-OS-000070-GPOS-00038,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020100
- stigid@rhel8: RHEL-08-020100
+ stigid@almalinux8: RHEL-08-020100
ocil_clause: 'pam_pwquality.so is not enabled in password-auth'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
index 3d696c36..e61d1861 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
index 04358992..761dd879 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
index 472616a5..40fada43 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
index 59f9d6f7..f5217b7e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/password-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
index a11a2ad0..128dae7a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
index 97b26286..d9326cf0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
index 2f01cf43..ef5c862a 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
{{{ bash_ensure_pam_module_configuration('/etc/pam.d/system-auth', 'password', 'requisite', 'pam_pwquality.so', '', '', '^account.*required.*pam_permit.so') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
index 6e9caa72..5cc85d6c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Ensure PAM password complexity module is enabled in system-auth'
@@ -25,7 +25,7 @@ references:
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020101
- stigid@rhel8: RHEL-08-020101
+ stigid@almalinux8: RHEL-08-020101
ocil_clause: 'pam_pwquality.so is not enabled in system-auth'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
index 849f16d0..72680589 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
index 6a98c244..5cdd9203 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
index 6786f6c1..d2cbf886 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
index b3d9e588..890c1cab 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
index 454b2e6a..4b8f221f 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
index f972b328..fffcb129 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
index 4d1b5ebe..14148903 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session'
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-010119
stigid@ol8: OL08-00-020104
stigid@rhel7: RHEL-07-010119
- stigid@rhel8: RHEL-08-020104
+ stigid@almalinux8: RHEL-08-020104
stigid@ubuntu2004: UBTU-20-010057
ocil_clause: 'it is not the required value'
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
index 7d6cc6c2..12d93776 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
CONF_FILE="/etc/security/pwquality.conf"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
index 77d2df7b..a60d74a2 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
CONF_FILE="/etc/security/pwquality.conf"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh
index b6ad5388..28b5c4b0 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
CONF_FILE="/etc/security/pwquality.conf"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
index 1fb0d3a4..08d3077d 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
# variables = var_password_pam_retry=3
CONF_FILE="/etc/security/pwquality.conf"
diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
index c965b058..1174dcf4 100644
--- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters'
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-010120
stigid@ol8: OL08-00-020110
stigid@rhel7: RHEL-07-010120
- stigid@rhel8: RHEL-08-020110
+ stigid@almalinux8: RHEL-08-020110
stigid@ubuntu2004: UBTU-20-010050
vmmsrg: SRG-OS-000069-VMM-000360
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
index b3e32aa3..547d137b 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
index d458790d..c4365552 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
LIBUSER_CONF="/etc/libuser.conf"
CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
index 5f887bb8..b18365a6 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Set Password Hashing Algorithm in /etc/libuser.conf'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
index 8dedf993..51c76b11 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
index fb856a11..a440dba9 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("var_password_hashing_algorithm") }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
index 48eae25a..fc99543c 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Set Password Hashing Algorithm in /etc/login.defs'
@@ -45,7 +45,7 @@ references:
stigid@ol7: OL07-00-010210
stigid@ol8: OL08-00-010110
stigid@rhel7: RHEL-07-010210
- stigid@rhel8: RHEL-08-010110
+ stigid@almalinux8: RHEL-08-010110
stigid@sle12: SLES-12-010210
stigid@sle15: SLES-15-010260
stigid@ubuntu2004: UBTU-20-010404
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
index 31c14211..be9f0464 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
index 55f43ef9..2b993b52 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_ol
{{{ bash_ensure_pam_module_configuration('/etc/pam.d/password-auth', 'password', 'sufficient', 'pam_unix.so', 'sha512', '', '') }}}
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
index 7e10f93d..c1a7a2be 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: "Set PAM''s Password Hashing Algorithm - password-auth"
@@ -59,7 +59,7 @@ references:
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010160
stigid@rhel7: RHEL-07-010200
- stigid@rhel8: RHEL-08-010160
+ stigid@almalinux8: RHEL-08-010160
vmmsrg: SRG-OS-000480-VMM-002000
ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
index 9efa736f..49c673d7 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
index 29d22728..748bc957 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_missing_option.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
index 5eccea5d..322cb9af 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
PASSWORD_AUTH_FILE="/etc/pam.d/password-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
index 6b75ae8f..629741ed 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
index b35b01c4..61679398 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: "Set PAM''s Password Hashing Algorithm"
@@ -72,7 +72,7 @@ references:
stigid@ol7: OL07-00-010200
stigid@ol8: OL08-00-010159
stigid@rhel7: RHEL-07-010200
- stigid@rhel8: RHEL-08-010159
+ stigid@almalinux8: RHEL-08-010159
stigid@sle12: SLES-12-010230
stigid@sle15: SLES-15-020170
vmmsrg: SRG-OS-000480-VMM-002000
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
index efa05a74..171fa393 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
index 9d331106..0095c8df 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_missing_option.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
index 7367965c..e1295a41 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
index 14d947ad..ced61037 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
authselect create-profile hardening -b sssd
CUSTOM_PROFILE="custom/hardening"
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
index 91123acb..dcea5261 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_min_rounds_logindefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhel9,sle12,sle15
+prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Set Password Hashing Rounds in /etc/login.defs'
@@ -35,7 +35,7 @@ references:
nist@sle12: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010130
- stigid@rhel8: RHEL-08-010130
+ stigid@almalinux8: RHEL-08-010130
stigid@sle12: SLES-12-010240
stigid@sle15: SLES-15-020190
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
index f6888e51..cae502b8 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = disable
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh
index 23edb3c9..daae2463 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
{{{ bash_replace_or_append('/etc/systemd/system.conf', '^CtrlAltDelBurstAction=', 'none', '%s=%s') }}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
index 3045574e..7ce6bb46 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
index f5c59c10..688ba854 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Disable Ctrl-Alt-Del Burst Action'
@@ -72,7 +72,7 @@ references:
ospp: FAU_GEN.1.2
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040172
- stigid@rhel8: RHEL-08-040172
+ stigid@almalinux8: RHEL-08-040172
stigid@sle15: SLES-15-040062
stigid@ubuntu2004: UBTU-20-010460
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml
index 30f06a87..d1b625dd 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = disable
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh
index dac112a4..efda12b5 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
{{% if init_system == "systemd" -%}}
systemctl disable --now ctrl-alt-del.target
systemctl mask --now ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
index 517c83c6..041e9a29 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
index 5b3f8535..6efeecd3 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Ctrl-Alt-Del Reboot Activation'
@@ -77,7 +77,7 @@ references:
stigid@ol7: OL07-00-020230
stigid@ol8: OL08-00-040170
stigid@rhel7: RHEL-07-020230
- stigid@rhel8: RHEL-08-040170
+ stigid@almalinux8: RHEL-08-040170
stigid@sle12: SLES-12-010610
stigid@sle15: SLES-15-040060
stigid@ubuntu2004: UBTU-20-010460
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
index 8b440146..f53923e8 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
systemctl disable --now ctrl-alt-del.target
systemctl mask --now ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
index 2279cb46..f4777104 100644
--- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
systemctl unmask ctrl-alt-del.target
diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
index cf5da2ae..329a994f 100644
--- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Verify that Interactive Boot is Disabled'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
index 63202936..80ba47ea 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml
@@ -9,7 +9,7 @@
create: yes
dest: /usr/lib/systemd/system/emergency.service
regexp: "^#?ExecStart="
- {{% if product in ["fedora", "rhel8", "rhel9", "ol8","sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8","sle12", "sle15"] -%}}
line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency"
{{%- else -%}}
line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
index 21e57df7..80a2a883 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh
@@ -2,7 +2,7 @@
service_file="/usr/lib/systemd/system/emergency.service"
-{{% if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}}
+{{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8", "sle12", "sle15"] -%}}
sulogin="/usr/lib/systemd/systemd-sulogin-shell emergency"
{{%- else -%}}
sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
index 37d64662..71617049 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml
@@ -12,7 +12,7 @@
/usr/lib/systemd/system/emergency.service
- {{%- if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}}
+ {{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8", "sle12", "sle15"] -%}}
^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency
{{%- else -%}}
^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
index 1a247ecf..d06ce9d4 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Require Authentication for Emergency Systemd Target'
@@ -46,7 +46,7 @@ references:
srg: SRG-OS-000080-GPOS-00048
stigid@ol7: OL07-00-010481
stigid@ol8: OL08-00-010152
- stigid@rhel8: RHEL-08-010152
+ stigid@almalinux8: RHEL-08-010152
ocil_clause: 'the output is different'
@@ -54,7 +54,7 @@ ocil: |-
To check if authentication is required for emergency mode, run the following command:
$ grep sulogin /usr/lib/systemd/system/emergency.service
The output should be similar to the following, and the line must begin with
- {{% if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8", "sle12", "sle15"] -%}}
ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
{{%- else -%}}
@@ -84,7 +84,7 @@ fixtext: |-
Configure {{{ full_name }}} to require authentication for system emergency mode.
Add or edit the following line in "/usr/lib/systemd/system/emergency.service":
- {{% if product in ["fedora", "rhel8", "rhel9", "ol8", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8", "sle12", "sle15"] -%}}
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
{{%- else -%}}
ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
index a8a5c8cc..53d62c68 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
service_file="/usr/lib/systemd/system/emergency.service"
sulogin="/usr/lib/systemd/systemd-sulogin-shell"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
index 96a0c842..048832a9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
service_file="/usr/lib/systemd/system/emergency.service"
sulogin="/bin/bash"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
index fc278655..e08047f0 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml
@@ -10,7 +10,7 @@
create: yes
dest: /usr/lib/systemd/system/rescue.service
regexp: "^#?ExecStart="
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue"
{{% elif product in ["rhel7"] %}}
line: 'ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
index 76a2664f..eca16706 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh
@@ -4,7 +4,7 @@
service_file="/usr/lib/systemd/system/rescue.service"
-{{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+{{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
sulogin="/usr/lib/systemd/systemd-sulogin-shell rescue"
{{%- elif product in ["rhel7"] -%}}
sulogin='/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
index 6aeff3c5..da826972 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml
@@ -22,7 +22,7 @@
{{%- if init_system == "systemd" -%}}
/usr/lib/systemd/system/rescue.service
- {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
+ {{%- if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "rhcos4", "sle12", "sle15"] -%}}
^ExecStart=\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue
{{%- else -%}}
^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
index 932d76c3..452c2245 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Require Authentication for Single User Mode'
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-010481
stigid@ol8: OL08-00-010151
stigid@rhel7: RHEL-07-010481
- stigid@rhel8: RHEL-08-010151
+ stigid@almalinux8: RHEL-08-010151
ocil_clause: 'the output is different'
@@ -61,7 +61,7 @@ ocil: |-
To check if authentication is required for single-user mode, run the following command:
$ grep sulogin /usr/lib/systemd/system/rescue.service
The output should be similar to the following, and the line must begin with
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "rhcos4"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "rhcos4"] -%}}
ExecStart and /usr/lib/systemd/systemd-sulogin-shell.
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
{{%- elif product in ["rhel7"] -%}}
@@ -97,7 +97,7 @@ fixtext: |-
{{% if init_system == "systemd" -%}}
Add or update the following line in "/usr/lib/systemd/system/rescue.service":
- {{% if product in ["fedora", "ol8", "ol9", "rhel8", "rhel9", "sle12", "sle15"] -%}}
+ {{% if product in ["fedora", "ol8", "ol9", "rhel8", "almalinux8", "rhel9", "sle12", "sle15"] -%}}
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
{{%- elif product in ["rhel7"] -%}}
ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
index 66d47a0e..047a82bd 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
service_file="/usr/lib/systemd/system/rescue.service"
sulogin="/usr/lib/systemd/systemd-sulogin-shell"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
index d125b29e..6184023c 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
service_file="/usr/lib/systemd/system/rescue.service"
sulogin="/bin/bash"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
index c9c637d7..ecd06a51 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Support session locking with tmux'
@@ -28,7 +28,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020041
- stigid@rhel8: RHEL-08-020041
+ stigid@almalinux8: RHEL-08-020041
platform: tmux
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
index dc63eb65..dc693130 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
index 52d2a778..720904f8 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Configure tmux to lock session after inactivity'
@@ -25,7 +25,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000029-GPOS-00010,SRG-OS-000031-GPOS-00012
stigid@ol8: OL08-00-020070
- stigid@rhel8: RHEL-08-020070
+ stigid@almalinux8: RHEL-08-020070
ocil_clause: 'lock-after-time is set to a value greater than 900 or zero'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
index e65a46f4..2e7f69a8 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Configure the tmux Lock Command'
@@ -30,7 +30,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020040
- stigid@rhel8: RHEL-08-020040
+ stigid@almalinux8: RHEL-08-020040
vmmsrg: SRG-OS-000028-VMM-000090,SRG-OS-000030-VMM-000110
ocil_clause: 'lock-command is not set'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
index 9acce404..506adc01 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
echo 'set -g lock-command vlock' >> '/etc/tmux.conf'
chmod 0644 "/etc/tmux.conf"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
index dacc9147..8a7eebd0 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
echo > '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
index 3b5a134b..34b13717 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
echo '# set -g lock-command vlock' >> '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
index dd3ba15c..954150a1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_permissions.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
echo 'set -g lock-command vlock' >> '/etc/tmux.conf'
chmod 0600 "/etc/tmux.conf"
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
index e747275d..07b43ed4 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh
@@ -1,4 +1,4 @@
#!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
echo 'set -g lock-command locker' >> '/etc/tmux.conf'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
index 6b2d6cd5..c20712c9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
index 52cc12fc..9a581ccd 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Prevent user from disabling the screen lock'
@@ -26,7 +26,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020042
- stigid@rhel8: RHEL-08-020042
+ stigid@almalinux8: RHEL-08-020042
ocil_clause: 'tmux is listed in /etc/shells'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
index 006b5179..08faa6e1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9,rhv4
title: 'Install the tmux Package'
@@ -43,7 +43,7 @@ references:
ospp: FMT_SMF_EXT.1,FMT_MOF_EXT.1,FTA_SSL.1
srg: SRG-OS-000030-GPOS-00011,SRG-OS-000028-GPOS-00009
stigid@ol8: OL08-00-020039
- stigid@rhel8: RHEL-08-020039
+ stigid@almalinux8: RHEL-08-020039
vmmsrg: SRG-OS-000030-VMM-000110
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml
index 748bff82..1760268e 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
index f95560e1..173c35b5 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Configure opensc Smart Card Drivers'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
index f79727a0..49f74f41 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml
index c849940c..73f8a8be 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Force opensc To Use Defined Smart Card Driver'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
index 9b33ac18..21d1bc85 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -12,7 +12,7 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Install Smart Card Packages For Multifactor Authentication'
@@ -51,7 +51,7 @@ references:
stigid@ol7: OL07-00-041001
stigid@ol8: OL08-00-010390
stigid@rhel7: RHEL-07-041001
- stigid@rhel8: RHEL-08-010390
+ stigid@almalinux8: RHEL-08-010390
stigid@sle12: SLES-12-030500
stigid@sle15: SLES-15-010460
stigid@ubuntu2004: UBTU-20-010063
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
index 0c2be82d..2a646bb7 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
title: 'Install the opensc Package For Multifactor Authentication'
@@ -36,7 +36,7 @@ references:
nist: CM-6(a)
srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161
stigid@ol8: OL08-00-010410
- stigid@rhel8: RHEL-08-010410
+ stigid@almalinux8: RHEL-08-010410
stigid@ubuntu2004: UBTU-20-010064
vmmsrg: SRG-OS-000376-VMM-001520
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
index 3d81c490..79eb0670 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Install the pcsc-lite package'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
index 8d805140..96a2e3f9 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Enable the pcscd Service'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
index 58299265..2535b346 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
index 2744af58..0f5c92be 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle
# Install required packages
if ! rpm --quiet -q pam_pkcs11; then yum -y -d 1 install pam_pkcs11; fi
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
index f114f680..45454868 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/commented.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
{{% if "ubuntu" in product %}}
# packages = libpam-pkcs11
{{% elif "rhel7" == product %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
index a41084c5..a6011cce 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/correct.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
{{% if "ubuntu" in product %}}
# packages = libpam-pkcs11
{{% elif "rhel7" == product %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
index d3493344..36309108 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/tests/missing_ocsp.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
{{% if "ubuntu" in product %}}
# packages = libpam-pkcs11
{{% elif "rhel7" == product %}}
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml
index ff493491..082c8e61 100644
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
index f232eb7e..59a58f32 100644
--- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Disable debug-shell SystemD Service'
@@ -38,7 +38,7 @@ references:
ospp: FIA_UAU.1
srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040180
- stigid@rhel8: RHEL-08-040180
+ stigid@almalinux8: RHEL-08-040180
ocil_clause: |-
{{{ ocil_clause_service_disabled(service="debug-shell") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
index 74598bc7..680caf4b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
index f299285d..52e841b6 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
{{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index 0cb369e8..af637a37 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Set Account Expiration Following Inactivity'
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-010310
stigid@ol8: OL08-00-020260
stigid@rhel7: RHEL-07-010310
- stigid@rhel8: RHEL-08-020260
+ stigid@almalinux8: RHEL-08-020260
stigid@sle12: SLES-12-010340
stigid@sle15: SLES-15-020050
stigid@ubuntu2004: UBTU-20-010409
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml
index 6e0a907f..75ab02c7 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
title: 'Assign Expiration Date to Emergency Accounts'
@@ -42,7 +42,7 @@ references:
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002
stigid@ol8: OL08-00-020270
- stigid@rhel8: RHEL-08-020270
+ stigid@almalinux8: RHEL-08-020270
vmmsrg: SRG-OS-000002-VMM-000020,SRG-OS-000123-VMM-000620
ocil_clause: 'any emergency accounts have no expiration date set or do not expire within 72 hours'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
index f709d300..6a73db2f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Assign Expiration Date to Temporary Accounts'
@@ -45,7 +45,7 @@ references:
nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6
srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002
stigid@ol8: OL08-00-020000
- stigid@rhel8: RHEL-08-020000
+ stigid@almalinux8: RHEL-08-020000
stigid@sle12: SLES-12-010360
stigid@sle15: SLES-15-020000
stigid@ubuntu2004: UBTU-20-010000
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
index de96fd58..858cfc76 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Ensure All Accounts on the System Have Unique User IDs'
@@ -28,7 +28,7 @@ references:
nist@sle12: IA-2,IA-2.1,IA-8,IA-8.1
srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020
stigid@ol8: OL08-00-020240
- stigid@rhel8: RHEL-08-020240
+ stigid@almalinux8: RHEL-08-020240
stigid@sle12: SLES-12-010640
stigid@sle15: SLES-15-010230
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
index 2af99874..13007aa4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Only Authorized Local User Accounts Exist on Operating System'
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-020270
stigid@ol8: OL08-00-020320
stigid@rhel7: RHEL-07-020270
- stigid@rhel8: RHEL-08-020320
+ stigid@almalinux8: RHEL-08-020320
stigid@sle12: SLES-12-010630
stigid@sle15: SLES-15-020090
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
index d942f81d..bcafb5e8 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh
@@ -1,5 +1,5 @@
#! /bin/bash
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$"
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
index 42a5c3a7..40d52097 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle15
+prodtype: alinux2,alinux3,fedora,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Ensure All Groups on the System Have Unique Group ID'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
index 756b2ae5..9732da6c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,sle15
+prodtype: alinux2,alinux3,fedora,rhel7,rhel8,almalinux8,sle15
title: 'Ensure All Groups on the System Have Unique Group Names'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
index bed135a4..1df8f3a2 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
index 2be9392e..fa676f22 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-010250
stigid@ol8: OL08-00-020200
stigid@rhel7: RHEL-07-010250
- stigid@rhel8: RHEL-08-020200
+ stigid@almalinux8: RHEL-08-020200
stigid@sle12: SLES-12-010280
stigid@sle15: SLES-15-020220
stigid@ubuntu2004: UBTU-20-010008
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
index 0c81c0ee..29f31c65 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
index ee6140c0..3e7f3c68 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml
@@ -54,7 +54,7 @@ references:
stigid@ol7: OL07-00-010230
stigid@ol8: OL08-00-020190
stigid@rhel7: RHEL-07-010230
- stigid@rhel8: RHEL-08-020190
+ stigid@almalinux8: RHEL-08-020190
stigid@sle12: SLES-12-010260
stigid@sle15: SLES-15-020200
stigid@ubuntu2004: UBTU-20-010007
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
index b04d7cdb..0d5a5831 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
index 23710fab..7f1f5642 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
{{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
index c1acf5e2..9b209867 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 10/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
index 0e31bd79..a2ff1105 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 12/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
index 88509363..64a38232 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh
@@ -1,7 +1,7 @@
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
if grep -q "^PASS_MIN_LEN" /etc/login.defs; then
sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 15/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
index bd7ed7a2..78ff205e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
sed -i "s/.*PASS_MIN_LEN.*/#PASS_MIN_LEN 12/" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
index 88ecd439..678d3b6d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
#
# profiles = xccdf_org.ssgproject.content_profile_ospp
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
sed -i "/^PASS_MIN_LEN.*/d" /etc/login.defs
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
index c4704a6e..cbb1b605 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
index 9384d5a9..cf00f4dc 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux3,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Set Existing Passwords Maximum Age'
@@ -35,7 +35,7 @@ references:
stigid@ol7: OL07-00-010260
stigid@ol8: OL08-00-020210
stigid@rhel7: RHEL-07-010260
- stigid@rhel8: RHEL-08-020210
+ stigid@almalinux8: RHEL-08-020210
stigid@sle12: SLES-12-010290
stigid@sle15: SLES-15-020230
vmmsrg: SRG-OS-000076-VMM-000430
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh
index 26b1216a..26f85c06 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
index 8e4beddc..16ee76ef 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux3,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Set Existing Passwords Minimum Age'
@@ -36,7 +36,7 @@ references:
stigid@ol7: OL07-00-010240
stigid@ol8: OL08-00-020180
stigid@rhel7: RHEL-07-010240
- stigid@rhel8: RHEL-08-020180
+ stigid@almalinux8: RHEL-08-020180
stigid@sle12: SLES-12-010270
stigid@sle15: SLES-15-020210
vmmsrg: SRG-OS-000075-VMM000420
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
index 3f697b24..acc0b212 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
index 87619135..60bd3d8b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Verify All Account Password Hashes are Shadowed with SHA512'
@@ -37,7 +37,7 @@ references:
nist: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1
srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061
stigid@ol8: OL08-00-010120
- stigid@rhel8: RHEL-08-010120
+ stigid@almalinux8: RHEL-08-010120
stigid@sle12: SLES-12-010220
stigid@sle15: SLES-15-020180
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
index 82110016..2a73ed38 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
index a4001071..d244fc54 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
index 015df146..420096a0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Set number of Password Hashing Rounds - password-auth'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
index 244ae3db..daf80c77 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
index 8af81389..29542c0f 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
index 5af0640b..d853eba1 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
# variables = var_password_pam_unix_rounds=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
index 09e5ee93..4fa3efa5 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
index 10d83eac..86d37185 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
ROUNDS=4000
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
index c0b520bd..70ab14cb 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
index 8316e495..bf8a4c24 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
{{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}}
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
index cebea218..55e5d134 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Set number of Password Hashing Rounds - system-auth'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
index 506a8075..ed3c8ad2 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
authselect create-profile hardening -b sssd
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
index 48c7f5a4..913b37d7 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
index d111f61e..62977fa4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
# variables = var_password_pam_unix_rounds=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
index 534d7145..b6d6112b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_control.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
ROUNDS=65536
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
index 3c25268d..c34e3a10 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# variables = var_password_pam_unix_rounds=65536
ROUNDS=4000
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
index feb5366e..f94a8b0c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
index e85580dc..13091118 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
index ad3133b1..eac1b843 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
index 6fee58ec..937328bb 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-010290
stigid@ol8: OL08-00-020331
stigid@rhel7: RHEL-07-010290
- stigid@rhel8: RHEL-08-020331
+ stigid@almalinux8: RHEL-08-020331
stigid@sle12: SLES-12-010231
stigid@sle15: SLES-15-020300
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
index 84b10027..4425caae 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
# remediation = none
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
index 5b628dac..9497d248 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_absent.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
index 52ad383d..920e34b3 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = authselect
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
SYSTEM_AUTH_FILE="/etc/pam.d/system-auth"
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml
index acf0496e..7f1fb69d 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4
+# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
index 264a8244..6578b69b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/group'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml
index 5baef258..84ddc1e0 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4
+# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
index aee6c69c..b96bdc9c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/passwd'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml
index c969414d..7b71e4ce 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4
+# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
index 162280d2..dd2472de 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: alinux2,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/shadow'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
index 993d474a..782a593e 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-020310
stigid@ol8: OL08-00-040200
stigid@rhel7: RHEL-07-020310
- stigid@rhel8: RHEL-08-040200
+ stigid@almalinux8: RHEL-08-040200
stigid@sle12: SLES-12-010650
stigid@sle15: SLES-15-020100
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml
index cfdd0883..ae264dcc 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
index 8f87bf06..6bed5ef5 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml
index b5bfabab..6742eeb2 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
title: 'Restrict Web Browser Use for Administrative Accounts'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
index af6e93eb..6817e0a6 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Ensure that System Accounts Do Not Run a Shell Upon Login'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
index 5f9c92aa..119219eb 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml
index 84560835..c0f76497 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
title: 'Root Path Must Be Vendor Default'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
index 94594008..c71e3c69 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
index 7194be9c..33bf1622 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
index 96a41cad..5b36c8a7 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# uncomment the option if commented
sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
index 9213cc47..55ea405b 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
title: 'Enforce usage of pam_wheel for su authentication'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml
index ad7e8ca7..46cccc1a 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol,multi_platform_sle,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol,multi_platform_sle,multi_platform_fedora
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh
index da44d1a7..ab470be7 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol,multi_platform_sle,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol,multi_platform_sle,multi_platform_fedora
{{{ set_config_file("/etc/login.defs", "CREATE_HOME", "yes", create=true, insert_after="", insert_before="^\s*CREATE_HOME", insensitive=true) }}}
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
index e5a34b8a..33976e1d 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Ensure Home Directories are Created for New Users'
@@ -31,7 +31,7 @@ references:
stigid@ol7: OL07-00-020610
stigid@ol8: OL08-00-010760
stigid@rhel7: RHEL-07-020610
- stigid@rhel8: RHEL-08-010760
+ stigid@almalinux8: RHEL-08-010760
stigid@sle12: SLES-12-010720
stigid@sle15: SLES-15-020110
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
index 53b68079..2a6b6612 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol
# disruption = low
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
index 23e6f0dd..6055798d 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
{{{ bash_instantiate_variables("var_accounts_fail_delay") }}}
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
index 601fa409..4f589fab 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml
@@ -32,7 +32,7 @@ references:
stigid@ol7: OL07-00-010430
stigid@ol8: OL08-00-020310
stigid@rhel7: RHEL-07-010430
- stigid@rhel8: RHEL-08-020310
+ stigid@almalinux8: RHEL-08-020310
stigid@sle12: SLES-12-010140
ocil_clause: 'the above command returns no output, or FAIL_DELAY is configured less than the expected value'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
index 536ac295..d1bff5ff 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
index 0005b2cc..0329d6cd 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle
{{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}}
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
index 1b5e23ec..bfb6e5a2 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-040000
stigid@ol8: OL08-00-020024
stigid@rhel7: RHEL-07-040000
- stigid@rhel8: RHEL-08-020024
+ stigid@almalinux8: RHEL-08-020024
stigid@sle12: SLES-12-010120
stigid@sle15: SLES-15-020020
stigid@ubuntu2004: UBTU-20-010400
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
index 8f060f47..099a8f02 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
index bb4f52f3..af6adefb 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_sle
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
index dc981774..c787bf67 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 978ddff0..8e3b3764 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Set Interactive Session Timeout'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml
index 2f8aee71..83fead0d 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,ubuntu2004
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu2004
title: 'User Initialization Files Must Be Group-Owned By The Primary User'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
index 3f6dab47..372da589 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'User Initialization Files Must Not Run World-Writable Programs'
@@ -33,7 +33,7 @@ references:
stigid@ol7: OL07-00-020730
stigid@ol8: OL08-00-010660
stigid@rhel7: RHEL-07-020730
- stigid@rhel8: RHEL-08-010660
+ stigid@almalinux8: RHEL-08-010660
stigid@sle12: SLES-12-010780
stigid@sle15: SLES-15-040130
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml
index b793da65..e14c8fa5 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,ubuntu2004
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,ubuntu2004
title: 'User Initialization Files Must Be Owned By the Primary User'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
index 758315bf..762b17f2 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Ensure that Users Path Contains Only Local Directories'
@@ -35,7 +35,7 @@ references:
stigid@ol7: OL07-00-020720
stigid@ol8: OL08-00-010690
stigid@rhel7: RHEL-07-020720
- stigid@rhel8: RHEL-08-010690
+ stigid@almalinux8: RHEL-08-010690
stigid@sle12: SLES-12-010770
stigid@sle15: SLES-15-040120
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
index 666dbb81..78cd8ecf 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'All Interactive Users Must Have A Home Directory Defined'
@@ -32,7 +32,7 @@ references:
stigid@ol7: OL07-00-020600
stigid@ol8: OL08-00-010720
stigid@rhel7: RHEL-07-020600
- stigid@rhel8: RHEL-08-010720
+ stigid@almalinux8: RHEL-08-010720
stigid@sle12: SLES-12-010710
stigid@sle15: SLES-15-040070
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
index 57b60e60..bf8e64d4 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'All Interactive Users Home Directories Must Exist'
@@ -38,7 +38,7 @@ references:
stigid@ol7: OL07-00-020620
stigid@ol8: OL08-00-010750
stigid@rhel7: RHEL-07-020620
- stigid@rhel8: RHEL-08-010750
+ stigid@almalinux8: RHEL-08-010750
stigid@sle12: SLES-12-010730
stigid@sle15: SLES-15-040080
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
index 7a699aec..19c2de3a 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15
title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User'
@@ -30,7 +30,7 @@ references:
stigid@ol7: OL07-00-020670
stigid@ol8: OL08-00-010741
stigid@rhel7: RHEL-07-020670
- stigid@rhel8: RHEL-08-010741
+ stigid@almalinux8: RHEL-08-010741
ocil_clause: 'the group ownership is incorrect'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml
index 605f44b3..c95ef51c 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15
title: 'All User Files and Directories In The Home Directory Must Have a Valid Owner'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
index 82a1f0d1..c046e880 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15
title: 'All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive'
@@ -27,7 +27,7 @@ references:
stigid@ol7: OL07-00-020680
stigid@ol8: OL08-00-010731
stigid@rhel7: RHEL-07-020680
- stigid@rhel8: RHEL-08-010731
+ stigid@almalinux8: RHEL-08-010731
ocil_clause: 'home directory files or folders have incorrect permissions'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
index 2bd171f3..5972ffd2 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux3,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User'
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-020650
stigid@ol8: OL08-00-010740
stigid@rhel7: RHEL-07-020650
- stigid@rhel8: RHEL-08-010740
+ stigid@almalinux8: RHEL-08-010740
stigid@sle12: SLES-12-010750
stigid@sle15: SLES-15-040100
diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
index 4ed84ef0..c6e875d2 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15
title: 'All Interactive User Home Directories Must Be Owned By The Primary User'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
index f4779007..575b24dd 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive'
@@ -29,7 +29,7 @@ references:
stigid@ol7: OL07-00-020710
stigid@ol8: OL08-00-010770
stigid@rhel7: RHEL-07-020710
- stigid@rhel8: RHEL-08-010770
+ stigid@almalinux8: RHEL-08-010770
stigid@sle12: SLES-12-010760
stigid@sle15: SLES-15-040110
diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
index 1b2cdfbf..e8641662 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive'
@@ -35,7 +35,7 @@ references:
stigid@ol7: OL07-00-020630
stigid@ol8: OL08-00-010730
stigid@rhel7: RHEL-07-020630
- stigid@rhel8: RHEL-08-010730
+ stigid@almalinux8: RHEL-08-010730
stigid@sle12: SLES-12-010740
stigid@sle15: SLES-15-040090
diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
index 4e7ea875..ecbce672 100644
--- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
index a1e47204..b0c3e586 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Ensure the Default Bash Umask is Set Correctly'
@@ -50,7 +50,7 @@ references:
nist-csf: PR.IP-2
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
- stigid@rhel8: RHEL-08-020353
+ stigid@almalinux8: RHEL-08-020353
ocil_clause: 'the above command returns no output, or the umask is configured incorrectly'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
index eaaf1d3b..c5abfe41 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# profiles = xccdf_org.ssgproject.content_profile_stig
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
sed -i '/umask/d' /etc/bashrc
echo "umask 077" >> /etc/bashrc
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
index df6ac070..fcf9ed67 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
{{{ bash_instantiate_variables("var_accounts_user_umask") }}}
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
index c22956c8..3ec95b11 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu2004
+prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004
title: 'Ensure the Default C Shell Umask is Set Correctly'
@@ -34,7 +34,7 @@ references:
nist-csf: PR.IP-2
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
- stigid@rhel8: RHEL-08-020353
+ stigid@almalinux8: RHEL-08-020353
ocil_clause: 'the above command returns no output, or the umask is configured incorrectly'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
index a6db2863..f33d4eca 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# profiles = xccdf_org.ssgproject.content_profile_stig
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
sed -i '/umask/d' /etc/csh.cshrc
echo "umask 077" >> /etc/csh.cshrc
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml
index ea0edc6f..073a937f 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh
index acb272c0..4582a801 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
{{{ bash_instantiate_variables("var_accounts_user_umask") }}}
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
index e1cfd643..dbd34da8 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml
@@ -43,7 +43,7 @@ references:
stigid@ol7: OL07-00-020240
stigid@ol8: OL08-00-020351
stigid@rhel7: RHEL-07-020240
- stigid@rhel8: RHEL-08-020351
+ stigid@almalinux8: RHEL-08-020351
stigid@sle12: SLES-12-010620
stigid@sle15: SLES-15-040420
stigid@ubuntu2004: UBTU-20-010016
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
index 40249601..5fdc1035 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml
@@ -41,7 +41,7 @@ references:
nist-csf: PR.IP-2
srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020353
- stigid@rhel8: RHEL-08-020353
+ stigid@almalinux8: RHEL-08-020353
ocil_clause: 'the above command returns no output, or the umask is configured incorrectly'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
index c468faee..bd8b84b1 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004
title: 'Ensure the Default Umask is Set Correctly For Interactive Users'
@@ -28,7 +28,7 @@ references:
stigid@ol7: OL07-00-021040
stigid@ol8: OL08-00-020352
stigid@rhel7: RHEL-07-021040
- stigid@rhel8: RHEL-08-020352
+ stigid@almalinux8: RHEL-08-020352
ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly'
diff --git a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
index afd65879..babbd95d 100644
--- a/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
+++ b/linux_os/guide/system/accounts/enable_authselect/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora,multi_platform_ol
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = configure
# complexity = low
diff --git a/linux_os/guide/system/accounts/enable_authselect/rule.yml b/linux_os/guide/system/accounts/enable_authselect/rule.yml
index 3edb3642..6d9ba6f7 100644
--- a/linux_os/guide/system/accounts/enable_authselect/rule.yml
+++ b/linux_os/guide/system/accounts/enable_authselect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
title: 'Enable authselect'
diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
index f07f5332..a33cfa52 100644
--- a/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
+++ b/linux_os/guide/system/accounts/enable_authselect/tests/not_remediable.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# packages = authselect,pam
# remediation = none
diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
index f50d65ce..2ad066f4 100644
--- a/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
+++ b/linux_os/guide/system/accounts/enable_authselect/tests/profile.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# packages = authselect,pam
authselect select minimal --force
diff --git a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
index 331bdf2d..348ba4c3 100644
--- a/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
+++ b/linux_os/guide/system/accounts/enable_authselect/tests/remediable.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# packages = authselect,pam
rm -f /etc/pam.d/{fingerprint-auth,password-auth,postlogin,smartcard-auth,system-auth}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
index 558e9ac3..2062643d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
- stigid@rhel8: RHEL-08-030490
+ stigid@almalinux8: RHEL-08-030490
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
stigid@ubuntu2004: UBTU-20-010152
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
index 6b9169ee..e69f31e1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010148
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
index 3fb00c33..1eda3c52 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
- stigid@rhel8: RHEL-08-030490
+ stigid@almalinux8: RHEL-08-030490
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
stigid@ubuntu2004: UBTU-20-010153
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
index 81bef506..db575192 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030410
stigid@ol8: OL08-00-030490
stigid@rhel7: RHEL-07-030410
- stigid@rhel8: RHEL-08-030490
+ stigid@almalinux8: RHEL-08-030490
stigid@sle12: SLES-12-020460
stigid@sle15: SLES-15-030290
stigid@ubuntu2004: UBTU-20-010154
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
index e707486d..b38331bb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml
@@ -62,7 +62,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010149
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
index 0f6aa34c..38516f0c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010150
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
index c56d9b45..d7463a86 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml
@@ -11,13 +11,13 @@ description: |-
startup (the default), add the following line to a file with suffix
.rules in the directory /etc/audit/rules.d:
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -25,13 +25,13 @@ description: |-
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules file:
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -76,7 +76,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010147
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
index 5b3cd1d8..4359c155 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml
@@ -9,24 +9,24 @@ description: |-
startup (the default), add the following line to a file with suffix
.rules in the directory /etc/audit/rules.d:
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the auditd daemon is configured to use the auditctl
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules file:
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -71,7 +71,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010144
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
index 62447082..bd346843 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml
@@ -59,7 +59,7 @@ references:
stigid@ol7: OL07-00-030370
stigid@ol8: OL08-00-030480
stigid@rhel7: RHEL-07-030370
- stigid@rhel8: RHEL-08-030480
+ stigid@almalinux8: RHEL-08-030480
stigid@sle12: SLES-12-020420
stigid@sle15: SLES-15-030250
stigid@ubuntu2004: UBTU-20-010151
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
index 6cadcdfa..903ea244 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml
@@ -11,13 +11,13 @@ description: |-
startup (the default), add the following line to a file with suffix
.rules in the directory /etc/audit/rules.d:
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -25,13 +25,13 @@ description: |-
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules file:
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -76,7 +76,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010146
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
index 5fff88ef..59af90e1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml
@@ -9,24 +9,24 @@ description: |-
startup (the default), add the following line to a file with suffix
.rules in the directory /etc/audit/rules.d:
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the auditd daemon is configured to use the auditctl
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules file:
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -71,7 +71,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010143
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
index 3708723e..66ecffcb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml
@@ -10,13 +10,13 @@ description: |-
program to read audit rules during daemon startup (the default), add the
following line to a file with suffix .rules in the directory /etc/audit/rules.d:
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -24,13 +24,13 @@ description: |-
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules file:
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -75,7 +75,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030200
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010145
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
index 1b3a9fff..fe356737 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml
@@ -9,24 +9,24 @@ description: |-
startup (the default), add the following line to a file with suffix
.rules in the directory /etc/audit/rules.d:
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the auditd daemon is configured to use the auditctl
utility to read audit rules during daemon startup, add the following line to
/etc/audit/audit.rules file:
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
If the system is 64 bit then also add the following line:
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["ol8", "rhel8", "rhel9"] %}}
+{{%- if product in ["ol8", "rhel8", "almalinux8", "rhel9"] %}}
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}}
@@ -71,7 +71,7 @@ references:
stigid@ol7: OL07-00-030440
stigid@ol8: OL08-00-030270
stigid@rhel7: RHEL-07-030440
- stigid@rhel8: RHEL-08-030200
+ stigid@almalinux8: RHEL-08-030200
stigid@sle12: SLES-12-020370
stigid@sle15: SLES-15-030190
stigid@ubuntu2004: UBTU-20-010142
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
index cc49dba9..fde3f285 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Record Any Attempts to Run chacl'
@@ -37,7 +37,7 @@ references:
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210
stigid@ol8: OL08-00-030570
- stigid@rhel8: RHEL-08-030570
+ stigid@almalinux8: RHEL-08-030570
stigid@sle12: SLES-12-020620
stigid@sle15: SLES-15-030440
stigid@ubuntu2004: UBTU-20-010168
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
index c045e89b..facfd6c7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Record Any Attempts to Run setfacl'
@@ -37,7 +37,7 @@ references:
nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a)
srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215
stigid@ol8: OL08-00-030330
- stigid@rhel8: RHEL-08-030330
+ stigid@almalinux8: RHEL-08-030330
stigid@sle12: SLES-12-020610
stigid@sle15: SLES-15-030430
stigid@ubuntu2004: UBTU-20-010167
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
index a04042e3..52cbf3eb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml
@@ -1,10 +1,10 @@
-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Record Any Attempts to Run chcon'
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030580
stigid@ol8: OL08-00-030260
stigid@rhel7: RHEL-07-030580
- stigid@rhel8: RHEL-08-030260
+ stigid@almalinux8: RHEL-08-030260
stigid@sle12: SLES-12-020630
stigid@sle15: SLES-15-030450
stigid@ubuntu2004: UBTU-20-010165
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
index f02b13ad..2cc24682 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml
@@ -1,10 +1,10 @@
-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Record Any Attempts to Run restorecon'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
index 3622ba4a..96a40474 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml
@@ -1,10 +1,10 @@
-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Record Any Attempts to Run semanage'
@@ -58,7 +58,7 @@ references:
stigid@ol7: OL07-00-030560
stigid@ol8: OL08-00-030313
stigid@rhel7: RHEL-07-030560
- stigid@rhel8: RHEL-08-030313
+ stigid@almalinux8: RHEL-08-030313
vmmsrg: SRG-OS-000463-VMM-001850
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
index ccefe566..0a81c1fe 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml
@@ -1,10 +1,10 @@
-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
documentation_complete: true
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Any Attempts to Run setfiles'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-030590
stigid@ol8: OL08-00-030314
stigid@rhel7: RHEL-07-030590
- stigid@rhel8: RHEL-08-030314
+ stigid@almalinux8: RHEL-08-030314
vmmsrg: SRG-OS-000463-VMM-001850
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
index 137d22aa..f47bd1cd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml
@@ -1,10 +1,10 @@
-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Record Any Attempts to Run setsebool'
@@ -57,7 +57,7 @@ references:
stigid@ol7: OL07-00-030570
stigid@ol8: OL08-00-030316
stigid@rhel7: RHEL-07-030570
- stigid@rhel8: RHEL-08-030316
+ stigid@almalinux8: RHEL-08-030316
vmmsrg: SRG-OS-000463-VMM-001850
ocil_clause: '{{{ ocil_clause_audit() }}}'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
index 43d5bbb6..a3c9b5c8 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml
@@ -1,11 +1,11 @@
-{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
{{%- set perm_x="-F perm=x " %}}
{{%- endif %}}
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Any Attempts to Run seunshare'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
index 53e61fb2..e9a0edcd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# Perform the remediation for the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
index 14e3d2e0..53dc5f0b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20
+prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20
title: 'Ensure auditd Collects File Deletion Events by User'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
index 6678c7ed..8ef00604 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@ubuntu2004: UBTU-20-010269
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
index b6fd9fe7..b6aa9902 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@ubuntu2004: UBTU-20-010270
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
index b32d8a24..2eeb5761 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
{{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
index a012ab89..3dd889f5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@ubuntu2004: UBTU-20-010267
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
index 3e9521f7..a00c4bc9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml
@@ -53,7 +53,7 @@ references:
stigid@ol7: OL07-00-030910
stigid@ol8: OL08-00-030361
stigid@rhel7: RHEL-07-030910
- stigid@rhel8: RHEL-08-030361
+ stigid@almalinux8: RHEL-08-030361
stigid@ubuntu2004: UBTU-20-010268
vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml
index d3b01863..2bb5eb1b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Record Successful Permission Changes to Files - chmod'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml
index 241d1d63..f9749a32 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Ownership Changes to Files - chown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml
index a1f8f395..173d16fb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Access Attempts to Files - creat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml
index ce7070ed..8fdaba2d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - fchmod'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml
index 4b6cee01..3f60a691 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - fchmodat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml
index 6bc0b959..71a0383b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Ownership Changes to Files - fchown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml
index e882a57b..ef4a46a9 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Ownership Changes to Files - fchownat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml
index ee4ff3a8..9aaea3ee 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - fremovexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml
index d40bfdee..8ce3cb3a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - fsetxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml
index 4fe00220..d99a82aa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Access Attempts to Files - ftruncate'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml
index 90873b10..2e82232c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Ownership Changes to Files - lchown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml
index acbfbc0e..dfdcfbad 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - lremovexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml
index b669f750..9897c41b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - lsetxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml
index 9cc9ff86..3de02e18 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Access Attempts to Files - open'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml
index 89a65e14..bc586252 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Access Attempts to Files - open_by_handle_at'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml
index 38a00312..ad07bfd0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
index 5ed132a5..0352431c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml
index bef2d87a..ac4e2ebe 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Record Successful Creation Attempts to Files - open O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml
index 653e1d8e..d6cf93b7 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Record Successful Creation Attempts to Files - open O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml
index 16e9b483..7ede712e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Access Attempts to Files - openat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml
index 75ead44a..1d342e48 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Record Successful Creation Attempts to Files - openat O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml
index 13ff5e23..11279f4b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml
index 7d7e3ebe..6e115c37 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - removexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml
index 82d103ec..84fa9b87 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Delete Attempts to Files - rename'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml
index 1736c971..046a17f3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Delete Attempts to Files - renameat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml
index 75809f4a..852c7f93 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Permission Changes to Files - setxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml
index 4d850dc8..c1a49a4f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Access Attempts to Files - truncate'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml
index 91e8f67b..0c57eabc 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Delete Attempts to Files - unlink'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml
index a11b195b..3e87d37f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Record Successful Delete Attempts to Files - unlinkat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh
index 8a48783f..b846f811 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
# Perform the remediation of the syscall rule
# Retrieve hardware architecture of the underlying system
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
index ab60d663..bdd5423e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
index cb0b6500..0e2bbdce 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - chmod'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
index 45fc2028..33b6ec43 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Ownership Changes to Files - chown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
index 3e28446e..cc836362 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Record Unsuccessful Access Attempts to Files - creat'
@@ -64,7 +64,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010158
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
index e30a1d2f..f2ccc675 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - fchmod'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
index e3c7fa19..2219d6c5 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - fchmodat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
index 59da9d0a..5cc873c3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Ownership Changes to Files - fchown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
index 0fb28cfa..804d6b57 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Ownership Changes to Files - fchownat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
index ec572f51..5017d9ed 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - fremovexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
index 66fc4c74..e9344433 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - fsetxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
index 32ef1257..08643ae3 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Record Unsuccessful Access Attempts to Files - ftruncate'
@@ -67,7 +67,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010157
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
index 4a5d13bb..e72b9b22 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Ownership Changes to Files - lchown'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
index 38e0558c..9f75abf4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - lremovexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
index b91a2e54..d5fcca4d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - lsetxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
index 15876627..8f8316e2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Record Unsuccessful Access Attempts to Files - open'
@@ -67,7 +67,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010155
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
index 3738f202..666fd113 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at'
@@ -60,7 +60,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010160
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh
index c1352ae3..31de4374 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
index 29cc51e5..66a88468 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh
index c1352ae3..31de4374 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
index 1139d3d4..12b5f9c1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh
index c944fb9e..b506644a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
index f6778ff2..39a7315a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh
index c1352ae3..31de4374 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
index fc832a32..2b4a4107 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh
index c1352ae3..31de4374 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
index 77c90c55..25300be0 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh
index c944fb9e..b506644a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
index 1cf66b9e..c695c873 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
index 61f278a9..8afd5781 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Record Unsuccessful Access Attempts to Files - openat'
@@ -67,7 +67,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010159
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh
index c1352ae3..31de4374 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
index e699454e..abd30b69 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh
index c1352ae3..31de4374 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
index b9aa00b6..24ed7123 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh
index c944fb9e..b506644a 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
{{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
index 46851bf6..45f7b4ef 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
index 73941532..97bb35cd 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - removexattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
index e99c7859..ff1bf926 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Record Unsuccessful Delete Attempts to Files - rename'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
index 94091c13..fec7ba65 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Record Unsuccessful Delete Attempts to Files - renameat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
index 3b6ce383..cb900ac4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Record Unsuccessful Permission Changes to Files - setxattr'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
index 0a1e39df..85030faa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Record Unsuccessful Access Attempts to Files - truncate'
@@ -66,7 +66,7 @@ references:
stigid@ol7: OL07-00-030510
stigid@ol8: OL08-00-030420
stigid@rhel7: RHEL-07-030510
- stigid@rhel8: RHEL-08-030420
+ stigid@almalinux8: RHEL-08-030420
stigid@sle12: SLES-12-020490
stigid@sle15: SLES-15-030150
stigid@ubuntu2004: UBTU-20-010156
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
index 96906848..257a8a2c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Record Unsuccessful Delete Attempts to Files - unlink'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
index cc76dfee..b1e23b08 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Record Unsuccessful Delete Attempts to Files - unlinkat'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
index 4c659a70..5bf93038 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml
@@ -1,10 +1,10 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = true
# strategy = restrict
# complexity = low
# disruption = low
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
{{% set auid_filters = "-F auid>=" ~ auid ~ " -F auid!=unset" %}}
{{% else %}}
{{% set auid_filters = "" %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh
index caa825fb..4891b996 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/bash/shared.sh
@@ -12,7 +12,7 @@ for ARCH in "${RULE_ARCHS[@]}"
do
ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
OTHER_FILTERS=""
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=unset"
{{% else %}}
AUID_FILTERS=""
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
index ac639d5b..c17b9c4d 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading'
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_multiple_per_arg.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_multiple_per_arg.pass.sh
index 3e000a1c..aa594bb1 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_multiple_per_arg.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_multiple_per_arg.pass.sh
@@ -10,6 +10,6 @@ rm -f /etc/audit/rules.d/*
# cut out irrelevant rules for this test
sed '1,8d' test_audit.rules > /etc/audit/audit.rules
sed -i '4,7d' /etc/audit/audit.rules
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
sed -i 's/-k modules/-F auid>=1000 -F auid!=unset -k modules/g' /etc/audit/audit.rules
{{% endif %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_arg.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_arg.pass.sh
index 0a033380..3b65ff90 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_arg.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_arg.pass.sh
@@ -9,6 +9,6 @@ rm -f /etc/audit/rules.d/*
# cut out irrelevant rules for this test
sed '1,12d' test_audit.rules > /etc/audit/audit.rules
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
sed -i 's/-k modules/-F auid>=1000 -F auid!=unset -k modules/g' /etc/audit/audit.rules
{{% endif %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_line.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_line.pass.sh
index 940d9fb1..058c005f 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_line.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/auditctl_syscalls_one_per_line.pass.sh
@@ -9,6 +9,6 @@ rm -f /etc/audit/rules.d/*
# cut out irrelevant rules for this test
sed '8,15d' test_audit.rules > /etc/audit/audit.rules
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
sed -i 's/-k modules/-F auid>=1000 -F auid!=unset -k modules/g' /etc/audit/audit.rules
{{% endif %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_multiple_per_arg.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_multiple_per_arg.pass.sh
index c2438f9b..396c888b 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_multiple_per_arg.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_multiple_per_arg.pass.sh
@@ -7,6 +7,6 @@ rm -f /etc/audit/rules.d/*
# cut out irrelevant rules for this test
sed '1,8d' test_audit.rules > /etc/audit/rules.d/test.rules
sed -i '4,7d' /etc/audit/rules.d/test.rules
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
sed -i 's/-k modules/-F auid>=1000 -F auid!=unset -k modules/g' /etc/audit/rules.d/test.rules
{{% endif %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_arg.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_arg.pass.sh
index ec55e461..91d673d2 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_arg.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_arg.pass.sh
@@ -6,6 +6,6 @@ rm -f /etc/audit/rules.d/*
# cut out irrelevant rules for this test
sed '1,12d' test_audit.rules > /etc/audit/rules.d/test.rules
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
sed -i 's/-k modules/-F auid>=1000 -F auid!=unset -k modules/g' /etc/audit/rules.d/test.rules
{{% endif %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_line.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_line.pass.sh
index 99299f7c..492bbced 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_line.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/tests/augen_syscalls_one_per_line.pass.sh
@@ -5,6 +5,6 @@ rm -f /etc/audit/rules.d/*
# cut out irrelevant rules for this test
sed '8,15d' test_audit.rules > /etc/audit/rules.d/test.rules
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
sed -i 's/-k modules/-F auid>=1000 -F auid!=unset -k modules/g' /etc/audit/rules.d/test.rules
{{% endif %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
index b4d1eb01..d3592e57 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml
@@ -1,10 +1,10 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol
# reboot = false
# complexity = low
# disruption = low
# strategy = configure
-{{% if product in ["ol8", "rhel8"] %}}
+{{% if product in ["ol8", "rhel8", "almalinux8"] %}}
{{% set auid_filters = "-F auid>=" ~ auid ~ " -F auid!=unset" %}}
{{% else %}}
{{% set auid_filters = "" %}}
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh
index 73ee785b..7ae6e8da 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/bash/shared.sh
@@ -12,7 +12,7 @@ for ARCH in "${RULE_ARCHS[@]}"
do
ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH"
OTHER_FILTERS=""
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=unset"
{{% else %}}
AUID_FILTERS=""
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
index 51a61028..71df13a4 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/oval/shared.xml
index 4ee03826..8e5b87ec 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/oval/shared.xml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/oval/shared.xml
@@ -36,7 +36,7 @@
^/etc/audit/rules\.d/.*\.rules$
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$
{{% else %}}
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$
@@ -49,7 +49,7 @@
^/etc/audit/rules\.d/.*\.rules$
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$
{{% else %}}
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b64[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$
@@ -62,7 +62,7 @@
/etc/audit/audit.rules
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(?:-F\s+auid>=1000[\s]+)(?:-F\s+auid!=(unset|4294967295))\s+(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$
{{% else %}}
^[\s]*-a[\s]+always,exit[\s]+(?:.*-F[\s]+arch=b32[\s]+)(?:.*(-S[\s]+delete_module[\s]+|([\s]+|[,])delete_module([\s]+|[,]))).*(-k[\s]+|-F[\s]+key=)[\S]+[\s]*$
@@ -75,7 +75,7 @@
-a always,exit -F arch=ARCH -S delete_module -F auid>=1000 -F auid!=unset -F key=modules{{% else %}}
-a always,exit -F arch=ARCH -S delete_module -F key=modules@@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030830 stigid@ol8: OL08-00-030390 stigid@rhel7: RHEL-07-030830 - stigid@rhel8: RHEL-08-030390 + stigid@almalinux8: RHEL-08-030390 stigid@sle12: SLES-12-020730 stigid@sle15: SLES-15-030520 stigid@ubuntu2004: UBTU-20-010302 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh index 2da82fb1..fa47304d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/correct_rules.pass.sh @@ -7,7 +7,7 @@ rm -f /etc/audit/rules.d/* > /etc/audit/audit.rules -{{% if product in ["ol8", "rhel8"] %}} +{{% if product in ["ol8", "rhel8", "almalinux8"] %}} echo "-a always,exit -F arch=b32 -S delete_module -F auid>=1000 -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules echo "-a always,exit -F arch=b64 -S delete_module -F auid>=1000 -F auid!=unset -F key=modules" >> /etc/audit/rules.d/modules.rules {{% else %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh index e5cd4b6b..6e34c63b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/tests/missing_auid_filter.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 # packages = audit rm -f /etc/audit/rules.d/* diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml index a0a6793b..a7db1989 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml @@ -1,10 +1,10 @@ -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # complexity = low # disruption = low # strategy = configure -{{% if product in ["ol8", "rhel8"] %}} +{{% if product in ["ol8", "rhel8", "almalinux8"] %}} {{% set auid_filters = "-F auid>=" ~ auid ~ " -F auid!=unset" %}} {{% else %}} {{% set auid_filters = "" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh index 74d3ef0b..e328427e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/bash/shared.sh @@ -12,7 +12,7 @@ for ARCH in "${RULE_ARCHS[@]}" do ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH" OTHER_FILTERS="" - {{% if product in ["ol8", "rhel8"] %}} + {{% if product in ["ol8", "rhel8", "almalinux8"] %}} AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=unset" {{% else %}} AUID_FILTERS="" diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml index 90d7d43d..818c3cad 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/oval/shared.xml index 2fc71131..1d46ee9a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/oval/shared.xml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/oval/shared.xml @@ -36,7 +36,7 @@
-a always,exit -F arch=ARCH -S finit_module -F auid>=1000 -F auid!=unset -F key=modules{{% else %}}
-a always,exit -F arch=ARCH -S finit_module -F key=modules@@ -17,7 +17,7 @@ description: |- rules during daemon startup, add the following lines to /etc/audit/audit.rules file in order to capture kernel module loading and unloading events, setting ARCH to either b32 or b64 as appropriate for your system: - {{% if product in ["ol8", "rhel8"] %}} + {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
-a always,exit -F arch=ARCH -S finit_module -F auid>=1000 -F auid!=unset -F key=modules{{% else %}}
-a always,exit -F arch=ARCH -S finit_module -F key=modules@@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030820 stigid@ol8: OL08-00-030360 stigid@rhel7: RHEL-07-030820 - stigid@rhel8: RHEL-08-030360 + stigid@almalinux8: RHEL-08-030360 stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010180 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh index c7649509..97f62c56 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/correct_rules.pass.sh @@ -5,7 +5,7 @@ # packages = audit {{% endif %}} -{{% if product in ["ol8", "rhel8"] %}} +{{% if product in ["ol8", "rhel8", "almalinux8"] %}} echo "-a always,exit -F arch=b32 -S finit_module -F auid>=1000 -F auid!=unset -k modules" >> /etc/audit/rules.d/modules.rules echo "-a always,exit -F arch=b64 -S finit_module -F auid>=1000 -F auid!=unset -k modules" >> /etc/audit/rules.d/modules.rules {{% else %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh index 7639dada..ad877070 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/tests/missing_auid_filter.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 # packages = audit rm -f /etc/audit/rules.d/* diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml index e1bf467c..ea511fa6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml @@ -1,10 +1,10 @@ -# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol # reboot = false # complexity = low # disruption = low # strategy = configure -{{% if product in ["ol8", "rhel8"] %}} +{{% if product in ["ol8", "rhel8", "almalinux8"] %}} {{% set auid_filters = "-F auid>=" ~ auid ~ " -F auid!=unset" %}} {{% else %}} {{% set auid_filters = "" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh index 09b6c06d..35a3d819 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/bash/shared.sh @@ -12,7 +12,7 @@ for ARCH in "${RULE_ARCHS[@]}" do ACTION_ARCH_FILTERS="-a always,exit -F arch=$ARCH" OTHER_FILTERS="" - {{% if product in ["ol8", "rhel8"] %}} + {{% if product in ["ol8", "rhel8", "almalinux8"] %}} AUID_FILTERS="-F auid>={{{ auid }}} -F auid!=unset" {{% else %}} AUID_FILTERS="" diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml index 2fb9a7ff..7cef862d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/oval/shared.xml index c6e59896..ba0f0e6c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/oval/shared.xml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/oval/shared.xml @@ -36,7 +36,7 @@
-a always,exit -F arch=ARCH -S init_module -F auid>=1000 -F auid!=unset -F key=modules{{% else %}}
-a always,exit -F arch=ARCH -S init_module -F key=modules@@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030820 stigid@ol8: OL08-00-030360 stigid@rhel7: RHEL-07-030820 - stigid@rhel8: RHEL-08-030360 + stigid@almalinux8: RHEL-08-030360 stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010179 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh index 38232603..aaa21252 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/correct_rules.pass.sh @@ -5,7 +5,7 @@ # packages = audit {{% endif %}} -{{% if product in ["ol8", "rhel8"] %}} +{{% if product in ["ol8", "rhel8", "almalinux8"] %}} echo "-a always,exit -F arch=b32 -S init_module -F auid>=1000 -F auid!=unset -k modules" >> /etc/audit/rules.d/modules.rules echo "-a always,exit -F arch=b64 -S init_module -F auid>=1000 -F auid!=unset -k modules" >> /etc/audit/rules.d/modules.rules {{% else %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh index 4286531b..cb1684dc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/tests/missing_auid_filter.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 # packages = audit rm -f /etc/audit/rules.d/* diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh index 32ef6d31..a33d3a4c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh @@ -1,8 +1,8 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' -{{% if product in ["rhel8", "rhel9"] %}} +{{% if product in ["rhel8", "almalinux8", "rhel9"] %}} {{% set faillock_path = "/var/log/faillock" %}} {{% else %}} {{% set faillock_path = "/var/run/faillock" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml index c9fea115..6c82e8ff 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml @@ -1,10 +1,10 @@ documentation_complete: true -prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: alinux2,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Record Attempts to Alter Logon and Logout Events' -{{% if product in ["rhel8", "rhel9"] %}} +{{% if product in ["rhel8", "almalinux8", "rhel9"] %}} {{% set faillock_path = "/var/log/faillock" %}} {{% else %}} {{% set faillock_path = "/var/run/faillock" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh index 826a25bd..73010dd2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/tests/default.pass.sh @@ -2,7 +2,7 @@ # packages = audit # remediation = bash -{{% if product in ["rhel8", "rhel9"] %}} +{{% if product in ["rhel8", "almalinux8", "rhel9"] %}} {{% set faillock_path="/var/log/faillock" %}} {{% else %}} {{% set faillock_path="/var/run/faillock" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml index 90edf3ac..d5cbfd8f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml @@ -1,11 +1,11 @@ -{{% if product in ["ol8","ol9","rhel8", "rhel9"] %}} +{{% if product in ["ol8","ol9","rhel8", "almalinux8", "rhel9"] %}} {{% set faillock_path = "/var/log/faillock" %}} {{% else %}} {{% set faillock_path = "/var/run/faillock" %}} {{% endif %}} documentation_complete: true -prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Record Attempts to Alter Logon and Logout Events - faillock' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030610 stigid@ol8: OL08-00-030590 stigid@rhel7: RHEL-07-030610 - stigid@rhel8: RHEL-08-030590 + stigid@almalinux8: RHEL-08-030590 vmmsrg: SRG-OS-000473-VMM-001930,SRG-OS-000470-VMM-001900 ocil_clause: 'there is no output' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index 7337aa41..722e426c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Record Attempts to Alter Logon and Logout Events - lastlog' @@ -56,7 +56,7 @@ references: stigid@ol7: OL07-00-030620 stigid@ol8: OL08-00-030600 stigid@rhel7: RHEL-07-030620 - stigid@rhel8: RHEL-08-030600 + stigid@almalinux8: RHEL-08-030600 stigid@sle12: SLES-12-020660 stigid@sle15: SLES-15-030480 stigid@ubuntu2004: UBTU-20-010171 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml index 54856261..9399bae5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Record Attempts to Alter Logon and Logout Events - tallylog' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml index 979373bc..ad72ca8a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/group.yml @@ -2,7 +2,7 @@ documentation_complete: true title: 'Record Attempts to Alter Logon and Logout Events' -{{% if product in ["rhel8", "rhel9"] %}} +{{% if product in ["rhel8", "almalinux8", "rhel9"] %}} {{% set faillock_path = "/var/log/faillock" %}} {{% else %}} {{% set faillock_path = "/var/run/faillock" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml index 68c8497c..83094aae 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh index 3d7bcfa8..1df0dff7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_perform_audit_rules_privileged_commands_remediation("auditctl", auid) }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh index 97489059..2d9c2f0c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh index a8690fba..ba0dceb9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules sed -i '/newgrp/d' /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh index 680658c9..2af9c51c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/audit.rules sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh index fff672f7..f7afd120 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh index ffe7ffd3..4f57fed9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules sed -i -E 's/^(.*path=[[:graph:]]+ )(.*$)/\1-F perm=x \2/' /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh index 10926a9a..27c9f836 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 # augenrules is default for rhel7 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh index 00a87444..d75b17f4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh @@ -2,7 +2,7 @@ # packages = audit # Remediation for this rule cannot remove the duplicates # remediation = none -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /tmp/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh index 0ba2dc16..553c4c40 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules sed -i '/newgrp/d' /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh index 928c6949..87f7df4f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh index 511c31bb..e2e0606b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh index d53eca20..b3384dce 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules # change key of rules for binaries in /usr/sbin diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh index 696c12aa..95bdf138 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules sed -i -E 's/^(.*path=[[:graph:]]+ )(.*$)/\1-F perm=x \2/' /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh index 6ddc06db..97feff9a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules echo "-a always,exit -F path=/usr/bin/passwd -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh index 833a2549..1c51f7f8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules echo "-a always,exit -F path=/usr/bin/passwd -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh index 992aad0d..eabfd3ba 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 own_key /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml index 9ab12a24..a5b38ede 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml index f00b43da..404ae678 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030660 stigid@ol8: OL08-00-030250 stigid@rhel7: RHEL-07-030660 - stigid@rhel8: RHEL-08-030250 + stigid@almalinux8: RHEL-08-030250 stigid@sle12: SLES-12-020690 stigid@sle15: SLES-15-030120 stigid@ubuntu2004: UBTU-20-010175 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml index b4ef8a6b..79e3642d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030720 stigid@ol8: OL08-00-030410 stigid@rhel7: RHEL-07-030720 - stigid@rhel8: RHEL-08-030410 + stigid@almalinux8: RHEL-08-030410 stigid@sle12: SLES-12-020580 stigid@sle15: SLES-15-030100 stigid@ubuntu2004: UBTU-20-010163 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml index 5cc83a5b..4489a4a6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab' @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030800 stigid@ol8: OL08-00-030400 stigid@rhel7: RHEL-07-030800 - stigid@rhel8: RHEL-08-030400 + stigid@almalinux8: RHEL-08-030400 stigid@sle12: SLES-12-020710 stigid@sle15: SLES-15-030130 stigid@ubuntu2004: UBTU-20-010177 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml index 79e1ae16..47a03c4d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030650 stigid@ol8: OL08-00-030370 stigid@rhel7: RHEL-07-030650 - stigid@rhel8: RHEL-08-030370 + stigid@almalinux8: RHEL-08-030370 stigid@sle12: SLES-12-020560 stigid@sle15: SLES-15-030080 stigid@ubuntu2004: UBTU-20-010174 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml index 5baa999e..cb49a4d7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh index f9cbf11b..02cfce0d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml index 721c082b..dd9cc5e2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["rhel8"] %}} +{{%- if product in ["rhel8", "almalinux8"] %}} {{%- set kmod_audit="-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged" %}} {{%- elif product in ["ubuntu2004"] %}} {{%- set kmod_audit="-w /bin/kmod -p x -k modules" %}} @@ -10,7 +10,7 @@ documentation_complete: true -prodtype: ol7,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - kmod' @@ -49,7 +49,7 @@ references: srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222 stigid@ol7: OL07-00-030840 stigid@ol8: OL08-00-030580 - stigid@rhel8: RHEL-08-030580 + stigid@almalinux8: RHEL-08-030580 stigid@sle12: SLES-12-020360 stigid@sle15: SLES-15-030410 stigid@ubuntu2004: UBTU-20-010297 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml index 8f61ee32..07ddf429 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh index ed9771d0..665d2cc0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml index 92ffffc2..468ea2a0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount' @@ -50,7 +50,7 @@ references: stigid@ol7: OL07-00-030740 stigid@ol8: OL08-00-030300 stigid@rhel7: RHEL-07-030740 - stigid@rhel8: RHEL-08-030300 + stigid@almalinux8: RHEL-08-030300 stigid@sle12: SLES-12-020290 stigid@ubuntu2004: UBTU-20-010138 vmmsrg: SRG-OS-000471-VMM-001910 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml index 5a14e1ef..cd03eb45 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml index bf257618..369dbf7b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030710 stigid@ol8: OL08-00-030350 stigid@rhel7: RHEL-07-030710 - stigid@rhel8: RHEL-08-030350 + stigid@almalinux8: RHEL-08-030350 stigid@sle12: SLES-12-020570 stigid@sle15: SLES-15-030090 stigid@ubuntu2004: UBTU-20-010164 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml index 04e870ab..0c645cdf 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml index 8c8c9e60..64ba902c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml @@ -1,5 +1,5 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} @@ -11,7 +11,7 @@ documentation_complete: true -prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check' @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030810 stigid@ol8: OL08-00-030340 stigid@rhel7: RHEL-07-030810 - stigid@rhel8: RHEL-08-030340 + stigid@almalinux8: RHEL-08-030340 stigid@sle12: SLES-12-020720 stigid@sle15: SLES-15-030510 stigid@ubuntu2004: UBTU-20-010178 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml index fa89ec6e..56d1fead 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030630 stigid@ol8: OL08-00-030290 stigid@rhel7: RHEL-07-030630 - stigid@rhel8: RHEL-08-030290 + stigid@almalinux8: RHEL-08-030290 stigid@sle12: SLES-12-020550 stigid@sle15: SLES-15-030070 stigid@ubuntu2004: UBTU-20-010172 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml index ca767a82..0e0c9af6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 +prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-030760 stigid@ol8: OL08-00-030311 stigid@rhel7: RHEL-07-030760 - stigid@rhel8: RHEL-08-030311 + stigid@almalinux8: RHEL-08-030311 vmmsrg: SRG-OS-000471-VMM-001910 {{{ ocil_fix_srg_privileged_command("postdrop") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml index 51aaec95..649b7832 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 +prodtype: ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-030770 stigid@ol8: OL08-00-030312 stigid@rhel7: RHEL-07-030770 - stigid@rhel8: RHEL-08-030312 + stigid@almalinux8: RHEL-08-030312 vmmsrg: SRG-OS-000471-VMM-001910 {{{ ocil_fix_srg_privileged_command("postqueue") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml index 99ea9ba4..be4f2702 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml index f3c3324e..d5545d32 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh index cab3cb16..d895a1d3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml index 03fd86df..c6b2b97a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Record Any Attempts to Run ssh-agent' @@ -39,7 +39,7 @@ references: nist@sle12: AU-3,AU-3.1,AU-12(a),AU-12(c),AU-12.1(a),AU-12.1(ii),AU-12.1(iv),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030280 - stigid@rhel8: RHEL-08-030280 + stigid@almalinux8: RHEL-08-030280 stigid@sle12: SLES-12-020310 stigid@sle15: SLES-15-030370 stigid@ubuntu2004: UBTU-20-010140 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml index 28185012..def8b5de 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} @@ -10,7 +10,7 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign' @@ -65,7 +65,7 @@ references: stigid@ol7: OL07-00-030780 stigid@ol8: OL08-00-030320 stigid@rhel7: RHEL-07-030780 - stigid@rhel8: RHEL-08-030320 + stigid@almalinux8: RHEL-08-030320 stigid@sle12: SLES-12-020320 stigid@sle15: SLES-15-030060 stigid@ubuntu2004: UBTU-20-010141 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml index 33e174cf..c2f55c26 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030680 stigid@ol8: OL08-00-030190 stigid@rhel7: RHEL-07-030680 - stigid@rhel8: RHEL-08-030190 + stigid@almalinux8: RHEL-08-030190 stigid@sle12: SLES-12-020250 stigid@sle15: SLES-15-030550 stigid@ubuntu2004: UBTU-20-010136 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml index f384c1bf..e896f514 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030690 stigid@ol8: OL08-00-030550 stigid@rhel7: RHEL-07-030690 - stigid@rhel8: RHEL-08-030550 + stigid@almalinux8: RHEL-08-030550 stigid@sle12: SLES-12-020260 stigid@sle15: SLES-15-030560 stigid@ubuntu2004: UBTU-20-010161 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml index 627aa69b..83c7b71d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml index 733f1062..7329e443 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount' @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030750 stigid@ol8: OL08-00-030301 stigid@rhel7: RHEL-07-030750 - stigid@rhel8: RHEL-08-030301 + stigid@almalinux8: RHEL-08-030301 stigid@sle12: SLES-12-020300 stigid@ubuntu2004: UBTU-20-010139 vmmsrg: SRG-OS-000471-VMM-001910 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml index fc71d402..08456b39 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030640 stigid@ol8: OL08-00-030317 stigid@rhel7: RHEL-07-030640 - stigid@rhel8: RHEL-08-030317 + stigid@almalinux8: RHEL-08-030317 stigid@sle12: SLES-12-020680 stigid@sle15: SLES-15-030110 vmmsrg: SRG-OS-000471-VMM-001910 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml index 2478dba5..6a96d91c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_update' @@ -38,7 +38,7 @@ references: disa: CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-002884 srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030310 - stigid@rhel8: RHEL-08-030310 + stigid@almalinux8: RHEL-08-030310 stigid@ubuntu2004: UBTU-20-010173 {{{ ocil_fix_srg_privileged_command("unix_update") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml index bd496cfb..6e081a80 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-030670 stigid@ol8: OL08-00-030315 stigid@rhel7: RHEL-07-030670 - stigid@rhel8: RHEL-08-030315 + stigid@almalinux8: RHEL-08-030315 vmmsrg: SRG-OS-000471-VMM-001910 {{{ ocil_fix_srg_privileged_command("userhelper") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml index 4d01b662..0317e32a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usermod' @@ -41,7 +41,7 @@ references: nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210 stigid@ol8: OL08-00-030560 - stigid@rhel8: RHEL-08-030560 + stigid@almalinux8: RHEL-08-030560 stigid@sle12: SLES-12-020700 stigid@sle15: SLES-15-030500 stigid@ubuntu2004: UBTU-20-010176 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml index 152ac4f7..1c95955f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["fedora", "ol8", "rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} +{{%- if product in ["fedora", "ol8", "rhel8", "almalinux8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml index 4fd5bef0..30e9c339 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/group' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml index 79dc227e..d97d3a1e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml index e1221d1a..d4b05056 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml index 84d77e89..969bb5e4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml index 3c8971e4..91444872 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml index 6ee8ef91..7b7abadc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml index 449fe58e..9a8dc9be 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml index 37094bd4..a62486e4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml index ee516082..6ae9798c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml index 01b22ecb..f3c198fb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml index 0eaf7977..2c4c9699 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml index a1a40472..325c88f4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh index b9daadd7..514f4744 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Traverse all of: # diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml index 26d02c24..28daa910 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml index aab89263..7025c0d7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml @@ -53,7 +53,7 @@ references: pcidss: Req-10.5.2 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 stigid@ol8: OL08-00-030121 - stigid@rhel8: RHEL-08-030121 + stigid@almalinux8: RHEL-08-030121 ocil: |- Verify the audit system prevents unauthorized changes with the following command: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml index e55119fd..2e7514b5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh index 632149b9..038c574b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml index 4534624b..7d1db5bb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml index c1f23903..add9e026 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml @@ -55,7 +55,7 @@ references: stigid@ol7: OL07-00-030740 stigid@ol8: OL08-00-030302 stigid@rhel7: RHEL-07-030740 - stigid@rhel8: RHEL-08-030302 + stigid@almalinux8: RHEL-08-030302 stigid@sle12: SLES-12-020290 stigid@sle15: SLES-15-030350 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml index 3c1ca33a..fdb0252c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot =false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh index 352d01bd..a3b0b525 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml index 7f2f4e29..7ad5c59a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh index d01b505a..8cce3781 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml index 1decbff9..083f80bd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml index c3a0dd19..f82dd506 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers' @@ -33,7 +33,7 @@ references: disa: CCI-000018,CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-001403,CCI-001404,CCI-002130,CCI-002132,CCI-002884 srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 stigid@ol8: OL08-00-030171 - stigid@rhel8: RHEL-08-030171 + stigid@almalinux8: RHEL-08-030171 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml index c6a38f0d..a8f80817 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/' @@ -33,7 +33,7 @@ references: disa: CCI-000018,CCI-000130,CCI-000135,CCI-000169,CCI-000172,CCI-001403,CCI-001404,CCI-002130,CCI-002132,CCI-002884 srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 stigid@ol8: OL08-00-030172 - stigid@rhel8: RHEL-08-030172 + stigid@almalinux8: RHEL-08-030172 ocil_clause: 'the command does not return a line, or the line is commented out' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml index 9583a47b..b68aa06b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh index ae7c6765..8b688ff9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml index b421cbf2..b28ccb5b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Record Events When Privileged Executables Are Run' @@ -55,7 +55,7 @@ references: stigid@ol7: OL07-00-030360 stigid@ol8: OL08-00-030000 stigid@rhel7: RHEL-07-030360 - stigid@rhel8: RHEL-08-030000 + stigid@almalinux8: RHEL-08-030000 stigid@sle12: SLES-12-020240 stigid@sle15: SLES-15-030640 stigid@ubuntu2004: UBTU-20-010211 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh index 63fd5601..d7917e09 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/sudoers", "wa", "actions") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml index 5c99e72f..88c36f80 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml index 22ee4995..acbe2456 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Shutdown System When Auditing Failures Occur' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh index 07965e2c..908fa6e5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/group", "wa", "audit_rules_usergroup_modification") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml index 14503bf7..0e18c201 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Record Events that Modify User/Group Information - /etc/group' @@ -61,7 +61,7 @@ references: stigid@ol7: OL07-00-030871 stigid@ol8: OL08-00-030170 stigid@rhel7: RHEL-07-030871 - stigid@rhel8: RHEL-08-030170 + stigid@almalinux8: RHEL-08-030170 stigid@sle12: SLES-12-020210 stigid@sle15: SLES-15-030010 stigid@ubuntu2004: UBTU-20-010101 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml index b4290f40..dac4aa38 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Record Events that Modify User/Group Information - /etc/gshadow' @@ -61,7 +61,7 @@ references: stigid@ol7: OL07-00-030872 stigid@ol8: OL08-00-030160 stigid@rhel7: RHEL-07-030872 - stigid@rhel8: RHEL-08-030160 + stigid@almalinux8: RHEL-08-030160 stigid@sle12: SLES-12-020590 stigid@sle15: SLES-15-030040 stigid@ubuntu2004: UBTU-20-010103 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml index 26134e32..edc99d77 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' @@ -62,7 +62,7 @@ references: stigid@ol7: OL07-00-030874 stigid@ol8: OL08-00-030140 stigid@rhel7: RHEL-07-030874 - stigid@rhel8: RHEL-08-030140 + stigid@almalinux8: RHEL-08-030140 stigid@sle12: SLES-12-020230 stigid@sle15: SLES-15-030030 stigid@ubuntu2004: UBTU-20-010104 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml index 73dfc045..31019194 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Record Events that Modify User/Group Information - /etc/passwd' @@ -61,7 +61,7 @@ references: stigid@ol7: OL07-00-030870 stigid@ol8: OL08-00-030150 stigid@rhel7: RHEL-07-030870 - stigid@rhel8: RHEL-08-030150 + stigid@almalinux8: RHEL-08-030150 stigid@sle12: SLES-12-020200 stigid@sle15: SLES-15-030000 stigid@ubuntu2004: UBTU-20-010100 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml index abd678fc..a944c551 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Record Events that Modify User/Group Information - /etc/shadow' @@ -61,7 +61,7 @@ references: stigid@ol7: OL07-00-030873 stigid@ol8: OL08-00-030130 stigid@rhel7: RHEL-07-030873 - stigid@rhel8: RHEL-08-030130 + stigid@almalinux8: RHEL-08-030130 stigid@sle12: SLES-12-020220 stigid@sle15: SLES-15-030020 stigid@ubuntu2004: UBTU-20-010102 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh index e829590e..e72d090f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml index 3fbd4948..27378a92 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh index 1dd7cb10..9c43228d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml index 18bb2671..8f0bffdd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh index e829590e..e72d090f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml index e2f2d649..bd5c2434 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh index e829590e..e72d090f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml index 7ea72adf..28662fe8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh index 742bbfc4..e9db1df7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml index ac72267a..67ee8659 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml index ec17adf5..0ecb4079 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml index dc0db28a..63e757f9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'System Audit Directories Must Be Group Owned By Root' @@ -36,7 +36,7 @@ references: pcidss: Req-10.5.1 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030110 - stigid@rhel8: RHEL-08-030110 + stigid@almalinux8: RHEL-08-030110 ocil: |- {{% if product =="ol8" %}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh index 09d4e8ff..6a8e8bda 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux groupadd group_test diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml index f040c0d2..41692757 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'System Audit Directories Must Be Owned By Root' @@ -32,7 +32,7 @@ references: pcidss: Req-10.5.1 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030100 - stigid@rhel8: RHEL-08-030100 + stigid@almalinux8: RHEL-08-030100 ocil_clause: the directory is not owned by root diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh index 0dad1bfe..29632f72 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then DIR=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ' | rev | cut -d"/" -f2- | rev) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml index 298c6de3..1131aa4c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml @@ -3,7 +3,7 @@ documentation_complete: true title: 'System Audit Logs Must Have Mode 0750 or Less Permissive' description: |- - {{% if product in ["ol8", "rhel8"] %}} + {{% if product in ["ol8", "rhel8", "almalinux8"] %}} Verify the audit log directories have a mode of "0700" or less permissive by first determining where the audit logs are stored with the following command:
$ sudo grep -iw log_file /etc/audit/auditd.conf
@@ -43,7 +43,7 @@ references:
nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
stigid@ol8: OL08-00-030120
- stigid@rhel8: RHEL-08-030120
+ stigid@almalinux8: RHEL-08-030120
stigid@ubuntu2004: UBTU-20-010128
ocil_clause: 'audit logs have a more permissive mode'
@@ -67,7 +67,7 @@ ocil: |-
Replace "[audit_log_directory]" to the correct audit log directory path, by default this location is "/var/log/audit".
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
The correct permissions are 0700
{{% else %}}
If the log_group is "root" or is not set, the correct permissions are 0700, otherwise they are 0750.
@@ -80,7 +80,7 @@ fixtext: |-
$ sudo grep "^log_file" /etc/audit/auditd.conf
- {{% if product in ["ol8", "rhel8"] %}}
+ {{% if product in ["ol8", "rhel8", "almalinux8"] %}}
Set the correct permissions mode by the following command:
$ sudo chmod 0700 [audit_log_directory]
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
index 7e8c4912..999d914c 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_0700.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
source common_0700.sh
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
index 7cfadc19..3bb0cefb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/correct_value_default_0700.pass.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
source common_0700.sh
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
index 3654389e..64e3e8eb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_0700.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
source common_0700.sh
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
index b93254a4..c7d66ccb 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/tests/incorrect_value_default_file_0700.fail.sh
@@ -1,6 +1,6 @@
#!/bin/bash
# packages = audit
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
source common_0700.sh
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
index dd63b930..76ea1b00 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhel9,ubuntu2004
+prodtype: ol8,rhel8,almalinux8,rhel9,ubuntu2004
title: 'System Audit Logs Must Be Group Owned By Root'
@@ -39,7 +39,7 @@ references:
pcidss: Req-10.5.1
srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-030090
- stigid@rhel8: RHEL-08-030090
+ stigid@almalinux8: RHEL-08-030090
stigid@ubuntu2004: UBTU-20-010124
ocil: |-
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
index 8639ae24..101a93bf 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/correct_value_non-root_group.pass.sh
@@ -4,7 +4,7 @@
{{% else %}}
# packages = audit
{{% endif %}}
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
if grep -iwq "log_file" /etc/audit/auditd.conf; then
FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
index 7e6a2a01..79e18f2e 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/tests/wrong_value_non-root_group.fail.sh
@@ -4,7 +4,7 @@
{{% else %}}
# packages = audit
{{% endif %}}
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
if grep -iwq "log_file" /etc/audit/auditd.conf; then
FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ')
diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
index 95acf590..18954ffa 100644
--- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
+++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/oval/shared.xml
@@ -6,7 +6,7 @@
{{{ audisp_conf_path }}}/audisp-remote.conf
to KRB5.
{{% else %}}
@@ -45,7 +45,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
ocil: |-
To verify the audispd plugin encrypts audit records off-loaded onto a different
system or media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
$ sudo grep -i transport {{{ audisp_conf_path }}}/audisp-remote.conf
The output should return the following:
transport = KRB5@@ -57,7 +57,7 @@ ocil: |- fixtext: |- Configure {{{ full_name }}} to encrypt audit records sent with audispd plugin. -{{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] %}} +{{% if product in ["rhel8", "almalinux8", "rhel9", "fedora", "ol8", "rhv4"] %}} Set the "transport" option in "{{{ audisp_conf_path }}}/audisp-remote.conf" to "KRB5". {{% else %}} Uncomment the "enable_krb5" option in "{{{ audisp_conf_path }}}/audisp-remote.conf", diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh index 1ee02140..711b6593 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = Red Hat Enterprise Linux 8,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora . $SHARED/auditd_utils.sh prepare_auditd_test_enviroment diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh index b6775223..b7fa1f1f 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = Red Hat Enterprise Linux 8,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora . $SHARED/auditd_utils.sh prepare_auditd_test_enviroment diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh index bf1c533c..fb621cff 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = Red Hat Enterprise Linux 8,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora . $SHARED/auditd_utils.sh prepare_auditd_test_enviroment diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh index 864e97b3..8c16af8f 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = Red Hat Enterprise Linux 8,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora . $SHARED/auditd_utils.sh prepare_auditd_test_enviroment diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml index 71fc8168..83540271 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh index d1a51360..8ca091be 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_audispd_network_failure_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml index 0a3db320..b05f5e2b 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Configure audispd''s Plugin network_failure_action On Network Failure' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh index d244d4bd..ec516de8 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_absent.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle . $SHARED/auditd_utils.sh prepare_auditd_test_enviroment diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh index af96da87..3bcbba05 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/tests/audisp_network_failure_action_set.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle . $SHARED/auditd_utils.sh prepare_auditd_test_enviroment diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh index d1f708e6..56431b6a 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = bash . $SHARED/auditd_utils.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh index b370dda3..21ca1030 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = bash . $SHARED/auditd_utils.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh index 1184212b..07dea497 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = bash . $SHARED/auditd_utils.sh diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml index b075778f..d9baf1b4 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh index d0065b38..7027992a 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml index 65269774..1509661d 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml @@ -38,7 +38,7 @@ references: nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4 srg: SRG-OS-000047-GPOS-00023 stigid@ol8: OL08-00-030040 - stigid@rhel8: RHEL-08-030040 + stigid@almalinux8: RHEL-08-030040 ocil_clause: 'there is no evidence of appropriate action' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml index 06f4a10c..ba788edb 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh index 78726bbc..0a36846a 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml index 55f407e0..b9084af2 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action_stig/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml index 0adf2b53..37695252 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh index ce4f4d02..6ab8e06d 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml index e69a0590..f847fa9c 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml @@ -43,7 +43,7 @@ references: nist@sle12: AU-5(b),AU-5.1(iv) srg: SRG-OS-000047-GPOS-00023 stigid@ol8: OL08-00-030060 - stigid@rhel8: RHEL-08-030060 + stigid@almalinux8: RHEL-08-030060 stigid@sle12: SLES-12-020060 stigid@sle15: SLES-15-030590 stigid@ubuntu2004: UBTU-20-010118 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml index 61cc4751..7f66a5c1 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh index 8ab6e16a..11021155 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml index 55f407e0..b9084af2 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action_stig/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml index b82e6d17..717e52b9 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh index 464c566e..43adf8bf 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml index 0d6a2a04..6d8818e3 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml @@ -49,7 +49,7 @@ references: stigid@ol7: OL07-00-030350 stigid@ol8: OL08-00-030020 stigid@rhel7: RHEL-07-030350 - stigid@rhel8: RHEL-08-030020 + stigid@almalinux8: RHEL-08-030020 stigid@sle12: SLES-12-020040 stigid@sle15: SLES-15-030570 stigid@ubuntu2004: UBTU-20-010117 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml index 9efd2d5e..95c46c53 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh index 095b279f..efcddf50 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml index 9c8afcfa..53a6da7e 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh index 79b91655..40632d09 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_instantiate_variables("var_auditd_flush") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml index ce94d5f5..de2167a1 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Configure auditd flush priority' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh index da07f56c..90ebe810 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # profiles = xccdf_org.ssgproject.content_profile_ospp # remediation = bash diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh index 013ac37d..97c4125f 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # profiles = xccdf_org.ssgproject.content_profile_ospp # remediation = bash diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh index fca91d8e..9bcfaa3d 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # profiles = xccdf_org.ssgproject.content_profile_ospp # remediation = bash diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh index 679ed1d9..79155fb0 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # profiles = xccdf_org.ssgproject.content_profile_ospp # remediation = bash diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh index 17275563..8f1d103c 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # profiles = xccdf_org.ssgproject.content_profile_ospp # remediation = bash diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh index c5b4b4a9..74580039 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = audit -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # profiles = xccdf_org.ssgproject.content_profile_ospp # remediation = bash diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml index c70cd104..c97fbf56 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh index 8ac93789..e8a6dab1 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_instantiate_variables("var_auditd_max_log_file") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml index 69ae3cb8..f48f3656 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh index 3a69df68..67d60999 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh index 9e8d8ac9..92e3fdbc 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # packages = audit # profiles = xccdf_org.ssgproject.content_profile_stig -# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9, multi_platform_fedora . $SHARED/auditd_utils.sh prepare_auditd_test_enviroment diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml index 69ae3cb8..f48f3656 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh index 4609f8ec..f4b4664e 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml index 55f407e0..b9084af2 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action_stig/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml index 7deaa060..748a59d8 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml index ab0bea58..a6158699 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh index a53f062b..e0200450 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_auditd_space_left") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml index 62e76a51..ca6bd0be 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Configure auditd space_left on Low Disk Space' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml index 46560f89..123e5ef3 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh index 870f6619..a1dc8844 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_auditd_space_left_action") }}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml index 282ce9c8..95dbc51b 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030340 stigid@ol8: OL08-00-030731 stigid@rhel7: RHEL-07-030340 - stigid@rhel8: RHEL-08-030731 + stigid@almalinux8: RHEL-08-030731 stigid@ubuntu2004: UBTU-20-010217 vmmsrg: SRG-OS-000343-VMM-001240 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml index 58d15697..8eacb817 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel7,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Configure auditd space_left on Low Disk Space' @@ -37,7 +37,7 @@ references: srg: SRG-OS-000343-GPOS-00134 stigid@ol8: OL08-00-030730 stigid@rhel7: RHEL-07-030330 - stigid@rhel8: RHEL-08-030730 + stigid@almalinux8: RHEL-08-030730 stigid@ubuntu2004: UBTU-20-010217 vmmsrg: SRG-OS-000343-VMM-001240 diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml index 75590e72..0b5a0999 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml @@ -25,7 +25,7 @@ references: ospp: FAU_GEN.1 srg: SRG-OS-000062-GPOS-00031,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-030061 - stigid@rhel8: RHEL-08-030061 + stigid@almalinux8: RHEL-08-030061 ocil_clause: local_events isn't set to yes diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml index 44a1453d..c0ce83d2 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml @@ -26,7 +26,7 @@ references: ospp: FAU_GEN.1.2 srg: SRG-OS-000255-GPOS-00096,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-030063 - stigid@rhel8: RHEL-08-030063 + stigid@almalinux8: RHEL-08-030063 ocil_clause: log_format isn't set to ENRICHED diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml index 30c61725..cbd417f5 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml @@ -29,7 +29,7 @@ references: stigid@ol7: OL07-00-030211 stigid@ol8: OL08-00-030062 stigid@rhel7: RHEL-07-030211 - stigid@rhel8: RHEL-08-030062 + stigid@almalinux8: RHEL-08-030062 ocil_clause: name_format isn't set to hostname diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml index 12d8541c..a3d1c459 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh index f308bd67..e9789ea2 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml index a058b881..1427b39c 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml @@ -32,7 +32,7 @@ references: stigid@ol7: OL07-00-030210 stigid@ol8: OL08-00-030700 stigid@rhel7: RHEL-07-030210 - stigid@rhel8: RHEL-08-030700 + stigid@almalinux8: RHEL-08-030700 ocil_clause: 'auditd overflow action is not set correctly' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml index c865ad76..f226ae34 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var index bcafc35b..1579dc90 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var @@ -3,7 +3,7 @@ documentation_complete: true title: 'Remote server for audispd to send audit records' description: |- -{{% if product in ["rhel8", "fedora"] %}} +{{% if product in ["rhel8", "almalinux8", "fedora"] %}} The setting for remote_server in /etc/audit/audisp-remote.conf {{% else %}} The setting for remote_server in /etc/audisp/audisp-remote.conf diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml index 16a637ef..394c721a 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon' @@ -47,7 +47,7 @@ references: pcidss: Req-10.3 srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095 stigid@ol8: OL08-00-030601 - stigid@rhel8: RHEL-08-030601 + stigid@almalinux8: RHEL-08-030601 stigid@ubuntu2004: UBTU-20-010198 vmmsrg: SRG-OS-000254-VMM-000880 diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh index 956c8ac7..006899d7 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh +++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # remediation = none # Removes audit argument from kernel command line in /boot/grub2/grubenv diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh index 556b82c4..fa266b77 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh +++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # Break the audit argument in kernel command line in /boot/grub2/grubenv file="/boot/grub2/grubenv" diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh index 59f1ed22..e9cac86b 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh +++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # Break the audit argument in kernel command line in /boot/grub2/grubenv file="/boot/grub2/grubenv" diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml index b729deb4..374ffb26 100644 --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Extend Audit Backlog Limit for the Audit Daemon' @@ -35,7 +35,7 @@ references: ospp: FAU_STG.1,FAU_STG.3 srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030602 - stigid@rhel8: RHEL-08-030602 + stigid@almalinux8: RHEL-08-030602 ocil_clause: 'audit backlog limit is not configured' diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh index 3648f215..1db7652a 100644 --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit_backlog_limit=8192" diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh index 921c9db9..d54cf31e 100644 --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # Break the audit_backlog_limit argument in kernel command line in /boot/grub2/grubenv file="/boot/grub2/grubenv" diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml index e2d2b7fd..f4952aac 100644 --- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Install audispd-plugins Package' diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml index ecc154d0..9362ca0d 100644 --- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml +++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml @@ -31,7 +31,7 @@ references: ospp: FAU_GEN.1 srg: SRG-OS-000062-GPOS-00031,SRG-OS-000037-GPOS-00015,SRG-OS-000038-GPOS-00016,SRG-OS-000039-GPOS-00017,SRG-OS-000040-GPOS-00018,SRG-OS-000041-GPOS-00019,SRG-OS-000042-GPOS-00021,SRG-OS-000051-GPOS-00024,SRG-OS-000054-GPOS-00025,SRG-OS-000122-GPOS-00063,SRG-OS-000254-GPOS-00095,SRG-OS-000255-GPOS-00096,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000365-GPOS-00152,SRG-OS-000392-GPOS-00172,SRG-OS-000475-GPOS-00220 stigid@ol8: OL08-00-030180 - stigid@rhel8: RHEL-08-030180 + stigid@almalinux8: RHEL-08-030180 stigid@sle12: SLES-12-020000 stigid@sle15: SLES-15-030650 stigid@ubuntu2004: UBTU-20-010182 diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml index e3314050..603abfb9 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml index 643b8c9f..41b10f74 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of unsuccessful file accesses' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml index f29a4afc..26ac0688 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml index 41329308..3f8c50a3 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml index fd98ae70..807959bd 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of successful file accesses' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml index 1d08bae3..3e230044 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml index f6242690..bd3ddd10 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml index 28500f9d..f7fdb157 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure basic parameters of Audit system' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml index 981a0c86..ab7d657c 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml index ca5548d2..71d2650c 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of unsuccessful file creations' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml index c26dc39b..d32b854f 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml index 1f52c56e..0562bf07 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of successful file creations' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml index 023388b6..655883af 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml index 1383a4e1..9846a32d 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of unsuccessful file deletions' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml index 22d3990f..ed4f8bce 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml index 6c42b726..1da7bb5f 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos {{% set file_contents = """## Successful file delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml index 9bc9753d..b1051997 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of successful file deletions' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml index 0314988d..25f2c5ae 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos {{% set file_contents = """## Successful file delete -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml index 4b611673..42e1c3da 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml index 4a697054..4a91ac16 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure immutable Audit login UIDs' @@ -35,7 +35,7 @@ references: ospp: FAU_GEN.1.2 srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 stigid@ol8: OL08-00-030122 - stigid@rhel8: RHEL-08-030122 + stigid@almalinux8: RHEL-08-030122 ocil_clause: 'the file does not exist or the content differs' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml index 2d927984..ec647737 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml index 90873b68..490286a5 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of unsuccessful file modifications' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml index dae46600..527bc848 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml index c6f79696..7a6e545c 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml index e7521441..14123f69 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of successful file modifications' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml index 212ec4ba..62e1ee6d 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml index f8cd8b73..090554c0 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml index 5e840fca..b339f016 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of loading and unloading of kernel modules' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml index a93771e8..22e9b17b 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml index 5de0d062..66f22a92 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Perform general configuration of Audit for OSPP' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml index 6b943ce0..5b19b70b 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general_aarch64/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml index c2184696..99dbf074 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of unsuccessful ownership changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml index 2964e6db..2120d155 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of successful ownership changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml index bc421601..456e79f8 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of unsuccessful permission changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml index ff4ef23f..fd92c9fe 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,ol9,rhcos4,rhel8,rhel9 +prodtype: ol8,ol9,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure auditing of successful permission changes' diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml index 8461089f..75311d9d 100644 --- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml +++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Configure audit according to OSPP requirements' diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml index 89d6152d..7afbf02b 100644 --- a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml index cdd994ec..c5e2732b 100644 --- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml +++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030000 stigid@ol8: OL08-00-030181 stigid@rhel7: RHEL-07-030000 - stigid@rhel8: RHEL-08-030181 + stigid@almalinux8: RHEL-08-030181 stigid@sle12: SLES-12-020010 stigid@sle15: SLES-15-030050 vmmsrg: SRG-OS-000037-VMM-000150,SRG-OS-000063-VMM-000310,SRG-OS-000038-VMM-000160,SRG-OS-000039-VMM-000170,SRG-OS-000040-VMM-000180,SRG-OS-000041-VMM-000190 diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml index d6bfc02f..98c11ac6 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'Configure kernel to trust the CPU random number generator' diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh index 091ac6fa..dbef772c 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh +++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # Based on shared/templates/grub2_bootloader_argument/tests/arg_not_there.fail.sh -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # Removes audit argument from kernel command line in /boot/grub2/grubenv file="/boot/grub2/grubenv" diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh index f1f19e39..8a34cb34 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh +++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_grubenv.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # Based on shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh # Fake the kernel compile config, this is necessary when the distro's kernel is already compiled diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh index b3d9ab27..ef22e767 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # Based on shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # Break the argument in kernel command line in /boot/grub2/grubenv file="/boot/grub2/grubenv" diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml index 249e7912..4980396b 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8,rhel9 +prodtype: fedora,ol8,rhel8,almalinux8,rhel9 title: 'Enable Kernel Page-Table Isolation (KPTI)' @@ -27,7 +27,7 @@ references: nist: SI-16 srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040004 - stigid@rhel8: RHEL-08-040004 + stigid@almalinux8: RHEL-08-040004 ocil_clause: 'Kernel page-table isolation is not enabled' diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml index 9a0f0d21..4fc19b1d 100644 --- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9 title: 'Disable vsyscalls' @@ -27,7 +27,7 @@ references: ospp: FPT_ASLR_EXT.1 srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068 stigid@ol8: OL08-00-010422 - stigid@rhel8: RHEL-08-010422 + stigid@almalinux8: RHEL-08-010422 ocil_clause: 'vsyscalls are enabled' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml index ca391cc1..8facb03c 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml index 40a8b787..a920b056 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml index e4a08f58..6c86a796 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml index 540ea3dd..60172be7 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Set the Boot Loader Admin Username to a Non-Default Value' @@ -50,7 +50,7 @@ references: stigid@ol7: OL07-00-010483 stigid@ol8: OL08-00-010149 stigid@rhel7: RHEL-07-010483 - stigid@rhel8: RHEL-08-010149 + stigid@almalinux8: RHEL-08-010149 ocil_clause: 'superuser account is not set or is set to root, admin, administrator or any other existing user name' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml index 2d11883e..d61fc84a 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 title: 'Boot Loader Is Not Installed On Removeable Media' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml index 7b82e350..c0863528 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/oval/shared.xml @@ -3,7 +3,7 @@ {{{ oval_metadata("The grub2 boot loader should have password protection enabled.") }}}
net.ipv4.conf.all.rp_filter parameter can be queried
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
index 583b70a3..d9bca3de 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_1.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
index ef545976..bf1ccb25 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/tests/value_2.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
index 8b075d55..0dd17a34 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
index abe92e65..cfb1c094 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
index 2bfbd9e4..8ea37100 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index 47abcc22..6f831760 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-040640
stigid@ol8: OL08-00-040209
stigid@rhel7: RHEL-07-040640
- stigid@rhel8: RHEL-08-040209
+ stigid@almalinux8: RHEL-08-040209
stigid@sle12: SLES-12-030400
stigid@sle15: SLES-15-040340
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
index aa7d1562..08668d03 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
index 043f16e2..6908e556 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default'
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-040620
stigid@ol8: OL08-00-040249
stigid@rhel7: RHEL-07-040620
- stigid@rhel8: RHEL-08-040249
+ stigid@almalinux8: RHEL-08-040249
stigid@sle12: SLES-12-030370
stigid@sle15: SLES-15-040320
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
index 3a60ab17..728ddb81 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
index 38602c00..5e3fa818 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
index b6e53de3..0b652c7c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
index 09ff6023..d26b1790 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
index aeb67c4e..f47a8ab6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
index f21dfa91..db55372f 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
index 52d74441..08c8c256 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
index d45ebce6..0ab2f051 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces'
@@ -45,7 +45,7 @@ references:
stigid@ol7: OL07-00-040630
stigid@ol8: OL08-00-040230
stigid@rhel7: RHEL-07-040630
- stigid@rhel8: RHEL-08-040230
+ stigid@almalinux8: RHEL-08-040230
stigid@sle12: SLES-12-030380
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
index 9e3a85af..d4f4d31c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
index 4f552dfc..69c49939 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
index d9154483..5d27f9c9 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Set Kernel Parameter to Increase Local Port Range'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
index 3104be90..47783f4a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
index 3799d269..3407115d 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
index 0c8dae78..a26df0c5 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
index e87793d5..4873d498 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Enable Kernel Parameter to Use TCP Syncookies on Network Interfaces'
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
index ea1db12f..5d8b19f6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index e44509ea..3efc9047 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-040660
stigid@ol8: OL08-00-040220
stigid@rhel7: RHEL-07-040660
- stigid@rhel8: RHEL-08-040220
+ stigid@almalinux8: RHEL-08-040220
stigid@sle12: SLES-12-030420
stigid@sle15: SLES-15-040370
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
index b54e3d12..125464d7 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index b3534eb7..b73221c6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-040650
stigid@ol8: OL08-00-040270
stigid@rhel7: RHEL-07-040650
- stigid@rhel8: RHEL-08-040270
+ stigid@almalinux8: RHEL-08-040270
stigid@sle12: SLES-12-030410
stigid@sle15: SLES-15-040360
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
index 7acfc0b0..9bbb4ddc 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces'
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
index 7d08edf8..f83779e3 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
index afe2b774..0632ee18 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Disable ATM Support'
@@ -28,7 +28,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040021
- stigid@rhel8: RHEL-08-040021
+ stigid@almalinux8: RHEL-08-040021
{{{ complete_ocil_entry_module_disable(module="atm") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
index 6f5805e5..0ca4ab3b 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
index 420485c1..0a36c302 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Disable CAN Support'
@@ -28,7 +28,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040022
- stigid@rhel8: RHEL-08-040022
+ stigid@almalinux8: RHEL-08-040022
{{{ complete_ocil_entry_module_disable(module="can") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
index 20878340..a13cfd16 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable DCCP Support'
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
index 61aed859..03f41b72 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
index 9d9ef3ac..7a9c4906 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Disable IEEE 1394 (FireWire) Support'
@@ -27,7 +27,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040026
- stigid@rhel8: RHEL-08-040026
+ stigid@almalinux8: RHEL-08-040026
{{{ complete_ocil_entry_module_disable(module="firewire-core") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
index 28b8952d..6e3e064a 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
index f8b020fc..1042129e 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable SCTP Support'
@@ -43,7 +43,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040023
- stigid@rhel8: RHEL-08-040023
+ stigid@almalinux8: RHEL-08-040023
{{{ complete_ocil_entry_module_disable(module="sctp") }}}
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
index 9761ea78..b98652b4 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
index 6948bcdb..6debebc2 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
@@ -42,7 +42,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040024
- stigid@rhel8: RHEL-08-040024
+ stigid@almalinux8: RHEL-08-040024
{{{ complete_ocil_entry_module_disable(module="tipc") }}}
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
index 5aaafd12..9d05d0c5 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
index 847d2123..1edba79b 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable Bluetooth Kernel Module'
@@ -37,7 +37,7 @@ references:
nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000300-GPOS-00118
stigid@ol8: OL08-00-040111
- stigid@rhel8: RHEL-08-040111
+ stigid@almalinux8: RHEL-08-040111
{{{ complete_ocil_entry_module_disable(module="bluetooth") }}}
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml
index 5d316177..29d115da 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_cfg80211_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel8,rhel9
+prodtype: fedora,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable Kernel cfg80211 Module'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml
index 25123181..cc641d3f 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlmvm_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel8,rhel9
+prodtype: fedora,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable Kernel iwlmvm Module'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml
index 2ae0cd34..1f1c8ed7 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_iwlwifi_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel8,rhel9
+prodtype: fedora,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable Kernel iwlwifi Module'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml
index 409baf90..5f85883e 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_mac80211_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel8,rhel9
+prodtype: fedora,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable Kernel mac80211 Module'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
index a0a9fbc2..0d3c20a3 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4
title: 'Disable Bluetooth Service'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
index 6a541594..8c47fed5 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel7,rhel8
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
title: 'Disable WiFi or Bluetooth in BIOS'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index b3e20e7b..828e91fc 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Deactivate Wireless Network Interfaces'
@@ -61,7 +61,7 @@ references:
stigid@ol7: OL07-00-041010
stigid@ol8: OL08-00-040110
stigid@rhel7: RHEL-07-041010
- stigid@rhel8: RHEL-08-040110
+ stigid@almalinux8: RHEL-08-040110
stigid@sle12: SLES-12-030450
stigid@sle15: SLES-15-010380
stigid@ubuntu2004: UBTU-20-010455
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
index 50ec8c5c..5ba4b4d6 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Configure Multiple DNS Servers in /etc/resolv.conf'
@@ -54,7 +54,7 @@ references:
stigid@ol7: OL07-00-040600
stigid@ol8: OL08-00-010680
stigid@rhel7: RHEL-07-040600
- stigid@rhel8: RHEL-08-010680
+ stigid@almalinux8: RHEL-08-010680
ocil_clause: 'less than two lines are returned that are not commented out'
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
index 0f2d1597..27572472 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_is_empty.pass.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
source common.sh
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
index 469db24e..671a4d01 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
+++ b/linux_os/guide/system/network/network_configure_name_resolution/tests/dns_not_in_nsswitch_and_resolv_isnt_empty.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
source common.sh
diff --git a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
index 06a84a9d..dba6f82c 100644
--- a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8
+prodtype: rhel7,rhel8,almalinux8
title: 'Disable Client Dynamic DNS Updates'
diff --git a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
index 6f2e6fa2..ea9c566f 100644
--- a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
+++ b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
@@ -1,2 +1,2 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
echo "NOZEROCONF=yes" >> /etc/sysconfig/network
diff --git a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
index 34f6e07e..202330a7 100644
--- a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
+++ b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
title: 'Disable Zeroconf Networking'
diff --git a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
index 3f497dc7..f85aac04 100644
--- a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
+++ b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv,multi_platform_fedora
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
index 63fa589f..587a266a 100644
--- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
+++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli'
diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
index faf4d69a..190dc254 100644
--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Ensure System is Not Acting as a Network Sniffer'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-040670
stigid@ol8: OL08-00-040330
stigid@rhel7: RHEL-07-040670
- stigid@rhel8: RHEL-08-040330
+ stigid@almalinux8: RHEL-08-040330
stigid@sle12: SLES-12-030440
stigid@sle15: SLES-15-040390
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
index 51b8c53e..6cb982f7 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Fedora,Oracle Linux 7,Oracle Linux 8
+# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Fedora,Oracle Linux 7,Oracle Linux 8
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
index 46680c47..3b09595c 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Ensure All World-Writable Directories Are Owned by root user'
@@ -28,7 +28,7 @@ references:
anssi: BP28(R40)
disa: CCI-000366
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000138-GPOS-00069
- stigid@rhel8: RHEL-08-010700
+ stigid@almalinux8: RHEL-08-010700
ocil_clause: 'there is output'
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
index e807cbfe..79482556 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
index b3395bea..56ff803b 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
df --local -P | awk '{if (NR!=1) print $6}' \
| xargs -I '{}' find '{}' -xdev -type d \
\( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
index c86d29d0..ab72ede6 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
@@ -59,7 +59,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000138-GPOS-00069
stigid@ol8: OL08-00-010190
- stigid@rhel8: RHEL-08-010190
+ stigid@almalinux8: RHEL-08-010190
stigid@sle12: SLES-12-010460
stigid@sle15: SLES-15-010300
stigid@ubuntu2004: UBTU-20-010411
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
index 35c17601..65ae3c8f 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
title: 'Ensure All World-Writable Directories Are Owned by a System Account'
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
index 79457f38..221fa3e4 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15
title: 'Ensure All World-Writable Directories Are Group Owned by a System Account'
@@ -40,7 +40,7 @@ references:
stigid@ol7: OL07-00-021030
stigid@ol8: OL08-00-010710
stigid@rhel7: RHEL-07-021030
- stigid@rhel8: RHEL-08-010710
+ stigid@almalinux8: RHEL-08-010710
stigid@sle12: SLES-12-010830
stigid@sle15: SLES-15-040180
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
index 04e6f122..a796388d 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,ubuntu2004
title: 'Verify Permissions on /etc/audit/auditd.conf'
@@ -27,7 +27,7 @@ references:
nist: AU-12(b)
srg: SRG-OS-000063-GPOS-00032
stigid@ol8: OL08-00-030610
- stigid@rhel8: RHEL-08-030610
+ stigid@almalinux8: RHEL-08-030610
stigid@ubuntu2004: UBTU-20-010133
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/auditd.conf", perms="-rw-r-----") }}}'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
index 459085a4..d64bff7e 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,ubuntu2004
title: 'Verify Permissions on /etc/audit/rules.d/*.rules'
@@ -27,7 +27,7 @@ references:
nist: AU-12(b)
srg: SRG-OS-000063-GPOS-00032
stigid@ol8: OL08-00-030610
- stigid@rhel8: RHEL-08-030610
+ stigid@almalinux8: RHEL-08-030610
stigid@ubuntu2004: UBTU-20-010133
ocil_clause: '{{{ ocil_clause_file_permissions(file="/etc/audit/rules.d/*.rules", perms="-rw-r-----") }}}'
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
index f23bcd31..7040155f 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
title: 'Ensure All SGID Executables Are Authorized'
-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,uos20
description: |-
The SGID (set group id) bit should be set only on files that were
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
index 73d98ee1..6696fc35 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
title: 'Ensure All SUID Executables Are Authorized'
-prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,sle12,sle15,uos20
+prodtype: alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,uos20
description: |-
The SUID (set user id) bit should be set only on files that were
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
index 123f967d..33af6672 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Ensure All Files Are Owned by a Group'
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-020330
stigid@ol8: OL08-00-010790
stigid@rhel7: RHEL-07-020330
- stigid@rhel8: RHEL-08-010790
+ stigid@almalinux8: RHEL-08-010790
stigid@sle12: SLES-12-010700
stigid@sle15: SLES-15-040410
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index 95c5bc04..b07c5523 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux2,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Ensure All Files Are Owned by a User'
@@ -52,7 +52,7 @@ references:
stigid@ol7: OL07-00-020320
stigid@ol8: OL08-00-010780
stigid@rhel7: RHEL-07-020320
- stigid@rhel8: RHEL-08-010780
+ stigid@almalinux8: RHEL-08-010780
stigid@sle12: SLES-12-010690
stigid@sle15: SLES-15-040400
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
index c8132dc0..f62b5f5c 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
@@ -26,7 +26,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010260
- stigid@rhel8: RHEL-08-010260
+ stigid@almalinux8: RHEL-08-010260
stigid@ubuntu2004: UBTU-20-010417
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log", group=gid) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
index 0abe21a0..d39daeff 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
@@ -18,7 +18,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010230
- stigid@rhel8: RHEL-08-010230
+ stigid@almalinux8: RHEL-08-010230
ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
index 0d7118ea..4a544643 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
@@ -19,7 +19,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010250
- stigid@rhel8: RHEL-08-010250
+ stigid@almalinux8: RHEL-08-010250
stigid@ubuntu2004: UBTU-20-010418
ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
index f0d63e36..21c82f34 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
@@ -18,7 +18,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010220
- stigid@rhel8: RHEL-08-010220
+ stigid@almalinux8: RHEL-08-010220
ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
index 94d663b9..f57f0431 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
@@ -21,7 +21,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010240
- stigid@rhel8: RHEL-08-010240
+ stigid@almalinux8: RHEL-08-010240
stigid@ubuntu2004: UBTU-20-010419
ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log", perms="drwxr-xr-x") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
index d0cded9a..5125eb59 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
@@ -19,7 +19,7 @@ references:
disa: CCI-001314
srg: SRG-OS-000206-GPOS-00084
stigid@ol8: OL08-00-010210
- stigid@rhel8: RHEL-08-010210
+ stigid@almalinux8: RHEL-08-010210
ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
index e95ddbca..dfe92436 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Verify that Shared Library Directories Have Root Group Ownership'
@@ -39,7 +39,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010351
- stigid@rhel8: RHEL-08-010351
+ stigid@almalinux8: RHEL-08-010351
stigid@sle12: SLES-12-010876
stigid@sle15: SLES-15-010356
stigid@ubuntu2004: UBTU-20-010431
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
index c5d67497..1214cbbd 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
@@ -37,7 +37,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010341
- stigid@rhel8: RHEL-08-010341
+ stigid@almalinux8: RHEL-08-010341
stigid@sle12: SLES-12-010874
stigid@sle15: SLES-15-010354
stigid@ubuntu2004: UBTU-20-010429
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
index a0d49905..396f228e 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
DIRS="/lib /lib64 /usr/lib /usr/lib64"
for dirPath in $DIRS; do
find "$dirPath" -type d -exec chown root '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
index f366c2d7..e8291c26 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
groupadd nogroup
DIRS="/lib /lib64"
for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
index 68230eb4..d9808b10 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
nist: CM-5,CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010331
- stigid@rhel8: RHEL-08-010331
+ stigid@almalinux8: RHEL-08-010331
stigid@sle12: SLES-12-010872
stigid@sle15: SLES-15-010352
stigid@ubuntu2004: UBTU-20-010427
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
index 6e957c30..3743441b 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
DIRS="/lib /lib64 /usr/lib /usr/lib64"
for dirPath in $DIRS; do
find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
index 55ff9ceb..93e11a14 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
DIRS="/lib /lib64 /usr/lib /usr/lib64"
for dirPath in $DIRS; do
chmod -R 755 "$dirPath"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
index c2b5b6bf..c6d40fa0 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
DIRS="/lib /lib64"
for dirPath in $DIRS; do
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
index 40e6c42c..8634e33c 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
DIRS="/usr/lib /usr/lib64"
for dirPath in $DIRS; do
mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
index eec7485f..698722f7 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# reboot = false
# strategy = restrict
# complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
index e352dd34..dc8fa8b2 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
index 74da4ed6..7f8a97de 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Verify that system commands files are group owned by root or a system account'
@@ -45,7 +45,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010320
- stigid@rhel8: RHEL-08-010320
+ stigid@almalinux8: RHEL-08-010320
stigid@sle12: SLES-12-010882
stigid@sle15: SLES-15-010361
stigid@ubuntu2004: UBTU-20-010458
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
index 04178f48..ce116710 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
index 5471f360..1a2c2a9f 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
find /bin/ \
/usr/bin/ \
/usr/local/bin/ \
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
index 32b2d523..390c8254 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
@@ -43,7 +43,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010310
- stigid@rhel8: RHEL-08-010310
+ stigid@almalinux8: RHEL-08-010310
stigid@sle12: SLES-15-010879
stigid@sle15: SLES-15-010359
stigid@ubuntu2004: UBTU-20-010457
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
index bc1f3caf..e0bf781b 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010340
- stigid@rhel8: RHEL-08-010340
+ stigid@almalinux8: RHEL-08-010340
stigid@sle12: SLES-12-010873
stigid@sle15: SLES-15-010353
stigid@ubuntu2004: UBTU-20-010428
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
index 92c6a088..f5601ebd 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
index 84da71f4..f52ddfbb 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
useradd user_test
for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
index b6f16343..a6af7d5a 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner_within_dir.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
useradd user_test
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
index ed21ba99..b3c54c42 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_symlink.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
useradd user_test
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
index 33196965..b0572f9d 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = restrict
# complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
index ab89b277..f4a7c33a 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec"
for dirPath in $DIRS; do
find "$dirPath" -perm /022 -exec chmod go-w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
index aed33a49..50ceca9a 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
@@ -43,7 +43,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010300
- stigid@rhel8: RHEL-08-010300
+ stigid@almalinux8: RHEL-08-010300
stigid@sle12: SLES-12-010878
stigid@sle15: SLES-15-010358
stigid@ubuntu2004: UBTU-20-010456
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
index f497a602..26766e94 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
nist-csf: PR.AC-4,PR.DS-5
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010330
- stigid@rhel8: RHEL-08-010330
+ stigid@almalinux8: RHEL-08-010330
stigid@sle12: SLES-12-010871
stigid@sle15: SLES-15-010351
stigid@ubuntu2004: UBTU-20-010426
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
index ac901a98..18f41e0f 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: |-
Verify the system-wide library files in directories
@@ -43,7 +43,7 @@ references:
nist: CM-5(6),CM-5(6).1
srg: SRG-OS-000259-GPOS-00100
stigid@ol8: OL08-00-010350
- stigid@rhel8: RHEL-08-010350
+ stigid@almalinux8: RHEL-08-010350
stigid@sle12: SLES-12-010875
stigid@sle15: SLES-15-010355
stigid@ubuntu2004: UBTU-20-01430
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
index b0d59400..4a71eccd 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
index aa418754..ab7118f8 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
@@ -25,7 +25,7 @@ references:
nist: CM-6(a),AC-6(1)
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
stigid@ol8: OL08-00-010374
- stigid@rhel8: RHEL-08-010374
+ stigid@almalinux8: RHEL-08-010374
{{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}}
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
index 5ce0decb..b7a4243e 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
index 7e0d8540..65d3ec44 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
@@ -27,7 +27,7 @@ references:
nist: CM-6(a),AC-6(1)
srg: SRG-OS-000312-GPOS-00122,SRG-OS-000312-GPOS-00123,SRG-OS-000324-GPOS-00125
stigid@ol8: OL08-00-010373
- stigid@rhel8: RHEL-08-010373
+ stigid@almalinux8: RHEL-08-010373
{{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}}
diff --git a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
index 184a746f..0807776c 100644
--- a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
title: 'Assign Password to Prevent Changes to Boot Firmware Configuration'
diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
index 311ae83b..a11f1d66 100644
--- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel7,rhel8
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
title: 'Disable Booting from USB Devices in Boot Firmware'
diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
index f06e2476..5951a440 100644
--- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,fedora,rhcos4,rhel7,rhel8
+prodtype: alinux2,fedora,rhcos4,rhel7,rhel8,almalinux8
title: 'Disable Kernel Support for USB via Bootloader Configuration'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
index 44c5bffe..2eb544c7 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
index 6a44cf81..c94a7113 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
title: 'Disable Mounting of cramfs'
@@ -45,7 +45,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000095-GPOS-00049
stigid@ol8: OL08-00-040025
- stigid@rhel8: RHEL-08-040025
+ stigid@almalinux8: RHEL-08-040025
{{{ complete_ocil_entry_module_disable(module="cramfs") }}}
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
index f53ca7e3..7decd700 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
index 74729708..e8d687f5 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
title: 'Disable Mounting of freevxfs'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
index ef0e24a3..829121c2 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
index fd08e9fa..68318195 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
title: 'Disable Mounting of hfs'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
index a20bc997..8106f54c 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
index 74f69a23..ef0bdbc4 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
title: 'Disable Mounting of hfsplus'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
index 38f3af39..cddf456b 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
index 47df625c..d42fddd0 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
title: 'Disable Mounting of jffs2'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
index febfd573..e2f255a6 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos,multi_platform_ol
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
index bfbd077b..80c0f4da 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Disable Mounting of squashfs'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
index ba69e9bf..615e5db4 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
index 5e03e552..30a451df 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
+prodtype: alinux3,fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
title: 'Disable Mounting of udf'
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
index 32e39f20..a00da355 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
index 7b7fe43e..4804e461 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Disable Modprobe Loading of USB Storage Driver'
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-020100
stigid@ol8: OL08-00-040080
stigid@rhel7: RHEL-07-020100
- stigid@rhel8: RHEL-08-040080
+ stigid@almalinux8: RHEL-08-040080
stigid@sle12: SLES-12-010580
stigid@sle15: SLES-15-010480
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
index 2be4cc35..a50aa726 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
index f07a4256..fdd7afcb 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Disable Mounting of vFAT filesystems'
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
index 41352695..8b69802a 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
index c774309f..0cf69b2a 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,uos20
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,uos20
title: 'Disable the Automounter'
@@ -55,7 +55,7 @@ references:
stigid@ol7: OL07-00-020110
stigid@ol8: OL08-00-040070
stigid@rhel7: RHEL-07-020110
- stigid@rhel8: RHEL-08-040070
+ stigid@almalinux8: RHEL-08-040070
stigid@sle12: SLES-12-010590
stigid@sle15: SLES-15-010240
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
index 60aab47f..179414a7 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_efi_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
title: 'Add nosuid Option to /boot/efi'
@@ -27,7 +27,7 @@ references:
nist: CM-6(b),CM-6.1(iv)
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010572
- stigid@rhel8: RHEL-08-010572
+ stigid@almalinux8: RHEL-08-010572
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
index e7e5ef07..cfee0e0e 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Add noauto Option to /boot'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
index 9ea1c41e..32177918 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add nodev Option to /boot'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
index fab17c24..98a538d4 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Add noexec Option to /boot'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
index 41e3dbf4..28f1223f 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Add nosuid Option to /boot'
@@ -33,7 +33,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010571
- stigid@rhel8: RHEL-08-010571
+ stigid@almalinux8: RHEL-08-010571
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
index 54612dde..6d4891e8 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
@@ -44,7 +44,7 @@ references:
stigid@ol7: OL07-00-021022
stigid@ol8: OL08-00-040120
stigid@rhel7: RHEL-07-021024
- stigid@rhel8: RHEL-08-040120
+ stigid@almalinux8: RHEL-08-040120
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
index e857937b..497b0308 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
title: 'Add noexec Option to /dev/shm'
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-021024
stigid@ol8: OL08-00-040122
stigid@rhel7: RHEL-07-021024
- stigid@rhel8: RHEL-08-040122
+ stigid@almalinux8: RHEL-08-040122
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
index 9ab16ee2..b886996e 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
@@ -44,7 +44,7 @@ references:
stigid@ol7: OL07-00-021023
stigid@ol8: OL08-00-040121
stigid@rhel7: RHEL-07-021024
- stigid@rhel8: RHEL-08-040121
+ stigid@almalinux8: RHEL-08-040121
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
index 72ddb44c..3dc4c696 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
title: 'Add nodev Option to /home'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
index 87f38a62..91d4d3e0 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Add noexec Option to /home'
@@ -29,7 +29,7 @@ references:
nist: CM-6(b)
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010590
- stigid@rhel8: RHEL-08-010590
+ stigid@almalinux8: RHEL-08-010590
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
index 06f1aad1..3da48915 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
title: 'Add nosuid Option to /home'
@@ -40,7 +40,7 @@ references:
stigid@ol7: OL07-00-021000
stigid@ol8: OL08-00-010570
stigid@rhel7: RHEL-07-021000
- stigid@rhel8: RHEL-08-010570
+ stigid@almalinux8: RHEL-08-010570
stigid@sle12: SLES-12-010790
stigid@sle15: SLES-15-040140
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
index 06953551..f4c73964 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Add nodev Option to Non-Root Local Partitions'
@@ -46,7 +46,7 @@ references:
nist-csf: PR.IP-1,PR.PT-3
srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010580
- stigid@rhel8: RHEL-08-010580
+ stigid@almalinux8: RHEL-08-010580
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
index a1f12552..f9d0672a 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804
title: 'Add nodev Option to Removable Media Partitions'
@@ -43,7 +43,7 @@ references:
nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010600
- stigid@rhel8: RHEL-08-010600
+ stigid@almalinux8: RHEL-08-010600
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
index 3e22d3ab..c1384e43 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804
title: 'Add noexec Option to Removable Media Partitions'
@@ -40,7 +40,7 @@ references:
nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010610
- stigid@rhel8: RHEL-08-010610
+ stigid@almalinux8: RHEL-08-010610
ocil_clause: 'removable media partitions are present'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
index 79fd7fd9..7c965c9a 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804
title: 'Add nosuid Option to Removable Media Partitions'
@@ -46,7 +46,7 @@ references:
stigid@ol7: OL07-00-021010
stigid@ol8: OL08-00-010620
stigid@rhel7: RHEL-07-021010
- stigid@rhel8: RHEL-08-010620
+ stigid@almalinux8: RHEL-08-010620
stigid@sle12: SLES-12-010800
stigid@sle15: SLES-15-040150
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
index 307c0855..21d1a40c 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Add nosuid Option to /opt'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml
index 9d56bdd5..5116b247 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_proc_hidepid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
title: 'Add hidepid Option to /proc'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
index bdd13365..a8c8135b 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Add nosuid Option to /srv'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
index 79a19a8d..37c89c7c 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
title: 'Add nodev Option to /tmp'
@@ -43,7 +43,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040123
- stigid@rhel8: RHEL-08-040123
+ stigid@almalinux8: RHEL-08-040123
platform: machine and partition-tmp
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
index d3f6d617..ea398505 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Add noexec Option to /tmp'
@@ -42,7 +42,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040125
- stigid@rhel8: RHEL-08-040125
+ stigid@almalinux8: RHEL-08-040125
platform: machine and partition-tmp
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
index 10790dc9..2abc0c92 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
title: 'Add nosuid Option to /tmp'
@@ -43,7 +43,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040124
- stigid@rhel8: RHEL-08-040124
+ stigid@almalinux8: RHEL-08-040124
platform: machine and partition-tmp
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
index ff573f2b..77a92357 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add nodev Option to /var/log/audit'
@@ -33,7 +33,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040129
- stigid@rhel8: RHEL-08-040129
+ stigid@almalinux8: RHEL-08-040129
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
index f9c908f5..62dd6b84 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add noexec Option to /var/log/audit'
@@ -31,7 +31,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040131
- stigid@rhel8: RHEL-08-040131
+ stigid@almalinux8: RHEL-08-040131
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
index b3de16c3..c062662d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add nosuid Option to /var/log/audit'
@@ -32,7 +32,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040130
- stigid@rhel8: RHEL-08-040130
+ stigid@almalinux8: RHEL-08-040130
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
index 893e713b..9f4a8cfb 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add nodev Option to /var/log'
@@ -33,7 +33,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040126
- stigid@rhel8: RHEL-08-040126
+ stigid@almalinux8: RHEL-08-040126
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
index 632ec13e..2eaa685a 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add noexec Option to /var/log'
@@ -32,7 +32,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040128
- stigid@rhel8: RHEL-08-040128
+ stigid@almalinux8: RHEL-08-040128
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
index 98c7f99f..188618ae 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add nosuid Option to /var/log'
@@ -33,7 +33,7 @@ references:
nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040127
- stigid@rhel8: RHEL-08-040127
+ stigid@almalinux8: RHEL-08-040127
platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
index e5095b10..af75968b 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add nodev Option to /var'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
index 46e96325..92f5ed98 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Add noexec Option to /var'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
index 436aa48e..bfc23a6b 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Add nosuid Option to /var'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
index 59e39270..5c154d33 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# Delete particular /etc/fstab's row if /var/tmp is already configured to
# represent a mount point (for some device or filesystem other than /tmp)
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
index 05992df4..ddd97e10 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Bind Mount /var/tmp To /tmp'
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
index 741d0973..9141df71 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
title: 'Add nodev Option to /var/tmp'
@@ -36,7 +36,7 @@ references:
disa: CCI-001764
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040132
- stigid@rhel8: RHEL-08-040132
+ stigid@almalinux8: RHEL-08-040132
platforms:
- machine and partition-var-tmp
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
index dc00b2f2..d1949b4a 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
title: 'Add noexec Option to /var/tmp'
@@ -36,7 +36,7 @@ references:
disa: CCI-001764
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040134
- stigid@rhel8: RHEL-08-040134
+ stigid@almalinux8: RHEL-08-040134
platform: machine and partition-var-tmp
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
index f0c26b6d..fb806416 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
title: 'Add nosuid Option to /var/tmp'
@@ -36,7 +36,7 @@ references:
disa: CCI-001764
srg: SRG-OS-000368-GPOS-00154
stigid@ol8: OL08-00-040133
- stigid@rhel8: RHEL-08-040133
+ stigid@almalinux8: RHEL-08-040133
platform: machine and partition-var-tmp
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
index d9480227..554e34e0 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
index 2468662d..2567e57f 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
@@ -40,7 +40,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010675
- stigid@rhel8: RHEL-08-010675
+ stigid@almalinux8: RHEL-08-010675
ocil_clause: ProcessSizeMax is not set to zero
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
index d9480227..554e34e0 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
index 12c65804..a8e3bc3c 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
@@ -36,7 +36,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010674
- stigid@rhel8: RHEL-08-010674
+ stigid@almalinux8: RHEL-08-010674
ocil_clause: Storage is not set to none or is commented out and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core" item assigned
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
index e4cd7c96..7d53cfb5 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
SECURITY_LIMITS_FILE="/etc/security/limits.conf"
if grep -qE '^\s*\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
index 41cbd119..481afa58 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index c2c0f05d..0a64361e 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Disable Core Dumps for All Users'
@@ -40,7 +40,7 @@ references:
nist-csf: DE.CM-1,PR.DS-4
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010673
- stigid@rhel8: RHEL-08-010673
+ stigid@almalinux8: RHEL-08-010673
ocil_clause: 'the "core" item is missing, commented out, or the value is anything other than "0" and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement for all domains that have the "core"'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
index 61030d4d..cccba50f 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable acquiring, saving, and processing core dumps'
@@ -29,7 +29,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010672
- stigid@rhel8: RHEL-08-010672
+ stigid@almalinux8: RHEL-08-010672
ocil_clause: unit systemd-coredump.socket is not masked or running
diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
index a51038bb..13f289b8 100644
--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
+++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
{{{ bash_instantiate_variables("var_umask_for_daemons") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
index 6b2922e1..6cccb08a 100644
--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
title: 'Set Daemon Umask'
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
index 8e469834..4ca6792a 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Enable ExecShield via sysctl'
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
index 415b0486..02b1e991 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
index 367934b5..939da659 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
@@ -28,7 +28,7 @@ references:
nist: SC-30,SC-30(2),SC-30(5),CM-6(a)
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040283
- stigid@rhel8: RHEL-08-040283
+ stigid@almalinux8: RHEL-08-040283
stigid@sle12: SLES-12-030320
stigid@sle15: SLES-15-010540
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
index 70189666..22f9e966 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_1.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
index 209395fa..23cce30a 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/tests/value_2.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# Clean sysctl config directories
rm -rf /usr/lib/sysctl.d/* /run/sysctl.d/* /etc/sysctl.d/*
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
index 7a4c107b..22e20912 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
index ff42f7ef..f102d4e1 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-040201
stigid@ol8: OL08-00-010430
stigid@rhel7: RHEL-07-040201
- stigid@rhel8: RHEL-08-010430
+ stigid@almalinux8: RHEL-08-010430
stigid@sle12: SLES-12-030330
stigid@sle15: SLES-15-010550
stigid@ubuntu2004: UBTU-20-010448
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
index bcb6532d..0cec2d64 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Enable NX or XD Support in the BIOS'
@@ -37,7 +37,7 @@ references:
nist-csf: PR.IP-1
srg: SRG-OS-000433-GPOS-00192
stigid@ol8: OL08-00-010420
- stigid@rhel8: RHEL-08-010420
+ stigid@almalinux8: RHEL-08-010420
stigid@ubuntu2004: UBTU-20-010447
platform: machine
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
index 2df5dfbe..bfb97daf 100755
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# remediation = none
cp /proc/cpuinfo /tmp/cpuinfo
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
index 37f4870f..1d82fec3 100755
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# remediation = none
cp /proc/cpuinfo /tmp/cpuinfo
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
index 88ffe875..e0f80820 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15
title: 'Install PAE Kernel on Supported 32-bit x86 Systems'
diff --git a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
index 97274347..01eed550 100644
--- a/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/kernel_module_uvcvideo_disabled/rule.yml
@@ -20,7 +20,7 @@ references:
nist: CM-7 (a),CM-7 (5) (b)
srg: SRG-OS-000095-GPOS-00049,SRG-OS-000370-GPOS-00155
stigid@l8: OL08-00-040020
- stigid@rhel8: RHEL-08-040020
+ stigid@almalinux8: RHEL-08-040020
platform: machine
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
index b79d960b..801b745c 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Enable page allocator poisoning'
@@ -29,7 +29,7 @@ references:
nist: CM-6(a)
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010421
- stigid@rhel8: RHEL-08-010421
+ stigid@almalinux8: RHEL-08-010421
ocil_clause: 'page allocator poisoning is not enabled'
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
index c009e571..fe541f00 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Enable SLUB/SLAB allocator poisoning'
@@ -29,7 +29,7 @@ references:
nist: CM-6(a)
srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010423
- stigid@rhel8: RHEL-08-010423
+ stigid@almalinux8: RHEL-08-010423
ocil_clause: 'SLUB/SLAB poisoning is not enabled'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
index 88c68344..fa9b2020 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
index 771c4d40..3f8fac24 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable storing core dumps'
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010671
- stigid@rhel8: RHEL-08-010671
+ stigid@almalinux8: RHEL-08-010671
ocil_clause: 'the returned line does not have a value of "|/bin/false", or a line is not returned and the need for core dumps is not documented with the Information System Security Officer (ISSO) as an operational requirement'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
index 36e025cc..e97acde1 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
index a6f11a47..af443ff8 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Restrict Access to Kernel Message Buffer'
@@ -27,7 +27,7 @@ references:
nist: SI-11(a),SI-11(b)
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
stigid@ol8: OL08-00-010375
- stigid@rhel8: RHEL-08-010375
+ stigid@almalinux8: RHEL-08-010375
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
index 505b3c12..cdf18e6d 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
index 4e68361c..4147b304 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Disable Kernel Image Loading'
@@ -23,7 +23,7 @@ references:
nist: CM-6
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000366-GPOS-00153
stigid@ol8: OL08-00-010372
- stigid@rhel8: RHEL-08-010372
+ stigid@almalinux8: RHEL-08-010372
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
index 1722b937..03e919ac 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable loading and unloading of kernel modules'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
index 52456967..c4915c47 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Limit CPU consumption of the Perf system'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
index f78db1b0..53059efc 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Limit sampling frequency of the Perf system'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
index 0541e59a..50020c28 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
index 16d4b236..6aa5f470 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Disallow kernel profiling by unprivileged users'
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
stigid@ol8: OL08-00-010376
- stigid@rhel8: RHEL-08-010376
+ stigid@almalinux8: RHEL-08-010376
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
index 4299f35b..56bb333d 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Configure maximum number of process identifiers'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
index f17eeb7a..31e51854 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disallow magic SysRq key'
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
index 2e24d921..7b706bb3 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
index 9e5920b0..19bcb104 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes'
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040281
- stigid@rhel8: RHEL-08-040281
+ stigid@almalinux8: RHEL-08-040281
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
index ceafd483..7006e206 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
index 7902e247..540aff8b 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Restrict usage of ptrace to descendant processes'
@@ -26,7 +26,7 @@ references:
nist: SC-7(10)
srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040282
- stigid@rhel8: RHEL-08-040282
+ stigid@almalinux8: RHEL-08-040282
{{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
index 7519b774..af6c30ab 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
index 1c1907f0..ffe602a1 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Harden the operation of the BPF just-in-time compiler'
@@ -24,7 +24,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040286
- stigid@rhel8: RHEL-08-040286
+ stigid@almalinux8: RHEL-08-040286
{{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
index fdd4fb83..3274d5b3 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
@@ -1,5 +1,5 @@
---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
apiVersion: machineconfiguration.openshift.io/v1
kind: MachineConfig
spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
index 2932ebe2..ca071eaf 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,ol9,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,ol9,rhcos4,rhel8,almalinux8,rhel9
title: 'Disable the use of user namespaces'
@@ -35,7 +35,7 @@ references:
ospp: FMT_SMF_EXT.1
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-040284
- stigid@rhel8: RHEL-08-040284
+ stigid@almalinux8: RHEL-08-040284
ocil: |
Verify that {{{ full_name }}} disables the use of user namespaces with the following commands:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
index 93a11ee5..61e87801 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Prevent applications from mapping low portion of virtual memory'
diff --git a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
index 352e1c4e..5b4baa10 100644
--- a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
+++ b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Ensure SELinux Not Disabled in the kernel arguments'
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
index e9ff094d..f0a8bcdb 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
index 735354a2..0c13b196 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
index 173fcf3f..a9d3e21f 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Ensure SELinux Not Disabled in /etc/default/grub'
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
index 6a76f919..0df33cd3 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Install libselinux Package'
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
index ea0437f5..8759a6ce 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/custom-package-removed.fail.sh
@@ -1,5 +1,5 @@
#!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
# Package libselinux cannot be uninstalled normally
# as it would cause removal of sudo package which is
diff --git a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
index 88d890f4..d8830ab2 100644
--- a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,rhel7,rhel8,rhel9,sle15
+prodtype: alinux2,alinux3,fedora,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Uninstall mcstrans Package'
diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
index eb5f39b4..caa6811b 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,ol9,rhel8,rhel9
+prodtype: ol8,ol9,rhel8,almalinux8,rhel9
title: 'Install policycoreutils-python-utils package'
diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
index b17c711e..0aeaf8e3 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Install policycoreutils Package'
@@ -32,7 +32,7 @@ references:
disa: CCI-001084
srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
stigid@ol8: OL08-00-010171
- stigid@rhel8: RHEL-08-010171
+ stigid@almalinux8: RHEL-08-010171
ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
index d20c1116..78446be3 100644
--- a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Uninstall setroubleshoot-plugins Package'
diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
index c5fec06d..ff4e6b57 100644
--- a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
title: 'Uninstall setroubleshoot-server Package'
diff --git a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
index 04ee5b2b..6264467a 100644
--- a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Uninstall setroubleshoot Package'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
index 73493cc1..930e0871 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4
title: 'Disable the abrt_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
index c7ac3bd2..43464994 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4
title: 'Disable the abrt_handle_event SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
index a05ef583..fa0c94ca 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4
title: 'Disable the abrt_upload_watch_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
index 9059fdf0..2f1dd2ed 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the antivirus_can_scan_system SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
index ebbce6ed..fec2f5d6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the antivirus_use_jit SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
index ad4e91f5..89a9cf9d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the auditadm_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
index 1de5f715..c45f45d5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the authlogin_nsswitch_use_ldap SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
index 57cb33c8..00e5d2e7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the authlogin_radius SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
index fc7a5770..b937eb9a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the authlogin_yubikey SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
index e6c6bbe3..b3411ada 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the awstats_purge_apache_log_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
index 8cba7a6c..e6fe999d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the boinc_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
index 6d1ab1fb..b657ac12 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cdrecord_read_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
index d38be936..09cc2e6e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cluster_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
index a6558b75..acb9fd61 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cluster_manage_all_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
index 4dba59fc..8d2948e6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cluster_use_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
index 9c405241..11375b94 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cobbler_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
index 96c0e256..08ea062a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cobbler_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
index 93bdc97c..3b2b401d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cobbler_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
index a7d6e9e7..02a7c4db 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cobbler_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
index d2c8b686..f9c7e326 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the collectd_tcp_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
index 1f560285..38809dd3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the condor_tcp_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
index c880bf74..cc1d9b92 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the conman_can_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
index e9051bb9..e4bd1074 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the container_connect_any SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
index f01af3d6..44e26012 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the cron_can_relabel SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
index c1d20f8e..7888d3a9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the cron_system_cronjob_use_shares SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
index f4daf0a6..a10e7531 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the cron_userdomain_transition SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
index d1d7ded6..4fb4bf2c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cups_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
index af5727d6..6cae839d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the cvs_read_shadow SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
index e2f136bf..2cd35d86 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the daemons_dump_core SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
index 07ef4320..0a1a11d7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the daemons_enable_cluster_mode SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
index f8442291..27257edf 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the daemons_use_tcp_wrapper SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
index 02622dcd..b1194c39 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the daemons_use_tty SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
index c75cce8a..cb56c79e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the dbadm_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
index 2b9a11ba..3e1236fb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the dbadm_manage_user_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
index 707d7113..82b8a228 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the dbadm_read_user_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
index 04d2464c..220db561 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the deny_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
index 89693152..c6564ac4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the deny_ptrace SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
index 9b4bfe10..d648713f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the dhcpc_exec_iptables SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
index 75f044c4..c2cec43e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the dhcpd_use_ldap SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
index 5afdc364..b02f2c50 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the domain_fd_use SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
index 90f835f0..8774054c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the domain_kernel_load_modules SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
index 2c75b117..a87eabb4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the entropyd_use_audio SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
index 12305e08..3d287f7c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the exim_can_connect_db SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
index 2d54130d..3c3d3645 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the exim_manage_user_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
index b240c116..93ecd94c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the exim_read_user_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
index 9b3cf756..f8ea2f6c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the fcron_crond SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
index 1f71bedb..3316263f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the fenced_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
index cac41de7..96edf0ff 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the fenced_can_ssh SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
index 57686707..4728a291 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the fips_mode SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
index dbf31b53..2b2f5bc3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
index 579ac3f5..7ebfb8bd 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_connect_all_unreserved SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
index f2d973ba..b473ef96 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_connect_db SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
index cf9e7826..017cfec4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_full_access SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
index 14b1f752..73153bbf 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
index 6cb9d9df..896fb999 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_use_fusefs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
index 4035d4f8..e9e734e1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
index c1236064..f2276697 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ftpd_use_passive_mode SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
index 47e9b420..86d7f819 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_cgi_enable_homedirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
index ca5a2bcd..cc91e16f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_cgi_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
index f8b5c912..cee5cb7a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_cgi_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
index 8dffa1dd..855a231f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_session_bind_all_unreserved_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
index f4dca61a..7c8c3dd2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_session_users SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
index 170fcfdf..31ad34ce 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_system_enable_homedirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
index c46e622e..8935f832 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_system_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
index b149744b..4006fe66 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the git_system_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
index 2fa3db75..dba2c36f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the gitosis_can_sendmail SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
index f8324918..790d5167 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the glance_api_can_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
index ee835d3e..24ee3fae 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the glance_use_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
index 70546358..3146c801 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the glance_use_fusefs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
index 12cb7bdc..ec058a02 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the global_ssp SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
index 19903fc9..31bf578d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the gluster_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
index c586752c..3eac3ab0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the gluster_export_all_ro SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
index 953d6f51..445c6f2a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Configure the gluster_export_all_rw SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
index d5d68c10..d21a0ec4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the gpg_web_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
index 9cf94d26..fe53e4a3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the gssd_read_tmp SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
index d889a510..2d433266 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the guest_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
index f5e5a38e..f96727ff 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the haproxy_connect_any SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
index 7ac8bcac..8717ac94 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
index 9d1fbe43..e2eef2ad 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Configure the httpd_builtin_scripting SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
index f08b0711..4c2f3603 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_check_spam SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
index 6511bfe2..6f07db4d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_connect_ftp SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
index 9d088182..5f01b615 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_connect_ldap SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
index fe8400ee..c292070a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_connect_mythtv SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
index d8282606..3d80037c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_connect_zabbix SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
index 51f2d075..ea465e8c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
index 04ffe7de..d45f0d7d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_network_connect_cobbler SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
index 38b2cbfe..2b40a15c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_network_connect_db SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
index d844dcdb..d45a0031 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_network_memcache SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
index bff3c8ce..8dad299f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_network_relay SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
index 8d73dd26..3582c1a4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_can_sendmail SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
index 3cfbca8a..de20f874 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_dbus_avahi SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
index da62291c..398bc8c7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_dbus_sssd SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
index dc9651f9..2fec140e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_dontaudit_search_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
index 63eb6e1e..21df0707 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Configure the httpd_enable_cgi SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
index 677ed3ce..4f1a4791 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_enable_ftp_server SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
index a2b05231..c0d75670 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_enable_homedirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
index ee05eba7..bf3793e5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
index b5a42076..fd15c031 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the httpd_graceful_shutdown SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
index d8453a7d..5fcb23b5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_manage_ipa SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
index 0b2ad316..3347f027 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
index eaf8ea4d..2adfa1ac 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_mod_auth_pam SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
index e258ff54..cf04e5bb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_read_user_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
index d8b3f4e6..c17c8a97 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_run_ipa SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
index 413472cb..f96365f8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_run_preupgrade SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
index 4cc54284..3c320028 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_run_stickshift SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
index 27a979c8..6200f0a0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_serve_cobbler_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
index e09231f7..08f76037 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_setrlimit SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
index 81ee3798..c00302d0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_ssi_exec SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
index 61140b8d..16585685 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_sys_script_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
index ad6c2ea7..c8a12f68 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_tmp_exec SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
index 12b4dcc1..04841fb3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_tty_comm SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
index ffcda8a2..364640ad 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_unified SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
index 4a5c7bdc..88d0bf75 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
index 79c4149f..3df100b7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_use_fusefs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
index d022811e..1e157cfa 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_use_gpg SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
index 4080ca05..b872c1a8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
index dbbb07cf..d0477e44 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_use_openstack SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
index fe0840e2..f88ad485 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_use_sasl SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
index 61def0aa..6bfb1a2c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the httpd_verify_dns SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
index 724cbbce..97bd40b0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the icecast_use_any_tcp_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
index a7da73c3..66621010 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the irc_use_any_tcp_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
index d82f9ff2..d14ca236 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the irssi_use_full_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
index fdb0a982..4573675c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the kdumpgui_run_bootloader SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
index 37235acc..b97790cc 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the kerberos_enabled SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
index eb32deaf..48b83090 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ksmtuned_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
index 86376cba..74e8dfb6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the ksmtuned_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
index 5b5dd95a..d43a379c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the logadm_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
index b515961c..a159839a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the logging_syslogd_can_sendmail SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
index 3c520540..6acdf661 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the logging_syslogd_run_nagios_plugins SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
index 7b90abe8..68a43994 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the logging_syslogd_use_tty SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
index 3112822f..ea43946d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the login_console_enabled SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
index 8e327772..e5b4122d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the logrotate_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
index d5e181b9..5da3e9c0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the logwatch_can_network_connect_mail SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
index 4d3c7838..32b05be7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the lsmd_plugin_connect_any SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
index 6dfb2e01..5eb9727d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mailman_use_fusefs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
index d235fe6f..95b28e43 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mcelog_client SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
index 46c9d61a..706520e3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the mcelog_exec_scripts SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
index 80757940..86ada5a3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mcelog_foreground SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
index 48cc45cb..8a59bf4c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mcelog_server SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
index 040edc1f..068785b4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the minidlna_read_generic_user_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
index 9429d943..f7ff9e50 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the mmap_low_allowed SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
index 7f95fd02..e141cd1e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the mock_enable_homedirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
index 3fa8cfdf..e0c3580d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the mount_anyfile SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
index a461e301..5a57d162 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
index b544dd12..17206906 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mozilla_plugin_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
index 878c10bd..69c810a9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mozilla_plugin_use_bluejeans SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
index eba60ff3..66ab4c43 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mozilla_plugin_use_gps SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
index a5655a34..ba398fec 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mozilla_plugin_use_spice SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
index 8d8407db..b56b3b40 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mozilla_read_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
index db538e06..7c6f98ea 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mpd_enable_homedirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
index 5bff3c99..d359d281 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mpd_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
index 97140465..a4af6e2d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mpd_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
index bb5e5948..a412fc8b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mplayer_execstack SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
index 98a1ebcf..cce1c87e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the mysql_connect_any SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
index 70347807..2d91a12f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the nagios_run_pnp4nagios SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
index 489a099a..7d208a85 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the nagios_run_sudo SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
index a51fbbea..1f31780a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the named_tcp_bind_http_port SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
index c9d54a98..b4bb8d07 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the named_write_master_zones SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
index b543c733..3df85ab6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the neutron_can_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
index c0718a62..4ade28e7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the nfs_export_all_ro SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
index 0355bad7..7d4a3dfc 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the nfs_export_all_rw SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
index 8d21a80b..0b0a2ee5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the nfsd_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
index 9ae527ee..b9324567 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the nis_enabled SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
index 2223ef84..abb41046 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the nscd_use_shm SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
index 1c4fa8c1..9c06f296 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the openshift_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
index affa929a..b0ba05f1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the openvpn_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
index 425be626..20e4922a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the openvpn_enable_homedirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
index 8ebfe542..04fcdf6d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the openvpn_run_unconfined SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
index c1a13523..fe23e776 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the pcp_bind_all_unreserved_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
index 9f902520..a76d4523 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the pcp_read_generic_logs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
index bf1ea51c..3c76e1fc 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the piranha_lvs_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
index 7e628966..82442a13 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the polipo_connect_all_unreserved SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
index fa974402..39da107d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
index f2f93ba3..2993b2f9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the polipo_session_users SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
index 0f0fe5d6..bd263df1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the polipo_use_cifs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
index 1c1d302e..7353b3ab 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the polipo_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
index 29bba145..72b265f5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Disable the polyinstantiation_enabled SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
index 1c061280..f607bdc2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the postfix_local_write_mail_spool SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
index 2d4f2e59..dcfcc5b4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the postgresql_can_rsync SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
index f7fdf042..e2bde893 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the postgresql_selinux_transmit_client_label SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
index e4e888a8..0935fa0f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
index 215daf93..c8f70c02 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the postgresql_selinux_users_ddl SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
index 9ff99173..6e8c37d1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the pppd_can_insmod SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
index ef5d648f..a3f5a525 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the pppd_for_user SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
index b9f04990..320d69e0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the privoxy_connect_any SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
index ec8fa105..3f3d870e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the prosody_bind_http_port SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
index ce7bc2f5..f1b87a1d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the puppetagent_manage_all_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
index 894fed16..7f85d5e0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the puppetmaster_use_db SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
index 2cae0d28..4120691c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the racoon_read_shadow SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
index 8720c030..614c4e60 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the rsync_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
index 58878837..5ea8dc21 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the rsync_client SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
index 154646cf..4aec9d3e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the rsync_export_all_ro SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
index 832dfa25..2de80cb7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the rsync_full_access SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
index 85b65a88..207d77e8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_create_home_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
index c67f1f86..8cd0f5e0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_domain_controller SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
index 1698ed1d..90798fe7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_enable_home_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
index 9a21f5f6..b3efb3e9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_export_all_ro SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
index fd52c836..49a8ec85 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_export_all_rw SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
index 826beddf..5a08118e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_load_libgfapi SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
index d901e686..9073796e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_portmapper SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
index c409c6bb..9729d7fa 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_run_unconfined SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
index cc2efcfb..707659d6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_share_fusefs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
index 085f7118..0230e13e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the samba_share_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
index 07428064..aa479f16 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the sanlock_use_fusefs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
index c1a64ba8..550a22a0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the sanlock_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
index c413f111..6b4110bf 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the sanlock_use_samba SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
index f0d4bbc9..def16a42 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the saslauthd_read_shadow SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
index d781baab..69b4ab65 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the secadm_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
index 36c8756d..20316bce 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the secure_mode SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
index 428bb90b..5416bfa6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the secure_mode_insmod SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
index 062b9686..f46ca75e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the secure_mode_policyload SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
index 7e58c5f2..589e30e4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Configure the selinuxuser_direct_dri_enabled SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
index dd87bfe5..313e4ef6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Disable the selinuxuser_execheap SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
index 26617b23..85eef9d2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Enable the selinuxuser_execmod SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
index 4a78c892..13b80855 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'disable the selinuxuser_execstack SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
index 88a2a92d..3cdf3685 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the selinuxuser_mysql_connect_enabled SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
index 79b96246..05a7d02c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the selinuxuser_ping SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
index 6d70e9d5..0f9bbc68 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
index 7092bbff..dd087754 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the selinuxuser_rw_noexattrfile SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
index fb492e6d..38bed7a6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the selinuxuser_share_music SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
index 3dcf7544..9fea8784 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the selinuxuser_tcp_server SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
index 89bb3dc5..2bc5697c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the selinuxuser_udp_server SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
index 518bd174..f2d8bbc1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the selinuxuser_use_ssh_chroot SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
index 17054b75..da8b92c6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the sge_domain_can_network_connect SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
index df44870b..1ad1905a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the sge_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
index 03a20026..8496b412 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the smartmon_3ware SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
index a597045a..b9f168ca 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the smbd_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
index 04514bde..570b320f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the spamassassin_can_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
index 3f743cbf..32ec94a0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the spamd_enable_home_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
index ec5c45e7..6345f86a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the squid_connect_any SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
index dd156deb..e39be3fd 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the squid_use_tproxy SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
index df38b35f..2f519896 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the ssh_chroot_rw_homedirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
index 60b99ed0..30eb252c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the ssh_keysign SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
index b92dd7c1..d76e81f3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the ssh_sysadm_login SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
index 2292c61e..844c4018 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the staff_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
index 4cb6582d..83c50aef 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the staff_use_svirt SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
index 60ac4523..5bea5bed 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the swift_can_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
index 0fc83bc1..8d996d40 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the sysadm_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
index d4d469d2..4ecc3659 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the telepathy_connect_all_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
index 1321809a..24257e70 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
index 7d8a2cc2..a9448683 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the tftp_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
index 9b553ff7..e3b67bd5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the tftp_home_dir SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
index 1d6ea593..fe961347 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the tmpreaper_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
index 0981d8bb..768670d4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the tmpreaper_use_samba SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
index df86f451..8f307e56 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the tor_bind_all_unreserved_ports SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
index 86e08e38..7e863ca9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the tor_can_network_relay SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
index f0556d17..b6c44d72 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the unconfined_chrome_sandbox_transition SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
index 839767ab..c19863dc 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the unconfined_login SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
index d8f69ced..45d778d2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the unconfined_mozilla_plugin_transition SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
index b9ea2bbe..cda7f281 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the unprivuser_use_svirt SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
index 74b827fc..42e7272a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the use_ecryptfs_home_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
index 0b74be73..fde9d57e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the use_fusefs_home_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
index ec79d2ec..dd36abc1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the use_lpd_server SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
index fdfad24e..8708942e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the use_nfs_home_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
index 4da19ea4..32b01588 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the use_samba_home_dirs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
index 2ba42daf..84cbc6cc 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Enable the user_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
index 0b2097dc..0619143c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the varnishd_connect_any SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
index 7899bd3b..f7a88517 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_read_qemu_ga_data SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
index 822b9894..8f57e4e5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_rw_qemu_ga_data SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
index df5c0c82..559cd12b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_sandbox_use_all_caps SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
index f0009fe4..df761480 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the virt_sandbox_use_audit SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
index 03b024c0..7689f05a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_sandbox_use_mknod SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
index 1891511d..3b80c5e8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_sandbox_use_netlink SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
index b7fcd58a..a1577449 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_sandbox_use_sys_admin SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
index 3a54abbb..25d71216 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_transition_userdomain SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
index bef0f9a8..901dc85e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_comm SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
index b4c890c4..baa86e1b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
index f92f814f..1ef74b8a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_fusefs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
index 7db9e5b3..1e0cd0f5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
index ea059d54..23c6e632 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_rawip SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
index bd6cccac..b664f299 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_samba SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
index 7db733fe..9707ac1c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_sanlock SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
index bc2e3350..cb103a38 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_usb SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
index 8420fe49..ed9094f4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the virt_use_xserver SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
index 3d69f6b2..bf19fbb8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the webadm_manage_user_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
index c8859dd0..e0d5a9d1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the webadm_read_user_files SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
index 46ea5e90..f9940356 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the wine_mmap_zero_ignore SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
index 456b95fa..6efc0b8c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xdm_bind_vnc_tcp_port SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
index 0e2d6630..f71120b8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xdm_exec_bootloader SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
index 5c798324..f30ee9fb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xdm_sysadm_login SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
index 1231f32f..97eb45c8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xdm_write_home SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
index 38ff90e0..c6fd91eb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the xen_use_nfs SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
index 9bd43515..8971006b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the xend_run_blktap SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
index 1faef3c8..42a5a4f6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Enable the xend_run_qemu SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
index 13fc1d0a..32949b27 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xguest_connect_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
index fa2c6693..254d4034 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xguest_exec_content SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
index 59420f0a..af83cc61 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xguest_mount_media SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
index 7052e987..4cf57951 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xguest_use_bluetooth SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
index aca077be..e8efed4b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xserver_clients_write_xshm SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
index 393ec2b3..91d24bcd 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xserver_execmem SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
index 6f9a0de7..fead3a0e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Disable the xserver_object_manager SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
index f48eccf1..ce7b6cac 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the zabbix_can_network SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
index 4775f929..28113c1f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the zarafa_setrlimit SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
index ede5e2a4..0159cace 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the zebra_write_config SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
index f97013e6..ad916ea1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the zoneminder_anon_write SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
index dc7b1290..9596c2d5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
title: 'Disable the zoneminder_run_sudo SELinux Boolean'
diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
index 7065c1eb..b1d38588 100644
--- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Ensure No Device Files are Unlabeled by SELinux'
diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
index 3345de71..f3bcf7a5 100644
--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Ensure No Daemons are Unconfined by SELinux'
diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
index fa39b8af..33e2978d 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
index 0b33e576..c9b647b8 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
+++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
index cf0c65d9..e1fb50b4 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
title: 'Configure SELinux Policy'
@@ -55,7 +55,7 @@ references:
stigid@ol7: OL07-00-020220
stigid@ol8: OL08-00-010450
stigid@rhel7: RHEL-07-020220
- stigid@rhel8: RHEL-08-010450
+ stigid@almalinux8: RHEL-08-010450
vmmsrg: SRG-OS-000445-VMM-001780
ocil_clause: 'SELINUXTYPE is set to the wrong value'
diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
index 1c1560a8..fc86b614 100644
--- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = false
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
index 10ecee50..3d3098f4 100644
--- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
+++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
# reboot = true
# strategy = restrict
# complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
index ac52210f..9f982e10 100644
--- a/linux_os/guide/system/selinux/selinux_state/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-020210
stigid@ol8: OL08-00-010170
stigid@rhel7: RHEL-07-020210
- stigid@rhel8: RHEL-08-010170
+ stigid@almalinux8: RHEL-08-010170
vsrg: SRG-OS-000445-VMM-001780
ocil_clause: 'SELINUX is not set to enforcing'
diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
index 053d4341..f130f2c3 100644
--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
title: 'Map System Users To The Appropriate SELinux Role'
diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
index 8e4dbeba..e6d14eb4 100644
--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
title: 'Encrypt Partitions'
@@ -74,7 +74,7 @@ references:
nist@sle15: SC-28,SC-28.1
srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183
stigid@ol8: OL08-00-010030
- stigid@rhel8: RHEL-08-010030
+ stigid@almalinux8: RHEL-08-010030
stigid@sle12: SLES-12-010450
stigid@sle15: SLES-15-010330
stigid@ubuntu2004: UBTU-20-010414
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
index be86d043..f420ac86 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15
title: 'Ensure /boot Located On Separate Partition'
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
index 8449b15a..8b53df03 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
@@ -45,7 +45,7 @@ references:
stigid@ol7: OL07-00-021310
stigid@ol8: OL08-00-010800
stigid@rhel7: RHEL-07-021310
- stigid@rhel8: RHEL-08-010800
+ stigid@almalinux8: RHEL-08-010800
stigid@sle12: SLES-12-010850
stigid@sle15: SLES-15-040200
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
index cef52e21..01488f38 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15
title: 'Ensure /opt Located On Separate Partition'
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
index 5269a2db..292d2b66 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
@@ -42,7 +42,7 @@ references:
stigid@ol7: OL07-00-021340
stigid@ol8: OL08-00-010543
stigid@rhel7: RHEL-07-021340
- stigid@rhel8: RHEL-08-010543
+ stigid@almalinux8: RHEL-08-010543
{{{ complete_ocil_entry_separate_partition(part="/tmp") }}}
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
index f40201b2..bb043b8c 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15
title: 'Ensure /usr Located On Separate Partition'
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
index 892793d9..5541af38 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
@@ -44,7 +44,7 @@ references:
stigid@ol7: OL07-00-021320
stigid@ol8: OL08-00-010540
stigid@rhel7: RHEL-07-021320
- stigid@rhel8: RHEL-08-010540
+ stigid@almalinux8: RHEL-08-010540
stigid@sle12: SLES-12-010860
stigid@sle15: SLES-15-040210
vmmsrg: SRG-OS-000341-VMM-001220
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
index e18600d9..fd207c77 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
@@ -42,7 +42,7 @@ references:
nist-csf: PR.PT-1,PR.PT-4
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010541
- stigid@rhel8: RHEL-08-010541
+ stigid@almalinux8: RHEL-08-010541
{{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
index 5ce5f590..69f028d0 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
@@ -50,7 +50,7 @@ references:
stigid@ol7: OL07-00-021330
stigid@ol8: OL08-00-010542
stigid@rhel7: RHEL-07-021330
- stigid@rhel8: RHEL-08-010542
+ stigid@almalinux8: RHEL-08-010542
stigid@sle12: SLES-12-010870
stigid@sle15: SLES-15-030810
vmmsrg: SRG-OS-000341-VMM-001220
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
index cd5b4b46..21206ad4 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
+prodtype: alinux2,alinux3,ol7,ol8,ol9,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
title: 'Ensure /var/tmp Located On Separate Partition'
@@ -36,7 +36,7 @@ references:
cis@ubuntu2004: 1.1.11
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-010544
- stigid@rhel8: RHEL-08-010544
+ stigid@almalinux8: RHEL-08-010544
{{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
index d24ad613..78e4f65c 100644
--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
dconf update
diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
index dae8d1ca..3f63eddb 100644
--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles'
diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
index ffde0523..c56b91c0 100644
--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
+++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Configure GNOME3 DConf User Profile'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
index c3baa1b8..be83f158 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
index 3165c09f..f2135e0b 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable the GNOME3 Login Restart and Shutdown Buttons'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
index ca6beab0..8e18147d 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
index 6d90e7be..fcb24539 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
title: 'Disable the GNOME3 Login User List'
@@ -38,7 +38,7 @@ references:
nist: CM-6(a),AC-23
srg: SRG-OS-000480-GPOS-00227
stigid@ol8: OL08-00-020032
- stigid@rhel8: RHEL-08-020032
+ stigid@almalinux8: RHEL-08-020032
ocil_clause: 'disable-user-list has not been configured or is not disabled'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
index f5d68f1c..91f02c0d 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
index 0e5f2217..00c88f4e 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Enable the GNOME3 Login Smartcard Authentication'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
index 9842d13b..288731d5 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
title: 'Enable the GNOME3 Screen Locking On Smartcard Removal'
@@ -33,7 +33,7 @@ references:
disa: CCI-000056,CCI-000058
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol8: OL08-00-020050
- stigid@rhel8: RHEL-08-020050
+ stigid@almalinux8: RHEL-08-020050
ocil_clause: 'removal-action has not been configured'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
index 45e6c24a..e06d9600 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
index baf8f8a1..6bede2b8 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Set the GNOME3 Login Number of Failures'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
index 6b19c813..1f656f5a 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
index 7005c4fe..c8a6fd82 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable GDM Automatic Login'
@@ -39,7 +39,7 @@ references:
stigid@ol7: OL07-00-010440
stigid@ol8: OL08-00-010820
stigid@rhel7: RHEL-07-010440
- stigid@rhel8: RHEL-08-010820
+ stigid@almalinux8: RHEL-08-010820
ocil_clause: 'GDM allows users to automatically login'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
index ef2933c5..0d72f6f6 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
index 0fa83b26..4264c888 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
if rpm --quiet -q gdm
then
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
index 2d7584c3..b260701c 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
title: 'Disable GDM Guest Login'
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
index 0ca67c74..332a5018 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
index 60417ff4..0af05e79 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
index 298e0888..53815da0 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable GNOME3 Automounting'
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
index ac168ef9..69ecfa6a 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
index ed2f2a93..90387377 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable GNOME3 Automount Opening'
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
index 51e4063c..3591b726 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
index 82ba66e8..a1025daf 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable GNOME3 Automount running'
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
index 33460b61..04074e66 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
index 0ed279aa..9b140e2e 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable All GNOME3 Thumbnailers'
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
index 4e389aa5..254db9bf 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
index 87f7c6e9..dc246f70 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable WIFI Network Connection Creation in GNOME3'
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
index c3922e5b..40515598 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
index af8909aa..b6b3ba0b 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable WIFI Network Notification in GNOME3'
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
index 09eed836..601191b4 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
index cdf4c645..d27c6c8e 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Require Credential Prompting for Remote Access in GNOME3'
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
index bf1efbe6..efa5b96a 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
index fd5f0a6d..af0de315 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Require Encryption for Remote Access in GNOME3'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
index f7c7b437..95781d5a 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
index 5c131548..9ea4dce0 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
title: 'Enable GNOME3 Screensaver Idle Activation'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
index d3f144c8..ae170b80 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
index b94df803..aaa45d94 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Ensure Users Cannot Change GNOME3 Screensaver Idle Activation'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
index 5b08acff..d1af90b1 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
index 48b0d38d..a671a03c 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Set GNOME3 Screensaver Inactivity Timeout'
@@ -49,7 +49,7 @@ references:
stigid@ol7: OL07-00-010070
stigid@ol8: OL08-00-020060
stigid@rhel7: RHEL-07-010070
- stigid@rhel8: RHEL-08-020060
+ stigid@almalinux8: RHEL-08-020060
stigid@sle12: SLES-12-010080
stigid@sle15: SLES-15-010120
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
index 9d034e51..2c45806b 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
index 3d1bb623..20740bb0 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Set GNOME3 Screensaver Lock Delay After Activation Period'
@@ -40,7 +40,7 @@ references:
stigid@ol7: OL07-00-010110
stigid@ol8: OL08-00-020031
stigid@rhel7: RHEL-07-010110
- stigid@rhel8: RHEL-08-020031
+ stigid@almalinux8: RHEL-08-020031
ocil_clause: 'the screensaver lock delay is missing, or is set to a value greater than {{{ xccdf_value("var_screensaver_lock_delay") }}}'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
index d04e6893..5b9cba00 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
index 070cd4d6..d1c61f55 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
title: 'Enable GNOME3 Screensaver Lock After Idle Period'
@@ -56,7 +56,7 @@ references:
stigid@ol7: OL07-00-010060
stigid@ol8: OL08-00-020030
stigid@rhel7: RHEL-07-010060
- stigid@rhel8: RHEL-08-020030
+ stigid@almalinux8: RHEL-08-020030
stigid@sle12: SLES-12-010060
stigid@sle15: SLES-15-010100
stigid@ubuntu2004: UBTU-20-010004
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
index 34ff91ab..875abf68 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
index 24b7466a..43bf5b6e 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period'
@@ -39,7 +39,7 @@ references:
srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
stigid@ol7: OL07-00-010062
stigid@rhel7: RHEL-07-010062
- stigid@rhel8: RHEL-08-020082
+ stigid@almalinux8: RHEL-08-020082
ocil_clause: 'screensaver locking is not locked'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
index 4dbe2b3c..7313b6bc 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
index 5d141635..a3cbdbec 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
title: 'Implement Blank Screensaver'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
index 606e00c5..792db4ca 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
index 9f86c7ed..556d1227 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable Full User Name on Splash Shield'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
index ed7d9884..a41cb715 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
index 6f243a6f..9254247a 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings'
@@ -41,7 +41,7 @@ references:
stigid@ol7: OL07-00-010081
stigid@ol8: OL08-00-020080
stigid@rhel7: RHEL-07-010081
- stigid@rhel8: RHEL-08-020080
+ stigid@almalinux8: RHEL-08-020080
ocil_clause: 'GNOME3 session settings are not locked or configured properly'
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
index aae97c96..18c7ec75 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
index 433bc2eb..1925f52f 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings'
@@ -41,7 +41,7 @@ references:
stigid@ol7: OL07-00-010082
stigid@ol8: OL08-00-020081
stigid@rhel7: RHEL-07-010082
- stigid@rhel8: RHEL-08-020081
+ stigid@almalinux8: RHEL-08-020081
ocil_clause: 'idle-delay is not locked'
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
index 76181547..eb340cb5 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
index 6ac890aa..4d5fab22 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
title: 'Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3'
@@ -47,7 +47,7 @@ references:
stigid@ol7: OL07-00-020231
stigid@ol8: OL08-00-040171
stigid@rhel7: RHEL-07-020231
- stigid@rhel8: RHEL-08-040171
+ stigid@almalinux8: RHEL-08-040171
stigid@ubuntu2004: UBTU-20-010459
ocil_clause: 'GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed'
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
index fa4f578e..f0d0708d 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
# reboot = false
# strategy = unknown
# complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
index faa389c2..d0e22b41 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable Geolocation in GNOME3'
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
index 7a2e35b8..8d2debf7 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
title: 'Disable Power Settings in GNOME3'
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
index 592f8558..664c876c 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
title: 'Disable User Administration in GNOME3'
diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
index 27b2e8e2..b93c5bcf 100644
--- a/linux_os/guide/system/software/gnome/group.yml
+++ b/linux_os/guide/system/software/gnome/group.yml
@@ -12,7 +12,7 @@ description: |-
{{% if product in ['ol7', 'ol8'] %}}
Oracle Linux Graphical environment.
{{% else %}}
- Red Hat Graphical environment.
+ AlmaLinux Graphical environment.
{{% endif %}}
$ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux+ If the system is not connected to the Internet, + then install the AlmaLinux GPG key from trusted media such as + the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted + in /media/cdrom, use the following command as the root user to import + it into the keyring: +
$ sudo rpm --import /media/cdrom/RPM-GPG-KEY+ +rationale: |- + Changes to software components can have significant effects on the + overall security of the operating system. This requirement ensures + the software has not been tampered with and that it has been provided + by a trusted vendor. The AlmaLinux GPG key is necessary to + cryptographically verify packages are from AlmaLinux. + +severity: high + +references: + cis: 1.2.2 + disa: CCI-001749 + nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b) + nist-csf: PR.DS-6,PR.DS-8,PR.IP-1 + pcidss: Req-6.2 + isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6' + isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4 + cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02 + iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4 + cis-csc: 11,2,3,9 + +ocil_clause: 'the AlmaLinux GPG Key is not installed' + +ocil: |- + To ensure that the GPG key is installed, run: +
$ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
+ The command should return the string below:
+ gpg(AlmaLinux <packager@almalinux.org>diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh index 2bf91c8c..b5f52073 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml index 17fe909b..4e2dbfa7 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,uos20 +prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,uos20 title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration' @@ -62,7 +62,7 @@ references: stigid@ol7: OL07-00-020050 stigid@ol8: OL08-00-010370 stigid@rhel7: RHEL-07-020050 - stigid@rhel8: RHEL-08-010370 + stigid@almalinux8: RHEL-08-010370 stigid@sle12: SLES-12-010550 stigid@sle15: SLES-15-010430 vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650 diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml index 39fc9f86..e9bace0b 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Ensure gpgcheck Enabled for Local Packages' @@ -43,7 +43,7 @@ references: stigid@ol7: OL07-00-020060 stigid@ol8: OL08-00-010371 stigid@rhel7: RHEL-07-020060 - stigid@rhel8: RHEL-08-010371 + stigid@almalinux8: RHEL-08-010371 vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650 ocil_clause: 'gpgcheck is not enabled or configured correctly to verify local packages' diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml index 8ba65013..6728e4d5 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = enable # complexity = low diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh index 07e02fa4..ee1d023d 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle {{% if product in ["sle12", "sle15"] %}} sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/zypp/repos.d/* {{% else %}} diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml index 02574154..8a93c618 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: alinux2,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories' @@ -47,7 +47,7 @@ references: pcidss: Req-6.2 srg: SRG-OS-000366-GPOS-00153 stigid@ol8: OL08-00-010370 - stigid@rhel8: RHEL-08-010370 + stigid@almalinux8: RHEL-08-010370 vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650 ocil_clause: 'GPG checking is disabled' diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh index 37e47e4d..a852e856 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/* diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh index 04ff6e57..b97d7546 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/* diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml index 66d26838..24c01ddc 100644 --- a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 title: 'Ensure gpgcheck Enabled for Repository Metadata' diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml index bdcc5e9b..2e150e42 100644 --- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml +++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15 +prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Install dnf-automatic Package' diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh index fd844d2a..2932351f 100644 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = true # strategy = patch # complexity = low diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml index 607846e1..19d505ba 100644 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml @@ -1,11 +1,11 @@ documentation_complete: true -prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 +prodtype: alinux2,alinux3,fedora,ol7,ol8,ol9,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,uos20 title: 'Ensure Software Patches Installed' description: |- -{{% if product in ["rhel7", "rhel8"] %}} +{{% if product in ["rhel7", "rhel8", "almalinux8"] %}} If the system is joined to the Red Hat Network, a Red Hat Satellite Server, or a yum server, run the following command to install updates:
$ sudo yum update@@ -17,6 +17,11 @@ description: |-
$ sudo yum updateIf the system is not configured to use one of these sources, updates (in the form of RPM packages) can be manually downloaded from the ULN and installed using rpm. +{{% elif product in ["almalinux8"] %}} + Run the following command to install updates: +
$ sudo yum update+ If the system is not configured to use repos, updates (in the form of RPM packages) + can be manually downloaded from the repos and installed using rpm. {{% elif product in ["sle12", "sle15"] %}} If the system is configured for online updates, invoking the following command will list available security updates: @@ -64,7 +69,7 @@ references: stigid@ol7: OL07-00-020260 stigid@ol8: OL08-00-010010 stigid@rhel7: RHEL-07-020260 - stigid@rhel8: RHEL-08-010010 + stigid@almalinux8: RHEL-08-010010 stigid@sle12: SLES-12-010010 stigid@sle15: SLES-15-010010 vmmsrg: SRG-OS-000480-VMM-002000 diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml index 5ae61e5d..e011e7d2 100644 --- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml +++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,ol9,rhel8,rhel9,sle12,sle15 +prodtype: fedora,ol8,ol9,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Enable dnf-automatic Timer' diff --git a/products/almalinux8/CMakeLists.txt b/products/almalinux8/CMakeLists.txt new file mode 100644 index 00000000..dcbf2057 --- /dev/null +++ b/products/almalinux8/CMakeLists.txt @@ -0,0 +1,28 @@ +# Sometimes our users will try to do: "cd almalinux8; cmake ." That needs to error in a nice way. +if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}") + message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!") +endif() + +set(PRODUCT "almalinux8") + +ssg_build_product(${PRODUCT}) + +ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss") + +ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist") +ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist") + +ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi") +ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_enhanced" "${PRODUCT}" "anssi_bp28_enhanced" "anssi") +ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_intermediary" "${PRODUCT}" "anssi_bp28_intermediary" "anssi") +ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_high" "${PRODUCT}" "anssi_bp28_high" "anssi") + +ssg_build_html_cce_table(${PRODUCT}) + +ssg_build_html_srgmap_tables(${PRODUCT}) + +ssg_build_html_stig_tables(${PRODUCT}) +ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig") +ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig_gui") + +#ssg_build_html_stig_tables(${PRODUCT} "ospp") diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg new file mode 100644 index 00000000..0efae2c7 --- /dev/null +++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg @@ -0,0 +1,158 @@ +# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 8 +# Version: 0.0.1 +# Date: 2021-01-28 +# +# Based on: +# https://pykickstart.readthedocs.io/en/latest/ +# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg + +# Specify installation method to use for installation +# To use a different one comment out the 'url' one below, update +# the selected choice with proper options & un-comment it +# +# Install from an installation tree on a remote server via FTP or HTTP: +# --url the URL to install from +# +# Example: +# +# url --url=http://192.168.122.1/image +# +# Modify concrete URL in the above example appropriately to reflect the actual +# environment machine is to be installed in +# +# Other possible / supported installation methods: +# * install from the first CD-ROM/DVD drive on the system: +# +# cdrom +# +# * install from a directory of ISO images on a local drive: +# +# harddrive --partition=hdb2 --dir=/tmp/install-tree +# +# * install from provided NFS server: +# +# nfs --server=