diff --git a/CMakeLists.txt b/CMakeLists.txt index 3e122ae2..29803a99 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -67,6 +67,7 @@ option(SSG_PRODUCT_DEFAULT "If enabled, all default release products will be bui # Products to build content for. These generally correspond to directories in # the root of this project. Note that the example product is always disabled # unless explicitly asked for. +option(SSG_PRODUCT_ALMALINUX8 "If enabled, the AlmaLinux 8 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_CHROMIUM "If enabled, the Chromium SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_DEBIAN9 "If enabled, the Debian 9 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) option(SSG_PRODUCT_DEBIAN10 "If enabled, the Debian 10 SCAP content will be built" ${SSG_PRODUCT_DEFAULT}) @@ -272,6 +273,7 @@ message(STATUS "STIG Delta Taloring files: ${SSG_BUILD_DISA_DELTA_FILES}") message(STATUS " ") message(STATUS "Products:") +message(STATUS "AlmaLinux 8: ${SSG_PRODUCT_ALMALINUX8}") message(STATUS "Chromium: ${SSG_PRODUCT_CHROMIUM}") message(STATUS "Debian 9: ${SSG_PRODUCT_DEBIAN9}") message(STATUS "Debian 10: ${SSG_PRODUCT_DEBIAN10}") @@ -338,6 +340,9 @@ endif() ssg_build_man_page() +if (SSG_PRODUCT_ALMALINUX8) + add_subdirectory("products/almalinux8" "almalinux8") +endif() if (SSG_PRODUCT_CHROMIUM) add_subdirectory("products/chromium" "chromium") endif() diff --git a/build_product b/build_product index 1ba2e099..13413929 100755 --- a/build_product +++ b/build_product @@ -282,6 +282,7 @@ set_explict_build_targets() { # Get this using # grep 'option(SSG_PRODUCT' CMakeLists.txt | sed -e 's/option(SSG_PRODUCT_\(\w\+\).*/\1/' all_cmake_products=( + ALMALINUX8 CHROMIUM DEBIAN9 DEBIAN10 diff --git a/cmake/SSGCommon.cmake b/cmake/SSGCommon.cmake index 9c2550cf..ec748556 100644 --- a/cmake/SSGCommon.cmake +++ b/cmake/SSGCommon.cmake @@ -900,7 +900,7 @@ macro(ssg_build_product PRODUCT) add_dependencies(html-stats ${PRODUCT}-html-stats) add_dependencies(html-profile-stats ${PRODUCT}-html-profile-stats) - if (SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "rhel(7|8)") + if (SSG_BUILD_DISA_DELTA_FILES AND "${PRODUCT}" MATCHES "almalinux8") ssg_build_disa_delta(${PRODUCT} "stig") add_dependencies(${PRODUCT} generate-ssg-delta-${PRODUCT}-stig) endif() diff --git a/controls/anssi.yml b/controls/anssi.yml index 5c3d5f34..960aecff 100644 --- a/controls/anssi.yml +++ b/controls/anssi.yml @@ -198,7 +198,7 @@ controls: levels: - intermediary title: Partitioning type - notes: >- + notes: >- The rule for the /proc file system is not implemented status: partial rules: @@ -293,7 +293,7 @@ controls: - ensure_gpgcheck_never_disabled - ensure_gpgcheck_globally_activated - ensure_gpgcheck_local_packages - - ensure_redhat_gpgkey_installed + - ensure_almalinux_gpgkey_installed - ensure_oracle_gpgkey_installed - id: R16 @@ -584,7 +584,7 @@ controls: - sysctl_kernel_perf_event_max_sample_rate - sysctl_kernel_perf_cpu_time_max_percent - + - id: R24 levels: - enhanced diff --git a/controls/cis_rhel8.yml b/controls/cis_rhel8.yml index 005c94c0..94241308 100644 --- a/controls/cis_rhel8.yml +++ b/controls/cis_rhel8.yml @@ -283,7 +283,7 @@ controls: - l1_workstation status: manual related_rules: - - ensure_redhat_gpgkey_installed + - ensure_almalinux_gpgkey_installed - id: 1.2.4 title: Ensure gpgcheck is globally activated (Automated) @@ -1752,7 +1752,7 @@ controls: # NEEDS RULE # The current sshd_enable_warning_banner rule uses /etc/issue instead # of the /etc/issue.net that the benchmark expects. - # + # - id: 5.2.15 title: Ensure SSH warning banner is configured (Automated) levels: diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml index 14ea150a..0f9407b4 100644 --- a/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml +++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_check_ttl/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Check Avahi Responses'' TTL Field' diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml index 36bb0308..949fda55 100644 --- a/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml +++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_ip_only/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Serve Avahi Only via Required Protocol' diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml index 69c83eef..a7d9e163 100644 --- a/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml +++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_prevent_port_sharing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Prevent Other Programs from Using Avahi''s Port' diff --git a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml index 0db51bd1..b7cf62ec 100644 --- a/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml +++ b/linux_os/guide/services/avahi/avahi_configuration/avahi_restrict_published_information/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Restrict Information Published by Avahi' diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml index 2d30e4c2..7cb54017 100644 --- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Disable Avahi Server Software' diff --git a/linux_os/guide/services/base/package_abrt_removed/rule.yml b/linux_os/guide/services/base/package_abrt_removed/rule.yml index 1c823d79..49db8255 100644 --- a/linux_os/guide/services/base/package_abrt_removed/rule.yml +++ b/linux_os/guide/services/base/package_abrt_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 title: 'Uninstall Automatic Bug Reporting Tool (abrt)' @@ -28,7 +28,7 @@ references: disa: CCI-000381 srg: SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040001 - stigid@rhel8: RHEL-08-040001 + stigid@almalinux8: RHEL-08-040001 {{{ complete_ocil_entry_package(package="abrt") }}} diff --git a/linux_os/guide/services/base/package_psacct_installed/rule.yml b/linux_os/guide/services/base/package_psacct_installed/rule.yml index b5a0e717..0b6a33ff 100644 --- a/linux_os/guide/services/base/package_psacct_installed/rule.yml +++ b/linux_os/guide/services/base/package_psacct_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Install the psacct package' diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml index eb9cbc32..c1c37672 100644 --- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8 title: 'Disable Automatic Bug Reporting Tool (abrtd)' diff --git a/linux_os/guide/services/base/service_acpid_disabled/rule.yml b/linux_os/guide/services/base/service_acpid_disabled/rule.yml index cc474092..7a910128 100644 --- a/linux_os/guide/services/base/service_acpid_disabled/rule.yml +++ b/linux_os/guide/services/base/service_acpid_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Advanced Configuration and Power Interface (acpid)' diff --git a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml index 095ff4a2..3cb513e8 100644 --- a/linux_os/guide/services/base/service_certmonger_disabled/rule.yml +++ b/linux_os/guide/services/base/service_certmonger_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Certmonger Service (certmonger)' diff --git a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml index 95232c12..0ac38103 100644 --- a/linux_os/guide/services/base/service_cockpit_disabled/rule.yml +++ b/linux_os/guide/services/base/service_cockpit_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Disable Cockpit Management Server' diff --git a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml index 3328abe3..c4221608 100644 --- a/linux_os/guide/services/base/service_cpupower_disabled/rule.yml +++ b/linux_os/guide/services/base/service_cpupower_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable CPU Speed (cpupower)' diff --git a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda index 1f6a233e..9f3a4d6b 100644 --- a/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda +++ b/linux_os/guide/services/base/service_kdump_disabled/anaconda/shared.anaconda @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol kdump --disable diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml index 81d24c22..16792f7b 100644 --- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml +++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Disable KDump Kernel Crash Analyzer (kdump)' @@ -41,7 +41,7 @@ references: stigid@ol7: OL07-00-021300 stigid@ol8: OL08-00-010670 stigid@rhel7: RHEL-07-021300 - stigid@rhel8: RHEL-08-010670 + stigid@almalinux8: RHEL-08-010670 stigid@sle12: SLES-12-010840 stigid@sle15: SLES-15-040190 stigid@ubuntu2004: UBTU-20-010413 diff --git a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml index 04a7fb5d..728f96cf 100644 --- a/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml +++ b/linux_os/guide/services/base/service_mdmonitor_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Software RAID Monitor (mdmonitor)' diff --git a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml index 19ffe27e..b4231f8b 100644 --- a/linux_os/guide/services/base/service_netconsole_disabled/rule.yml +++ b/linux_os/guide/services/base/service_netconsole_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Network Console (netconsole)' diff --git a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml index 12d26e4e..e9b7bdac 100644 --- a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Disable ntpdate Service (ntpdate)' diff --git a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml index 77f7e4f4..e68dfa7f 100644 --- a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Disable Odd Job Daemon (oddjobd)' diff --git a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml index fceb228b..3819ac65 100644 --- a/linux_os/guide/services/base/service_portreserve_disabled/rule.yml +++ b/linux_os/guide/services/base/service_portreserve_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Portreserve (portreserve)' diff --git a/linux_os/guide/services/base/service_psacct_enabled/rule.yml b/linux_os/guide/services/base/service_psacct_enabled/rule.yml index fa34b99f..a1264aca 100644 --- a/linux_os/guide/services/base/service_psacct_enabled/rule.yml +++ b/linux_os/guide/services/base/service_psacct_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Enable Process Accounting (psacct)' diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml index ecdd76ec..a87c33b7 100644 --- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml @@ -1,7 +1,7 @@ documentation_complete: true # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Disable Apache Qpid (qpidd)' diff --git a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml index a04bd5ce..3e9aa353 100644 --- a/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml +++ b/linux_os/guide/services/base/service_quota_nld_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Quota Netlink (quota_nld)' diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml index 37cc6549..593318ef 100644 --- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Disable Network Router Discovery Daemon (rdisc)' diff --git a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml index c46674a2..c44afdd1 100644 --- a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9 +prodtype: rhel7,rhel8,almalinux8,rhel9 title: 'Disable Red Hat Network Service (rhnsd)' diff --git a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml index 93240d9b..e1ea7a80 100644 --- a/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_rhsmcertd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Red Hat Subscription Manager Daemon (rhsmcertd)' diff --git a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml index d6409183..f802628e 100644 --- a/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_saslauthd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Cyrus SASL Authentication Daemon (saslauthd)' diff --git a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml index be42e5dd..b3af30ca 100644 --- a/linux_os/guide/services/base/service_sysstat_disabled/rule.yml +++ b/linux_os/guide/services/base/service_sysstat_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable System Statistics Reset Service (sysstat)' diff --git a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml index 93206153..0ac567a3 100644 --- a/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml +++ b/linux_os/guide/services/cron_and_at/disable_anacron/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Disable anacron Service' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml index 477e0e45..e103fe85 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml index 029e9657..20ad74e1 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml index 9d0902f9..30d46124 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml index a20878d7..e697560e 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml index 710a88f7..d913e3cd 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml index e14e78ad..2de486fd 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns Crontab' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml index 8e0659f0..645dfaad 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Owner on cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml index e0380966..8d8cb832 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Owner on cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml index e4b9e57f..fd8fe7eb 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Owner on cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml index ceaa0424..4f8abe13 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Owner on cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml index 20185169..f28ea4b0 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Owner on cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml index 7f54d498..6e77f9d7 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Owner on crontab' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml index a45701d1..7bced050 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Permissions on cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml index 77c847f1..2a9f3d11 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Permissions on cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml index bb419f05..2db51c7f 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Permissions on cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml index 20f35979..3a9a0eb9 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Permissions on cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml index 164e724f..2661d33a 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Permissions on cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml index 7be734c2..c5329e50 100644 --- a/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_permissions_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Permissions on crontab' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml index 681f009c..2ab097ff 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_at_deny_not_exist/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure that /etc/at.deny does not exist' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml index e03812bc..df09d43b 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_cron_deny_not_exist/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9,sle15 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Ensure that /etc/cron.deny does not exist' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml index 1fc8763a..30f03d6d 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_at_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns /etc/at.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml index 77066c6c..49467074 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_groupowner_cron_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify Group Who Owns /etc/cron.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml index 3d4f9996..79523128 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_owner_cron_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify User Who Owns /etc/cron.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml index 8da1a95a..c854e9f8 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_at_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Verify Permissions on /etc/at.allow file' diff --git a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml index 33ebca60..8b3a62ee 100644 --- a/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml +++ b/linux_os/guide/services/cron_and_at/restrict_at_cron_users/file_permissions_cron_allow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 title: 'Verify Permissions on /etc/cron.allow file' diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml index f710f01e..2a19ca89 100644 --- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Disable At Service (atd)' diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml index dffcf36a..1b4e7a92 100644 --- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Enable cron Service' diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml index 6baf9026..81a9ad03 100644 --- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml +++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_configure_logging/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure Logging' diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml index 1d825698..8c28acb9 100644 --- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml +++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_bootp/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Deny BOOTP Queries' diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml index 4b0fa9a5..f50fe476 100644 --- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml +++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_deny_decline/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Deny Decline Messages' diff --git a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml index e9cdf799..71db5eef 100644 --- a/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml +++ b/linux_os/guide/services/dhcp/dhcp_server_configuration/dhcp_server_disable_ddns/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Do Not Use Dynamic DNS' diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml index 6c9c0b02..bda84dff 100644 --- a/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml +++ b/linux_os/guide/services/dhcp/disabling_dhcp_client/sysconfig_networking_bootproto_ifcfg/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable DHCP Client in ifcfg' diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml index e5a25eef..4b5f8de1 100644 --- a/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml +++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/package_dhcp_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Uninstall DHCP Server Package' diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml index 79a554aa..e0f3407a 100644 --- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable DHCP Service' diff --git a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml index d973c70d..ef687b87 100644 --- a/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml +++ b/linux_os/guide/services/dns/disabling_dns_server/package_bind_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Uninstall bind Package' diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml index ad48971c..55a47e6c 100644 --- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable named Service' diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml index f8220f53..239b7f2e 100644 --- a/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml +++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_authenticate_zone_transfers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Authenticate Zone Transfers' diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml index 175cc987..a271f9e8 100644 --- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml +++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_dynamic_updates/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Dynamic Updates' diff --git a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml index 05aa2344..8c441644 100644 --- a/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml +++ b/linux_os/guide/services/dns/dns_server_protection/dns_server_disable_zone_transfers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Zone Transfers from the Nameserver' diff --git a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml index e3fd65ec..93777b3d 100644 --- a/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml +++ b/linux_os/guide/services/fapolicyd/package_fapolicyd_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Install fapolicyd Package' @@ -23,7 +23,7 @@ references: nist: CM-6(a),SI-4(22) srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040135 - stigid@rhel8: RHEL-08-040135 + stigid@almalinux8: RHEL-08-040135 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml index 35e7b5cd..411951b5 100644 --- a/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml +++ b/linux_os/guide/services/fapolicyd/service_fapolicyd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhcos4,rhel8,rhel9 +prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Enable the File Access Policy Service' @@ -25,7 +25,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000370-GPOS-00155,SRG-OS-000368-GPOS-00154 stigid@ol8: OL08-00-040136 - stigid@rhel8: RHEL-08-040136 + stigid@almalinux8: RHEL-08-040136 ocil_clause: 'the service is not enabled' diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml index 0b69920d..32d9ba12 100644 --- a/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml +++ b/linux_os/guide/services/ftp/disabling_vsftpd/package_vsftpd_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Uninstall vsftpd Package' @@ -36,7 +36,7 @@ references: stigid@ol7: OL07-00-040690 stigid@ol8: OL08-00-040360 stigid@rhel7: RHEL-07-040690 - stigid@rhel8: RHEL-08-040360 + stigid@almalinux8: RHEL-08-040360 stigid@sle12: SLES-12-030011 stigid@sle15: SLES-15-010030 diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml index bdd7f045..d613b728 100644 --- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable vsftpd Service' diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml index f94beaf6..72143561 100644 --- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml +++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_disable_uploads/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Disable FTP Uploads if Possible' diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml index 62818647..6c59fe87 100644 --- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml +++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_home_partition/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Place the FTP Home Directory on its Own Partition' diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml index 3f9a0e0d..04625628 100644 --- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml +++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_log_transactions/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Enable Logging of All FTP Transactions' diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml index 3cacb857..0ce945f0 100644 --- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml +++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_present_banner/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,sle12 +prodtype: fedora,rhel7,rhel8,almalinux8,sle12 title: 'Create Warning Banners for All FTP Users' diff --git a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml index 2782961b..e74183f3 100644 --- a/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml +++ b/linux_os/guide/services/ftp/ftp_configure_vsftpd/ftp_restrict_users/ftp_restrict_to_anon/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Restrict Access to Anonymous Users if Possible' diff --git a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml index 6aa51e73..289415f1 100644 --- a/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml +++ b/linux_os/guide/services/ftp/ftp_use_vsftpd/package_vsftpd_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Install vsftpd Package' diff --git a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml index 13297588..33c7f7fd 100644 --- a/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml +++ b/linux_os/guide/services/http/disabling_httpd/package_httpd_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Uninstall httpd Package' diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml index cdc6ba69..6f6b1f12 100644 --- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable httpd Service' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml index bb71b36f..38cbb050 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_log_format/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure Error Log Format' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml index 3a9b317b..e04b503d 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_max_keepalive_requests/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure The Number of Allowed Simultaneous Requests' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml index 136cd7cc..77021742 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_antivirus_scan_uploads/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Scan All Uploaded Content for Malicious Software' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml index 2d0a5c51..8de48bb4 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_firewall/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure firewall to Allow Access to the Web Server' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml index afc9519f..09dc97cb 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_configure_remote_session_encryption/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Ensure Remote Administrative Access Is Encrypted' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml index 91174c07..50ceb9d0 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_etc_httpd_conf/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Set Permissions on the /etc/httpd/conf/ Directory' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml index dedc508f..5f0e74c8 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/dir_perms_var_log_httpd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Set Permissions on the /var/log/httpd/ Directory' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml index d8631eb9..1fc8f7b4 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_d_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9 +prodtype: rhel7,rhel8,almalinux8,rhel9 title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.d/' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml index 5227203b..e31765b0 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_conf_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9 +prodtype: rhel7,rhel8,almalinux8,rhel9 title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf/' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml index 1af8689b..a0623cc7 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/file_permissions_httpd_server_modules_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9 +prodtype: rhel7,rhel8,almalinux8,rhel9 title: 'Set Permissions on All Configuration Files Inside /etc/httpd/conf.modules.d/' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml index e09f15a6..8be87c58 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_os_protect_web_server/httpd_restrict_file_dir_access/http_configure_log_file_ownership/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'HTTPD Log Files Must Be Owned By Root' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml index e04cdfd5..827288f8 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_configure_perl_securely/httpd_configure_perl_taint/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure HTTP PERL Scripts To Use TAINT Option' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml index 130a822f..dd60cb4a 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_anonymous_content_sharing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Web Content Directories Must Not Be Shared Anonymously' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml index 28cab365..226e53e4 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_configure_script_permissions/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Remove Write Permissions From Filesystem Paths And Server Scripts' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml index 81f39f7b..49ce8bcd 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_disable_anonymous_ftp_access/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Anonymous FTP Access' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml index cb6e4ef5..813459fd 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_ignore_htaccess_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Ignore HTTPD .htaccess Files' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml index fb02b8d4..93de1f84 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_limit_available_methods/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Limit Available Methods' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml index 2194e268..496484d0 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_critical_directories/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Restrict Other Critical Directories' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml index a02162aa..87ec21b7 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_root_directory/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Restrict Root Directory' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml index cb5e5231..0f53af52 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_directory_restrictions/httpd_restrict_web_directory/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Restrict Web Directory' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml index ea7ab8bf..89776d62 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_disable_mime_types/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'MIME types for csh or sh shell programs must be disabled' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml index f324b60e..bc49ebc1 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_error_logging/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Enable HTTPD Error Logging' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml index e8bb96b2..d3d67773 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_loglevel/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Enable HTTPD LogLevel' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml index 33b9a33e..2d953da2 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_enable_system_logging/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Enable HTTPD System Logging' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml index fcf1c504..b4d29e35 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_entrust_passwords/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'The web server password(s) must be entrusted to the SA or Web Manager' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml index 97b49e06..47d23073 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cache_support/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Cache Support' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml index 20ec65bd..34d59440 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_cgi_support/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable CGI Support' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml index 5bef0902..ac5afa64 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_digest_authentication/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable HTTP Digest Authentication' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml index 250f3ba6..6fbb5909 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_enable_log_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Enable log_config_module For HTTPD Logging' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml index 6afbb503..e3e7380a 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_ldap_support/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable LDAP Support' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml index a49a797d..31d622a1 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mime_magic/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable MIME Magic' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml index e72cd1b1..35f2881e 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_mod_rewrite/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable HTTP mod_rewrite' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml index 49ddb85a..013c1e90 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_proxy_support/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Proxy Support' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml index 59b00d06..d5ed46a4 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_activity_status/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Server Activity Status' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml index 3b7a1c74..43335230 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_configuration_display/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Web Server Configuration Display' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml index 119cfb6a..cf8848f9 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_server_side_includes/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Server Side Includes' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml index b11038c3..875c149a 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_url_correction/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable URL Correction on Misspelled Entries' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml index 0dbde818..b0ea54ca 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_minimize_loadable_modules/httpd_core_modules/httpd_webdav/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable WebDAV (Distributed Authoring and Versioning)' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml index 8389ba24..a1e675f5 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_security/httpd_install_mod_security/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Install mod_security' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml index 4fcb6742..e1802d1e 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_tls/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Enable Transport Layer Security (TLS) Encryption' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml index 2fbe3e26..451af3fc 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_configure_valid_server_cert/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure A Valid Server Certificate' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml index f845c3e9..46eb5cf8 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_install_mod_ssl/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Install mod_ssl' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml index 08429251..113b317d 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_modules_improve_security/httpd_deploy_mod_ssl/httpd_require_client_certs/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Require Client Certificates' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml index 65c10b74..ee0f8eda 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_nipr_accredited_dmz/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'A public web server, if hosted on the NIPRNet, must be isolated in an accredited DoD DMZ extension' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml index c0a8e19c..d75e3f3f 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_no_compilers_in_prod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Installation of a compiler on production web server is prohibited' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml index 177fc6b1..7515622f 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_private_server_on_separate_subnet/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'A private web server must be located on a separate controlled access subnet' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml index 7b93fe2d..ca9dbde3 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_public_resources_not_shared/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Public web server resources must not be shared with private assets' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml index c26a075a..79294345 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_remove_backups/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Backup interactive scripts on the production web server are prohibited' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml index 433ce96d..56729d6b 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_serversignature_off/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Set httpd ServerSignature Directive to Off' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml index af49aaeb..9aa5d9a2 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_restrict_info_leakage/httpd_servertokens_prod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Set httpd ServerTokens Directive to Prod' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml index f885d2ce..d573f442 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_banner_page/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure A Banner Page For Each Website' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml index b3a76b83..de57edf1 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_configure_documentroot/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Each Web Content Directory Must Contain An index.html File' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml index ea3b87ed..f75f9612 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_disable_content_symlinks/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Web Content Symbolic Links' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml index f84d6d5c..0773ee07 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_encrypt_file_uploads/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Encrypt All File Uploads' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml index 4e519379..62902b85 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_limit_java_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Remove .java And .jpp Files' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml index cc7c33d1..e585f723 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/httpd_remove_robots_file/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'The robots.txt Files Must Not Exist' diff --git a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml index 6d7e27f4..bd29cf0b 100644 --- a/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml +++ b/linux_os/guide/services/http/securing_httpd/httpd_secure_content/partition_for_web_content/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Ensure Web Content Located on Separate partition' diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml index d03ccdc5..420b1a6d 100644 --- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml +++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_cert/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure Dovecot to Use the SSL Certificate file' diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml index 34c4865f..0c1a2b7b 100644 --- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml +++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_configure_ssl_key/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure Dovecot to Use the SSL Key file' diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml index cd829dd8..cfedf22c 100644 --- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml +++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_disable_plaintext_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Plaintext Authentication' diff --git a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml index d88e1120..5744fe45 100644 --- a/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml +++ b/linux_os/guide/services/imap/configure_dovecot/dovecot_enabling_ssl/dovecot_enable_ssl/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Enable the SSL flag in /etc/dovecot.conf' diff --git a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml index f15f25e4..fadc6b84 100644 --- a/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml +++ b/linux_os/guide/services/imap/disabling_dovecot/package_dovecot_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Uninstall dovecot Package' diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml index d460c186..46ebf86a 100644 --- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable Dovecot Service' diff --git a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml index c943a315..7c7ed0d2 100644 --- a/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml +++ b/linux_os/guide/services/kerberos/kerberos_disable_no_keytab/rule.yml @@ -23,7 +23,7 @@ references: ospp: FTP_ITC_EXT.1 srg: SRG-OS-000120-GPOS-00061 stigid@ol8: OL08-00-010161 - stigid@rhel8: RHEL-08-010161 + stigid@almalinux8: RHEL-08-010161 ocil_clause: 'it is present on the system' diff --git a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml index 52efaf10..b6a8f0fb 100644 --- a/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml +++ b/linux_os/guide/services/kerberos/package_krb5-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Remove the Kerberos Server Package' diff --git a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml index a4bd1fc3..727dc22a 100644 --- a/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml +++ b/linux_os/guide/services/ldap/389_ds/package_389-ds-base_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhcos4,rhel7,rhel8,rhel9 +prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Uninstall 389-ds-base Package' diff --git a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml index 9a86c7ab..5a8e1fda 100644 --- a/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml +++ b/linux_os/guide/services/ldap/openldap_client/enable_ldap_client/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4 +prodtype: rhel7,rhel8,almalinux8,rhv4 title: 'Enable the LDAP Client For Use in Authconfig' diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh index 3fb71a04..acb34bba 100644 --- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh +++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux # Use LDAP for authentication diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml index 4f64afff..348ddaa5 100644 --- a/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml +++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_start_tls/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4 +prodtype: rhel7,rhel8,almalinux8,rhv4 title: 'Configure LDAP Client to Use TLS For All Transactions' diff --git a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml index e05e43a9..9ea470b8 100644 --- a/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml +++ b/linux_os/guide/services/ldap/openldap_client/ldap_client_tls_cacertpath/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure Certificate Directives for LDAP Use of TLS' diff --git a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml index 0bccc020..9fff25e3 100644 --- a/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml +++ b/linux_os/guide/services/ldap/openldap_client/package_openldap-clients_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure LDAP client is not installed' diff --git a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml index 95601fbd..17f118fd 100644 --- a/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml +++ b/linux_os/guide/services/ldap/openldap_server/package_openldap-servers_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Uninstall openldap-servers Package' diff --git a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml index 542f70ae..5071e907 100644 --- a/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml +++ b/linux_os/guide/services/ldap/openldap_server/service_slapd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8,rhel9 +prodtype: rhel8,almalinux8,rhel9 title: 'Disable LDAP Server (slapd)' diff --git a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml index fe7861b6..c1d6dd84 100644 --- a/linux_os/guide/services/mail/package_sendmail_removed/rule.yml +++ b/linux_os/guide/services/mail/package_sendmail_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Uninstall Sendmail Package' @@ -33,7 +33,7 @@ references: nist-csf: PR.IP-1,PR.PT-3 srg: SRG-OS-000480-GPOS-00227,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-040002 - stigid@rhel8: RHEL-08-040002 + stigid@almalinux8: RHEL-08-040002 {{{ complete_ocil_entry_package(package="sendmail") }}} diff --git a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml index dc68aace..e056f370 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_client_configure_mail_alias/rule.yml @@ -32,7 +32,7 @@ references: nist@sle12: AU-5(a),AU-5.1(ii) srg: SRG-OS-000046-GPOS-00022 stigid@ol8: OL08-00-030030 - stigid@rhel8: RHEL-08-030030 + stigid@almalinux8: RHEL-08-030030 stigid@sle12: SLES-12-020050 stigid@sle15: SLES-15-030580 diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml index e1c9d00d..df00159e 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh index bd6f4236..16f610e5 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol {{{ bash_instantiate_variables("var_postfix_inet_interfaces") }}} diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml index 6441e452..e694725d 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable Postfix Network Listening' diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml index e169429a..d9f0688b 100644 --- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml +++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_banner/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Configure SMTP Greeting Banner' diff --git a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml index 5ccf6ffc..d7a9bacd 100644 --- a/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml +++ b/linux_os/guide/services/mail/postfix_harden_os/postfix_server_cfg/postfix_server_relay/postfix_prevent_unrestricted_relay/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,wrlinux1019 title: 'Prevent Unrestricted Mail Relaying' @@ -27,7 +27,7 @@ references: stigid@ol7: OL07-00-040680 stigid@ol8: OL08-00-040290 stigid@rhel7: RHEL-07-040680 - stigid@rhel8: RHEL-08-040290 + stigid@almalinux8: RHEL-08-040290 ocil_clause: 'it is not' diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml index 1399f5d5..f85ba23a 100644 --- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Enable Postfix Service' diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml index 2524bf79..e398c312 100644 --- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_nfslock_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Disable Network File System Lock Service (nfslock)' diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml index 760147e1..04593972 100644 --- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable rpcbind Service' diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml index 965d781c..3119d78b 100644 --- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcgssd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Disable Secure RPC Client Service (rpcgssd)' diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml index 9dded936..672b5bdf 100644 --- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcidmapd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Disable RPC ID Mapping Service (rpcidmapd)' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml index 322d5924..c93b5d14 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_tcp_port/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Configure lockd to use static TCP port' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml index ca67db92..a1aaad35 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_lockd_udp_port/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Configure lockd to use static UDP port' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml index 7d8839f5..563cd079 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_mountd_port/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Configure mountd to use static port' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml index adcc2e18..c9a2bc06 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_all_machines/nfs_configure_fixed_ports/nfs_fixed_statd_port/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Configure statd to use static port' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml index 73a0d70b..36a53e46 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/nfs_no_anonymous/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Specify UID and GID for Anonymous NFS Connections' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml index f99879c8..6224464d 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9 title: 'Disable Network File System (nfs)' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_disabled.pass.sh b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_disabled.pass.sh index 30af5520..722a8f2e 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_disabled.pass.sh +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_disabled.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora # packages = nfs-utils systemctl stop nfs-server diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_enabled.fail.sh b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_enabled.fail.sh index 8e4eee8b..db823921 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_enabled.fail.sh +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/tests/service_enabled.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora # packages = nfs-utils systemctl start nfs-server diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml index bb5788e3..3703a84c 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_rpcsvcgssd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Disable Secure RPC Server Service (rpcsvcgssd)' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml index 65bcba60..97f66925 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_krb_sec_remote_filesystems/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,wrlinux1019 title: 'Mount Remote Filesystems with Kerberos Security' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml index 202e0864..3fcea47e 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nodev_remote_filesystems/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Mount Remote Filesystems with nodev' @@ -28,7 +28,7 @@ references: nist-csf: PR.IP-1,PR.PT-2,PR.PT-3 srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010640 - stigid@rhel8: RHEL-08-010640 + stigid@almalinux8: RHEL-08-010640 ocil_clause: 'the setting does not show' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml index 940b1eb8..ec1c49a8 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_noexec_remote_filesystems/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Mount Remote Filesystems with noexec' @@ -34,7 +34,7 @@ references: stigid@ol7: OL07-00-021021 stigid@ol8: OL08-00-010630 stigid@rhel7: RHEL-07-021021 - stigid@rhel8: RHEL-08-010630 + stigid@almalinux8: RHEL-08-010630 stigid@sle12: SLES-12-010820 stigid@sle15: SLES-15-040170 diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml index 2d1fd79f..bd8ec080 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/mounting_remote_filesystems/mount_option_nosuid_remote_filesystems/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Mount Remote Filesystems with nosuid' @@ -32,7 +32,7 @@ references: stigid@ol7: OL07-00-021020 stigid@ol8: OL08-00-010650 stigid@rhel7: RHEL-07-021020 - stigid@rhel8: RHEL-08-010650 + stigid@almalinux8: RHEL-08-010650 stigid@sle12: SLES-12-010810 stigid@sle15: SLES-15-040160 diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml index daaf44ae..548c4d83 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/no_insecure_locks_exports/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Ensure Insecure File Locking is Not Allowed' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml index 0978d54c..00145705 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/restrict_nfs_clients_to_privileged_ports/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Restrict NFS Clients to Privileged Ports' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml index 9176e00b..85034a83 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_kerberos_security_all_exports/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Use Kerberos Security on All Exports' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml index c5983cbe..0f39d0ff 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_servers/use_root_squashing_all_exports/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,almalinux8 title: 'Use Root-Squashing on All Exports' diff --git a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml index 4a6e5254..cc9ac42e 100644 --- a/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/package_nfs-utils_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Uninstall nfs-utils Package' diff --git a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh index f3d9ac33..1ba1ab9c 100644 --- a/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_client_only/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol {{{ bash_replace_or_append("/etc/chrony.conf", '^port', '0', '%s %s') }}} diff --git a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml index a97cf1a9..f285ebb4 100644 --- a/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_client_only/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml index e94276f8..28f55b98 100644 --- a/linux_os/guide/services/ntp/chronyd_client_only/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_client_only/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Disable chrony daemon from acting as server' @@ -28,7 +28,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-030741 - stigid@rhel8: RHEL-08-030741 + stigid@almalinux8: RHEL-08-030741 ocil_clause: 'it does not exist or port is set to non-zero value' diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh index 5bfd2b1f..e03fc658 100644 --- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol {{{ bash_replace_or_append("/etc/chrony.conf", '^cmdport', '0', '%s %s') }}} diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml index a97cf1a9..f285ebb4 100644 --- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml index a5e998d0..48dcd4c6 100644 --- a/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_no_chronyc_network/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Disable network management of chrony daemon' @@ -28,7 +28,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000096-GPOS-00050,SRG-OS-000095-GPOS-00049 stigid@ol8: OL08-00-030742 - stigid@rhel8: RHEL-08-030742 + stigid@almalinux8: RHEL-08-030742 ocil_clause: 'it does not exist or port is set to non-zero value' diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml index da0a6223..36ad0175 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh index 770312c9..8a8ca27d 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle {{{ bash_instantiate_variables("var_time_service_set_maxpoll") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml index a97cf1a9..f285ebb4 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml index e8e4ec45..59a09814 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_set_maxpoll/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Configure Time Service Maxpoll Interval' @@ -99,7 +99,7 @@ references: stigid@ol7: OL07-00-040500 stigid@ol8: OL08-00-030740 stigid@rhel7: RHEL-07-040500 - stigid@rhel8: RHEL-08-030740 + stigid@almalinux8: RHEL-08-030740 stigid@sle12: SLES-12-030300 stigid@sle15: SLES-15-010400 stigid@ubuntu2004: UBTU-20-010435 diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh index 428a5407..696798a0 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle {{{ bash_instantiate_variables("var_multiple_time_servers") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml index a97cf1a9..f285ebb4 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml index adab67dc..85fef84a 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_multiple_servers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 title: 'Specify Additional Remote NTP Servers' diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh index f0a41078..8e1f92d4 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol {{{ bash_instantiate_variables("var_multiple_time_servers") }}} diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml index a97cf1a9..f285ebb4 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml index c0635acd..3941b2a1 100644 --- a/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_or_ntpd_specify_remote_server/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4 title: 'Specify a Remote NTP Server' diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml index e60dd11e..12f4bd92 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml +++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml index 1e0f65ac..3a5ec70e 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure that chronyd is running under chrony user account' diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml index 6dc24f1b..159b99d1 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_server_directive/rule.yml @@ -22,7 +22,7 @@ identifiers: references: disa: CCI-001891 srg: SRG-OS-000355-GPOS-00143,SRG-OS-000356-GPOS-00144,SRG-OS-000359-GPOS-00146 - stigid@rhel8: RHEL-08-030740 + stigid@almalinux8: RHEL-08-030740 ocil_clause: 'a remote time server is not configured or configured with pool directive' diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh index d1ba0755..d63e9963 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_empty.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # remediation = none echo "" > /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh index 12a50ebc..062721b3 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/file_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # remediation = none rm -f /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh index bffa8b62..081e47a7 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/line_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # remediation = none echo "some line" > /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh index 5527f389..a121cf97 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/multiple_servers.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # remediation = none sed -i "^pool.*" /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh index 616fe884..8ca788f4 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_pool.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # remediation = none sed -i "^server.*" /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh index 21a70dc4..58061797 100644 --- a/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_server_directive/tests/only_server.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux sed -i "^pool.*" /etc/chrony.conf echo "server 0.pool.ntp.org" > /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh index 4a1fd261..3483a7db 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux echo "server 0.pool.ntp.org" > /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh index 6612538e..f0654680 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/correct_pool.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux echo "pool 0.pool.ntp.org" > /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh index 8a9866d2..02d6a61f 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_empty.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux echo "" > /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh index c6ac20c1..638372b8 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/file_missing.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux rm -f /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh index 02693609..3667b6ff 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/line_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux echo "some line" > /etc/chrony.conf echo "another line" >> /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh index 6c2557aa..f9f96f9c 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/multiple_servers.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux echo "server 0.pool.ntp.org" > /etc/chrony.conf echo "server 1.pool.ntp.org" >> /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh index a5d6aecf..e6f5e057 100644 --- a/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh +++ b/linux_os/guide/services/ntp/chronyd_specify_remote_server/tests/server_not_specified.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash # packages = chrony -# platform = multi_platform_fedora,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux echo "server " > /etc/chrony.conf diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml index b9add520..ac7b4cec 100644 --- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml +++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle # reboot = false # strategy = enable # complexity = low diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh index f8a77aee..33166cac 100644 --- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh +++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle # reboot = false # strategy = enable # complexity = low diff --git a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml index 66c66754..2b31b599 100644 --- a/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml +++ b/linux_os/guide/services/ntp/service_chronyd_or_ntpd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004 title: 'Enable the NTP Daemon' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml index d413ff15..2c1dfe5f 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/package_xinetd_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Uninstall xinetd Package' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml index 5b08676a..b11c8af4 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml @@ -1,7 +1,7 @@ documentation_complete: true # package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Disable xinetd Service' diff --git a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml index 83fe71b9..89043489 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypbind_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Remove NIS Client' diff --git a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml index 292a6eb7..be96a91c 100644 --- a/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml +++ b/linux_os/guide/services/obsolete/nis/package_ypserv_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Uninstall ypserv Package' diff --git a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml index 29f66c6f..8a2e364f 100644 --- a/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/nis/service_ypbind_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 title: 'Disable ypbind Service' diff --git a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml index 1867eec5..fec683fa 100644 --- a/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/nis/service_ypserv_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel8,rhel9 +prodtype: rhel8,almalinux8,rhel9 title: 'Disable ypserv Service' diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh index 26b3c514..f65fd861 100644 --- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh +++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol # Identify local mounts MOUNT_LIST=$(df --local | awk '{ print $6 }') diff --git a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml index b2cd780b..9666ab40 100644 --- a/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_host_based_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Remove Host-Based Authentication Files' @@ -33,7 +33,7 @@ references: stigid@ol7: OL07-00-040550 stigid@ol8: OL08-00-010460 stigid@rhel7: RHEL-07-040550 - stigid@rhel8: RHEL-08-010460 + stigid@almalinux8: RHEL-08-010460 stigid@sle12: SLES-12-010410 stigid@sle15: SLES-15-040030 diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml index 660eebd6..564781aa 100644 --- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml +++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh index a465105d..6d9d15e4 100644 --- a/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh +++ b/linux_os/guide/services/obsolete/r_services/no_rsh_trust_files/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux find /root -xdev -type f -name ".rhosts" -exec rm -f {} \; find /home -maxdepth 2 -xdev -type f -name ".rhosts" -exec rm -f {} \; diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh index 6e902385..3a6461d6 100644 --- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh +++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_wrlinux,multi_platform_ol # Identify local mounts MOUNT_LIST=$(df --local | awk '{ print $6 }') diff --git a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml index 79b85c1b..a614e1f5 100644 --- a/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/no_user_host_based_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Remove User Host-Based Authentication Files' @@ -33,7 +33,7 @@ references: stigid@ol7: OL07-00-040540 stigid@ol8: OL08-00-010470 stigid@rhel7: RHEL-07-040540 - stigid@rhel8: RHEL-08-010470 + stigid@almalinux8: RHEL-08-010470 stigid@sle12: SLES-12-010400 stigid@sle15: SLES-15-040020 diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml index 8a1f7ba9..9cb71d63 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 title: 'Uninstall rsh-server Package' @@ -38,7 +38,7 @@ references: stigid@ol7: OL07-00-020000 stigid@ol8: OL08-00-040010 stigid@rhel7: RHEL-07-020000 - stigid@rhel8: RHEL-08-040010 + stigid@almalinux8: RHEL-08-040010 stigid@ubuntu2004: UBTU-20-010406 {{{ complete_ocil_entry_package(package="rsh-server") }}} diff --git a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml index 05e41516..467932cc 100644 --- a/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/package_rsh_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Uninstall rsh Package' diff --git a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml index 8b94664d..69b3cc37 100644 --- a/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/service_rexec_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 title: 'Disable rexec Service' diff --git a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml index abaa36a1..27c0b794 100644 --- a/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/service_rlogin_disabled/rule.yml @@ -1,7 +1,7 @@ documentation_complete: true # potentially obsolete, rsh-server is not available in RHEL9 -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Disable rlogin Service' diff --git a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml index 70d6cb15..7241a8d0 100644 --- a/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/r_services/service_rsh_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 title: 'Disable rsh Service' diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml index d3d48820..4870dbaa 100644 --- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Ensure rsyncd service is diabled' diff --git a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml index 4faf52ea..84f94d7c 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Uninstall talk-server Package' diff --git a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml index ae60c8e1..fb6760bb 100644 --- a/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml +++ b/linux_os/guide/services/obsolete/talk/package_talk_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Uninstall talk Package' diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml index ea679e6a..c6b24427 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Uninstall telnet-server Package' @@ -49,7 +49,7 @@ references: stigid@ol7: OL07-00-021710 stigid@ol8: OL08-00-040000 stigid@rhel7: RHEL-07-021710 - stigid@rhel8: RHEL-08-040000 + stigid@almalinux8: RHEL-08-040000 stigid@sle12: SLES-12-030000 stigid@sle15: SLES-15-010180 diff --git a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml index 7134b8b2..ec8c1f52 100644 --- a/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/package_telnet_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Remove telnet Clients' diff --git a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml index 3c879a79..264fce08 100644 --- a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Disable telnet Service' diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml index 10f44352..c97cdffe 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp-server_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Uninstall tftp-server Package' @@ -36,7 +36,7 @@ references: stigid@ol7: OL07-00-040700 stigid@ol8: OL08-00-040190 stigid@rhel7: RHEL-07-040700 - stigid@rhel8: RHEL-08-040190 + stigid@almalinux8: RHEL-08-040190 {{{ complete_ocil_entry_package(package="tftp-server") }}} diff --git a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml index 50b22bb8..5c32712b 100644 --- a/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/package_tftp_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9 +prodtype: rhel7,rhel8,almalinux8,rhel9 title: 'Remove tftp Daemon' diff --git a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml index 1d6d6c81..f9aebbf5 100644 --- a/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/service_tftp_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,almalinux8,sle15 title: 'Disable tftp Service' diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml index 359670e3..0192b27e 100644 --- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml +++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,WRLinux 1019 +# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,WRLinux 1019 # reboot = false # complexity = low # strategy = configure diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh index d192f984..37f93ceb 100644 --- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh +++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,WRLinux 1019 +# platform = Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,WRLinux 1019 {{{ bash_instantiate_variables ("var_tftpd_secure_directory") }}} diff --git a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml index 775dcfbe..d2cd2ad3 100644 --- a/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml +++ b/linux_os/guide/services/obsolete/tftp/tftpd_uses_secure_mode/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Ensure tftp Daemon Uses Secure Mode' @@ -40,7 +40,7 @@ references: stigid@ol7: OL07-00-040720 stigid@ol8: OL08-00-040350 stigid@rhel7: RHEL-07-040720 - stigid@rhel8: RHEL-08-040350 + stigid@almalinux8: RHEL-08-040350 ocil_clause: 'this flag is missing' diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml index 07e05068..99d2c008 100644 --- a/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml +++ b/linux_os/guide/services/printing/configure_printing/cups_disable_browsing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Printer Browsing Entirely if Possible' diff --git a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml index 0455776f..e37dae84 100644 --- a/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml +++ b/linux_os/guide/services/printing/configure_printing/cups_disable_printserver/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Print Server Capabilities' diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml index dd72c6f7..00241a47 100644 --- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml +++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 title: 'Disable the CUPS Service' diff --git a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml index 8700dc83..155aa7f8 100644 --- a/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml +++ b/linux_os/guide/services/proxy/disabling_squid/package_squid_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Uninstall squid Package' diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml index f12fa6f2..0b1a4ea5 100644 --- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable Squid' diff --git a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml index 7c01c09b..89f28d22 100644 --- a/linux_os/guide/services/radius/package_freeradius_removed/rule.yml +++ b/linux_os/guide/services/radius/package_freeradius_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Remove the FreeRadius Server Package' diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml index 1bb70346..e1d4dd4c 100644 --- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml +++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Enable the Hardware RNG Entropy Gatherer Service' @@ -24,7 +24,7 @@ references: ospp: FCS_RBG_EXT.1 srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010471 - stigid@rhel8: RHEL-08-010471 + stigid@almalinux8: RHEL-08-010471 ocil_clause: 'the service is not enabled' diff --git a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml index b63deaa8..285c1b64 100644 --- a/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml +++ b/linux_os/guide/services/routing/disabling_quagga/package_quagga_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Uninstall quagga Package' diff --git a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml index 54e52790..c7a14e6f 100644 --- a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml +++ b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15 title: 'Disable Quagga Service' diff --git a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml index da59b70a..c2835fba 100644 --- a/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml +++ b/linux_os/guide/services/smb/configuring_samba/mount_option_smb_client_signing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9 +prodtype: rhel7,rhel8,almalinux8,rhel9 title: 'Require Client SMB Packet Signing, if using mount.cifs' diff --git a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml index 1f7d56c1..4e5fb508 100644 --- a/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml +++ b/linux_os/guide/services/smb/configuring_samba/package_samba-common_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Install the Samba Common Package' diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml index a6606860..f25b9504 100644 --- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml +++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh index 9e1f01f5..d7d4c265 100644 --- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh +++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux ###################################################################### #By Luke "Brisk-OH" Brisk #luke.brisk@boeing.com or luke.brisk@gmail.com diff --git a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml index 103130bc..77660a77 100644 --- a/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml +++ b/linux_os/guide/services/smb/configuring_samba/require_smb_client_signing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Require Client SMB Packet Signing, if using smbclient' diff --git a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml index 0cf80fb6..d9978cea 100644 --- a/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml +++ b/linux_os/guide/services/smb/configuring_samba/smb_server_disable_root/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Disable Root Access to SMB Shares' diff --git a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml index 0a90377e..99e264dc 100644 --- a/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml +++ b/linux_os/guide/services/smb/disabling_samba/package_samba_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Uninstall Samba Package' diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml index 41375ebd..12bf35bf 100644 --- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhel9,sle15 +prodtype: rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable Samba' diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml index bd32b570..299567ea 100644 --- a/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml +++ b/linux_os/guide/services/snmp/disabling_snmp_service/package_net-snmp_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Uninstall net-snmp Package' diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml index 1b1f9e57..1356372e 100644 --- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,rhel7,rhel8,rhel9,sle15 +prodtype: debian10,debian11,debian9,rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Disable snmpd Service' diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh index 084c8934..c38f2b92 100644 --- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh +++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora if grep -s "rwuser" /etc/snmp/snmpd.conf | grep -qv "^#"; then sed -i "/^\s*#/b;/rwuser/ s/^/#/" /etc/snmp/snmpd.conf diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml index 3ff132df..ae50caed 100644 --- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml +++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_no_rwusers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure SNMP Read Write is disabled' diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml index 632c7111..f4f8427b 100644 --- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml +++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = debian 11,debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,WRLinux 1019 +# platform = debian 11,debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,WRLinux 1019 # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh index 50871561..7d4722af 100644 --- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh +++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = debian 11,debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,WRLinux 1019 +# platform = debian 11,debian 10,debian 9,multi_platform_fedora,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,WRLinux 1019 {{{ bash_instantiate_variables("var_snmpd_ro_string", "var_snmpd_rw_string") }}} diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml index 4bfec9ff..87cc1ccf 100644 --- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml +++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_not_default_password/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhel7,rhel8,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 title: 'Ensure Default SNMP Password Is Not Used' diff --git a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml index 789f2264..ef5b6e8d 100644 --- a/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml +++ b/linux_os/guide/services/snmp/snmp_configure_server/snmpd_use_newer_protocol/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9 title: 'Configure SNMP Service to Use Only SNMPv3 or Newer' diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml index 2e3bccf6..7f8c24e2 100644 --- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Group Who Owns SSH Server config file' diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml index a2a1b879..67fe7751 100644 --- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Owner on SSH Server config file' diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml index bcaf46bd..7a0a13db 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Verify Permissions on SSH Server config file' diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml index 98d75350..20db20a0 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_private_key/rule.yml @@ -46,7 +46,7 @@ references: stigid@ol7: OL07-00-040420 stigid@ol8: OL08-00-010490 stigid@rhel7: RHEL-07-040420 - stigid@rhel8: RHEL-08-010490 + stigid@almalinux8: RHEL-08-010490 stigid@sle12: SLES-12-030220 stigid@sle15: SLES-15-040250 diff --git a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml index c0cad148..1d696656 100644 --- a/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml +++ b/linux_os/guide/services/ssh/file_permissions_sshd_pub_key/rule.yml @@ -37,7 +37,7 @@ references: stigid@ol7: OL07-00-040410 stigid@ol8: OL08-00-010480 stigid@rhel7: RHEL-07-040410 - stigid@rhel8: RHEL-08-010480 + stigid@almalinux8: RHEL-08-010480 stigid@sle12: SLES-12-030210 stigid@sle15: SLES-15-040240 diff --git a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml index d49b5e58..a948b56c 100644 --- a/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml +++ b/linux_os/guide/services/ssh/firewalld_sshd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,almalinux8 title: 'Remove SSH Server firewalld Firewall exception (Unusual)' diff --git a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml index d90a6482..791df38c 100644 --- a/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml +++ b/linux_os/guide/services/ssh/package_openssh-clients_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'Install OpenSSH client software' diff --git a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml index 6ce8ee1f..f748ee64 100644 --- a/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml +++ b/linux_os/guide/services/ssh/package_openssh-server_installed/rule.yml @@ -31,7 +31,7 @@ references: stigid@ol7: OL07-00-040300 stigid@ol8: OL08-00-040159 stigid@rhel7: RHEL-07-040300 - stigid@rhel8: RHEL-08-040159 + stigid@almalinux8: RHEL-08-040159 stigid@ubuntu2004: UBTU-20-010042 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml index 88215418..0b4e2d70 100644 --- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml +++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Enable the OpenSSH Service' @@ -41,7 +41,7 @@ references: stigid@ol7: OL07-00-040310 stigid@ol8: OL08-00-040160 stigid@rhel7: RHEL-07-040310 - stigid@rhel8: RHEL-08-040160 + stigid@almalinux8: RHEL-08-040160 stigid@sle12: SLES-12-030100 stigid@sle15: SLES-15-010530 stigid@ubuntu2004: UBTU-20-010042 diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml index 41e7a9a8..106fb84b 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_rekey_limit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhcos4,rhel8,rhel9 +prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure session renegotiation for SSH client' diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml index 1c878701..be1bff4c 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh index 3df859f3..e2ab1886 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 # put line into the file echo "setenv SSH_USE_STRONG_RNG 32" > /etc/profile.d/cc-ssh-strong-rng.csh diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml index cbd17bf0..6b50d0a8 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_csh/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,almalinux8 title: 'SSH client uses strong entropy to seed (for CSH like shells)' diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml index 29c64602..1be957f9 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh index 13306db4..7a5ca21f 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 8,Oracle Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8 # put line into the file echo "export SSH_USE_STRONG_RNG=32" > /etc/profile.d/cc-ssh-strong-rng.sh diff --git a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml index 53728a2b..6021e093 100644 --- a/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml +++ b/linux_os/guide/services/ssh/ssh_client/ssh_client_use_strong_rng_sh/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8 +prodtype: ol8,rhel8,almalinux8 title: 'SSH client uses strong entropy to seed (Bash-like shells)' diff --git a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml index 5a97f74d..104b27f3 100644 --- a/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/disable_host_auth/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml index 2553a4d2..034183d2 100644 --- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol # reboot = false # complexity = low # strategy = configure diff --git a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml index 4945d060..050ce57c 100644 --- a/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/firewalld_sshd_port_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Enable SSH Server firewalld Firewall Exception' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml index 39102e5d..2dcfeeb0 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh index ba598762..d972650e 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_allow_only_protocol2/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^Protocol', '2', '%s %s') }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml index f8d422c6..aafcd046 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh index 397e9994..bdaced02 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("var_sshd_disable_compression") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml index b708373c..d38ad9c2 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_compression/rule.yml @@ -40,7 +40,7 @@ references: stigid@ol7: OL07-00-040470 stigid@ol8: OL08-00-010510 stigid@rhel7: RHEL-07-040470 - stigid@rhel8: RHEL-08-010510 + stigid@almalinux8: RHEL-08-010510 stigid@sle12: SLES-12-030250 stigid@sle15: SLES-15-040280 vmmsrg: SRG-OS-000480-VMM-002000 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml index fa2f4b4d..281c24c4 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_empty_passwords/rule.yml @@ -53,7 +53,7 @@ references: stigid@ol7: OL07-00-010300 stigid@ol8: OL08-00-020330 stigid@rhel7: RHEL-07-010300 - stigid@rhel8: RHEL-08-020330 + stigid@almalinux8: RHEL-08-020330 stigid@sle12: SLES-12-030150 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml index 50eb3cab..c880fbf7 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_gssapi_auth/rule.yml @@ -43,7 +43,7 @@ references: stigid@ol7: OL07-00-040430 stigid@ol8: OL08-00-010522 stigid@rhel7: RHEL-07-040430 - stigid@rhel8: RHEL-08-010522 + stigid@almalinux8: RHEL-08-010522 vmmsrg: SRG-OS-000480-VMM-002000 {{{ complete_ocil_entry_sshd_option(default="yes", option="GSSAPIAuthentication", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml index ac869505..9483f4a0 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_kerb_auth/rule.yml @@ -44,7 +44,7 @@ references: stigid@ol7: OL07-00-040440 stigid@ol8: OL08-00-010521 stigid@rhel7: RHEL-07-040440 - stigid@rhel8: RHEL-08-010521 + stigid@almalinux8: RHEL-08-010521 vmmsrg: SRG-OS-000480-VMM-002000 {{{ complete_ocil_entry_sshd_option(default="yes", option="KerberosAuthentication", value="no") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml index 228a1166..6ba91af4 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh index a6b70585..a11860b5 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_rhosts_rsa/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^RhostsRSAAuthentication', 'no', '%s %s') }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml index b13e175c..96925bf7 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_root_login/rule.yml @@ -49,7 +49,7 @@ references: stigid@ol7: OL07-00-040370 stigid@ol8: OL08-00-010550 stigid@rhel7: RHEL-07-040370 - stigid@rhel8: RHEL-08-010550 + stigid@almalinux8: RHEL-08-010550 stigid@sle12: SLES-12-030140 stigid@sle15: SLES-15-020040 vmmsrg: SRG-OS-000480-VMM-002000 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml index 0987d4cc..4e8c5b2f 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_user_known_hosts/rule.yml @@ -40,7 +40,7 @@ references: stigid@ol7: OL07-00-040380 stigid@ol8: OL08-00-010520 stigid@rhel7: RHEL-07-040380 - stigid@rhel8: RHEL-08-010520 + stigid@almalinux8: RHEL-08-010520 stigid@sle12: SLES-12-030200 stigid@sle15: SLES-15-040230 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml index f92a9042..0cddb5d0 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_disable_x11_forwarding/rule.yml @@ -45,7 +45,7 @@ references: stigid@ol7: OL07-00-040710 stigid@ol8: OL08-00-040340 stigid@rhel7: RHEL-07-040710 - stigid@rhel8: RHEL-08-040340 + stigid@almalinux8: RHEL-08-040340 stigid@sle15: SLES-15-040290 stigid@ubuntu2004: UBTU-20-010048 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml index 44482458..299a93fc 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_do_not_permit_user_env/rule.yml @@ -47,7 +47,7 @@ references: stigid@ol7: OL07-00-010460 stigid@ol8: OL08-00-010830 stigid@rhel7: RHEL-07-010460 - stigid@rhel8: RHEL-08-010830 + stigid@almalinux8: RHEL-08-010830 stigid@sle12: SLES-12-030151 stigid@sle15: SLES-15-040440 stigid@ubuntu2004: UBTU-20-010047 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml index f1232556..3b61d5f1 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_strictmodes/rule.yml @@ -43,7 +43,7 @@ references: stigid@ol7: OL07-00-040450 stigid@ol8: OL08-00-010500 stigid@rhel7: RHEL-07-040450 - stigid@rhel8: RHEL-08-010500 + stigid@almalinux8: RHEL-08-010500 stigid@sle12: SLES-12-030230 stigid@sle15: SLES-15-040260 vmmsrg: SRG-OS-000480-VMM-002000 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml index 5db8d82a..c1c82609 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_enable_warning_banner/rule.yml @@ -46,7 +46,7 @@ references: stigid@ol7: OL07-00-040170 stigid@ol8: OL08-00-010040 stigid@rhel7: RHEL-07-040170 - stigid@rhel8: RHEL-08-010040 + stigid@almalinux8: RHEL-08-010040 stigid@sle12: SLES-12-030050 stigid@sle15: SLES-15-010040 vmmsrg: SRG-OS-000023-VMM-000060,SRG-OS-000024-VMM-000070 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml index be9c7847..c58de35f 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_print_last_log/rule.yml @@ -38,7 +38,7 @@ references: stigid@ol7: OL07-00-040360 stigid@ol8: OL08-00-020350 stigid@rhel7: RHEL-07-040360 - stigid@rhel8: RHEL-08-020350 + stigid@almalinux8: RHEL-08-020350 stigid@sle12: SLES-12-030130 stigid@sle15: SLES-15-020120 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml index 450f244d..7152ffe2 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/rule.yml @@ -25,7 +25,7 @@ references: ospp: FCS_SSHS_EXT.1 srg: SRG-OS-000480-GPOS-00227,SRG-OS-000033-GPOS-00014 stigid@ol8: OL08-00-040161 - stigid@rhel8: RHEL-08-040161 + stigid@almalinux8: RHEL-08-040161 ocil_clause: 'it is commented out or is not set' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh index b9834e6d..8b86e146 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_rekey_limit/tests/rhel8_ok.pass.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 # profiles = xccdf_org.ssgproject.content_profile_ospp sed -e '/RekeyLimit/d' /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml index 5b54ab89..4213bc15 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml index 0b5b7e1a..86f739bf 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_idle_timeout/rule.yml @@ -55,7 +55,7 @@ references: stigid@ol7: OL07-00-040320 stigid@ol8: OL08-00-010201 stigid@rhel7: RHEL-07-040320 - stigid@rhel8: RHEL-08-010201 + stigid@almalinux8: RHEL-08-010201 stigid@sle12: SLES-12-030190 stigid@sle15: SLES-15-010280 stigid@ubuntu2004: UBTU-20-010037 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml index b280e21e..8e1c1810 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh index fcd61646..8143f533 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_sshd_set_keepalive") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml index 9c41c227..e59290a5 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_keepalive_0/rule.yml @@ -53,7 +53,7 @@ references: stigid@ol7: OL07-00-040340 stigid@ol8: OL08-00-010200 stigid@rhel7: RHEL-07-040340 - stigid@rhel8: RHEL-08-010200 + stigid@almalinux8: RHEL-08-010200 stigid@sle12: SLES-12-030191 stigid@sle15: SLES-15-010320 vmmsrg: SRG-OS-000480-VMM-002000 diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml index 16e31302..71125a8d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh index be4fce16..f17dfb14 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_auth_tries/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("sshd_max_auth_tries_value") }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh index 4cc6d659..5e911b46 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/correct_value.pass.sh @@ -1,5 +1,5 @@ # profiles = xccdf_org.ssgproject.content_profile_cis -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 #!/bin/bash SSHD_CONFIG="/etc/ssh/sshd_config" diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh index fcdb800c..77c3e82d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_set_max_sessions/tests/wrong_value.fail.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel, multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux, multi_platform_fedora #!/bin/bash SSHD_CONFIG="/etc/ssh/sshd_config" diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml index 0254221f..4d6c18f9 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_ciphers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004,wrlinux1019,wrlinux8 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004,wrlinux1019,wrlinux8 title: 'Use Only FIPS 140-2 Validated Ciphers' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml index ebaf8525..99e2977f 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Use Only FIPS 140-2 Validated MACs' diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh index 0e08a36d..da95aab4 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/default_correct_value.pass.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "hmac-sha2-512,hmac-sha2-256,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com", '%s %s') }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh index 1ac74ed4..aad9b777 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_approved_macs/tests/wrong_value.fail.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux {{{ bash_replace_or_append('/etc/ssh/sshd_config', '^MACs', "wrong_value_expected_to_fail.com", '%s %s') }}} diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh index 798c4043..322c83cd 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/good_cipher.pass.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora sed -i 's/^\s*Ciphers\s.*//i' /etc/ssh/sshd_config echo "Ciphers aes256-ctr" >> /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh index 19faca73..22bf6bdc 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_ciphers/tests/no_ciphers.fail.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora sed -i 's/^\s*Ciphers\s/# &/i' /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh index 77330241..c5adffff 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/good_mac.pass.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora sed -i 's/^\s*MACs\s.*//i' /etc/ssh/sshd_config echo "MACs hmac-sha2-512" >> /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh index 8d33596e..beafbd6d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_macs/tests/no_macs.fail.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora sed -i 's/^\s*MACs\s/# &/i' /etc/ssh/sshd_config diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml index b6fd81fa..d1f21b26 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/rule.yml @@ -2,7 +2,7 @@ documentation_complete: true # TODO: The plan is not to need this for RHEL>=8.4 # TODO: Compliant setting is SSH_USE_STRONG_RNG set to 32 or more -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'SSH server uses strong entropy to seed' @@ -29,7 +29,7 @@ references: ospp: FCS_RBG_EXT.1.2 srg: SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-010292 - stigid@rhel8: RHEL-08-010292 + stigid@almalinux8: RHEL-08-010292 ocil: |- To determine whether the SSH service is configured to use strong entropy seed, diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh index f4f8c22f..1884e87d 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/bad_config.fail.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux echo 'SSH_USE_STRONG_RNG=1' > /etc/sysconfig/sshd diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh index 70f53ac2..54420303 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/good_config.pass.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux echo 'SSH_USE_STRONG_RNG=32' > /etc/sysconfig/sshd diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh index 1e5f0b29..bb5137b2 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/no_config.fail.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux rm -f /etc/sysconfig/sshd diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh index a10d24a7..d0b4e3a9 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh +++ b/linux_os/guide/services/ssh/ssh_server/sshd_use_strong_rng/tests/quoted.fail.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux echo 'SSH_USE_STRONG_RNG="32"' > /etc/sysconfig/sshd diff --git a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml index 0f693cdf..3a359728 100644 --- a/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml +++ b/linux_os/guide/services/ssh/ssh_server/sshd_x11_use_localhost/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,ubuntu2004 title: 'Prevent remote hosts from connecting to the proxy display' @@ -39,7 +39,7 @@ references: stigid@ol7: OL07-00-040711 stigid@ol8: OL08-00-040341 stigid@rhel7: RHEL-07-040711 - stigid@rhel8: RHEL-08-040341 + stigid@almalinux8: RHEL-08-040341 stigid@sle12: SLES-12-030261 stigid@ubuntu2004: UBTU-20-010049 diff --git a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml index ec0cf86d..dce874ce 100644 --- a/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml +++ b/linux_os/guide/services/sssd/package_sssd-ipa_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4 title: 'Install sssd-ipa Package' diff --git a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml index 0b683c07..8ab70a39 100644 --- a/linux_os/guide/services/sssd/package_sssd_installed/rule.yml +++ b/linux_os/guide/services/sssd/package_sssd_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8 title: 'Install the SSSD Package' diff --git a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml index 123d5ee0..8806239f 100644 --- a/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml +++ b/linux_os/guide/services/sssd/service_sssd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8 title: 'Enable the SSSD Service' diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml index 01a2cdb1..c2cb1cbf 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 title: 'Configure SSSD LDAP Backend Client CA Certificate' diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml index 202fc7f4..711cc57c 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh index 631f9551..c77ea76d 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol {{{ bash_instantiate_variables("var_sssd_ldap_tls_ca_dir") }}} diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml index 430f0e65..c78b10d6 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_ca_dir/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 title: 'Configure SSSD LDAP Backend Client CA Certificate Location' diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml index 891b3e2f..6cb0bce2 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh index 6aada6d0..61fde625 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol {{{ bash_sssd_ldap_config(parameter="ldap_tls_reqcert", value="demand") }}} diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml index 4b9636fb..46b8d977 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_configure_tls_reqcert/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 title: 'Configure SSSD LDAP Backend Client to Demand a Valid Certificate from the Server' diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml index b38bc41f..33c5c903 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh index f6224484..054ba74b 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol {{{ bash_sssd_ldap_config(parameter="ldap_id_use_start_tls", value="true") }}} diff --git a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml index 1f48dc7e..4872f285 100644 --- a/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml +++ b/linux_os/guide/services/sssd/sssd-ldap/sssd_ldap_start_tls/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,wrlinux1019 title: 'Configure SSSD LDAP Backend to Use TLS For All Transactions' diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml index 823c0f55..9f6ad853 100644 --- a/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd_certificate_verification/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh index 3d852610..2868107d 100644 --- a/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_certificate_verification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml index 1d79939f..de72f015 100644 --- a/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml +++ b/linux_os/guide/services/sssd/sssd_certificate_verification/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8,rhel9 +prodtype: fedora,ol8,rhel8,almalinux8,rhel9 title: 'Certificate certificate status checking in SSSD' @@ -25,7 +25,7 @@ references: nist: IA-2(11) srg: SRG-OS-000375-GPOS-00160,SRG-OS-000377-GPOS-00162 stigid@ol8: OL08-00-010400 - stigid@rhel8: RHEL-08-010400 + stigid@almalinux8: RHEL-08-010400 ocil_clause: 'certificate_verification in sssd is not configured' diff --git a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml index f45bcd21..4a62e022 100644 --- a/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_certmap/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8,rhel9 +prodtype: fedora,ol8,rhel8,almalinux8,rhel9 title: 'Enable Certmap in SSSD' @@ -31,7 +31,7 @@ references: nist: IA-5 (2) (c) srg: SRG-OS-000068-GPOS-00036 stigid@ol8: OL08-00-020090 - stigid@rhel8: RHEL-08-020090 + stigid@almalinux8: RHEL-08-020090 warnings: - general: |- diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh index 86f55171..b3f325e7 100644 --- a/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol SSSD_CONF="/etc/sssd/sssd.conf" SSSD_CONF_DIR="/etc/sssd/conf.d/*.conf" diff --git a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml index 984ee37a..dcc31030 100644 --- a/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_pam_services/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4 title: 'Configure PAM in SSSD Services' diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml index ae5e6a67..e2793477 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml index 0ff0bf03..7bebac5d 100644 --- a/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml +++ b/linux_os/guide/services/sssd/sssd_enable_smartcards/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Enable Smartcards in SSSD' @@ -40,7 +40,7 @@ references: ism: 0421,0422,0431,0974,1173,1401,1504,1505,1546,1557,1558,1559,1560,1561 srg: SRG-OS-000375-GPOS-00160,SRG-OS-000105-GPOS-00052 stigid@ol8: OL08-00-020250 - stigid@rhel8: RHEL-08-020250 + stigid@almalinux8: RHEL-08-020250 vmmsrg: SRG-OS-000107-VMM-000530 ocil_clause: 'smart cards are not enabled in SSSD' diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml index 7cfba003..fb36bb09 100644 --- a/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh index fc84083f..39f99c91 100644 --- a/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_instantiate_variables("var_sssd_memcache_timeout") }}} diff --git a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml index ae98eb6e..ef2e1802 100644 --- a/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml +++ b/linux_os/guide/services/sssd/sssd_memcache_timeout/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15 title: 'Configure SSSD''s Memory Cache to Expire' diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml index ebdf0136..73916d8d 100644 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh index 8a20f0c5..42987796 100644 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml index 2be813d2..1775e218 100644 --- a/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml +++ b/linux_os/guide/services/sssd/sssd_offline_cred_expiration/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Configure SSSD to Expire Offline Credentials' @@ -39,7 +39,7 @@ references: nist-csf: PR.AC-1,PR.AC-6,PR.AC-7 srg: SRG-OS-000383-GPOS-00166 stigid@ol8: OL08-00-020290 - stigid@rhel8: RHEL-08-020290 + stigid@almalinux8: RHEL-08-020290 stigid@sle12: SLES-12-010680 stigid@sle15: SLES-15-010500 stigid@ubuntu2004: UBTU-20-010441 diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh index a99fb4dc..44d4423c 100644 --- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol found=false for f in /etc/sssd/sssd.conf /etc/sssd/conf.d/*.conf; do diff --git a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml index 87d8b19f..f10f4648 100644 --- a/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml +++ b/linux_os/guide/services/sssd/sssd_run_as_sssd_user/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8 title: 'Configure SSSD to run as user sssd' diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml index 5bbe0ece..58a41ada 100644 --- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml +++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh index d8a22280..3d98176e 100644 --- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh +++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_instantiate_variables("var_sssd_ssh_known_hosts_timeout") }}} diff --git a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml index 9390dfd4..18970027 100644 --- a/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml +++ b/linux_os/guide/services/sssd/sssd_ssh_known_hosts_timeout/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhv4 +prodtype: fedora,rhel7,rhel8,almalinux8,rhv4 title: 'Configure SSSD to Expire SSH Known Hosts' diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml index a1e83870..e097b6be 100644 --- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml +++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/kubernetes/shared.yml @@ -1,3 +1,3 @@ --- -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos {{{ kubernetes_usbguard_set(["xccdf_org.ssgproject.content_rule_package_usbguard_installed"]) }}} diff --git a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml index b7f08b1a..191edb28 100644 --- a/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml +++ b/linux_os/guide/services/usbguard/configure_usbguard_auditbackend/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Log USBGuard daemon audit events using Linux Audit' @@ -27,7 +27,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000062-GPOS-00031 stigid@ol8: OL08-00-030603 - stigid@rhel8: RHEL-08-030603 + stigid@almalinux8: RHEL-08-030603 ocil_clause: 'AuditBackend is not set to LinuxAudit' diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml index d9ea0648..03256e44 100644 --- a/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml +++ b/linux_os/guide/services/usbguard/package_usbguard_installed/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml index 0d5f3be9..38322ba6 100644 --- a/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml +++ b/linux_os/guide/services/usbguard/package_usbguard_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Install usbguard Package' @@ -50,7 +50,7 @@ references: nist: CM-8(3),IA-3 srg: SRG-OS-000378-GPOS-00163 stigid@ol8: OL08-00-040139 - stigid@rhel8: RHEL-08-040139 + stigid@almalinux8: RHEL-08-040139 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml index 9f1c7879..de556cd5 100644 --- a/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml +++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig metadata: diff --git a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml index aa3799de..c4a4ba6e 100644 --- a/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml +++ b/linux_os/guide/services/usbguard/service_usbguard_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Enable the USBGuard Service' @@ -28,7 +28,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000378-GPOS-00163 stigid@ol8: OL08-00-040141 - stigid@rhel8: RHEL-08-040141 + stigid@almalinux8: RHEL-08-040141 ocil_clause: 'the service is not enabled' diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml index 35039ee7..d04b9090 100644 --- a/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml +++ b/linux_os/guide/services/usbguard/usbguard_allow_hid/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Authorize Human Interface Devices in USBGuard daemon' diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml index 03825010..b072e299 100644 --- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml +++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos {{% macro usbguard_hid_and_hub_config_source() %}} allow with-interface match-all { 03:*:* 09:00:* } {{%- endmacro -%}} diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml index 4d3114e0..ae0ce85d 100644 --- a/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml +++ b/linux_os/guide/services/usbguard/usbguard_allow_hid_and_hub/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Authorize Human Interface Devices and USB hubs in USBGuard daemon' diff --git a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml index d0e11ad2..31033934 100644 --- a/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml +++ b/linux_os/guide/services/usbguard/usbguard_allow_hub/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Authorize USB hubs in USBGuard daemon' diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml index c51c4be6..ff043532 100644 --- a/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml +++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_ol,multi_platform_rhel +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh index e164fe0d..e59b5555 100644 --- a/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh +++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_ol,multi_platform_rhel +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml index 28360202..c95b3cff 100644 --- a/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml +++ b/linux_os/guide/services/usbguard/usbguard_generate_policy/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'Generate USBGuard Policy' @@ -28,7 +28,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000378-GPOS-00163 stigid@ol8: OL08-00-040140 - stigid@rhel8: RHEL-08-040140 + stigid@almalinux8: RHEL-08-040140 ocil_clause: '/etc/usbguard/rules.conf does not exist or is empty' diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml index 3e80fcba..8ec4c4be 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/package_xorg-x11-server-common_removed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Remove the X Windows Package Group' diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml index 67d6836e..98357e4c 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml index 6ceb07bd..ca2425af 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Disable graphical user interface' @@ -42,7 +42,7 @@ references: stigid@ol7: OL07-00-040730 stigid@ol8: OL08-00-040320 stigid@rhel7: RHEL-07-040730 - stigid@rhel8: RHEL-08-040320 + stigid@almalinux8: RHEL-08-040320 ocil_clause: 'xorg related packages are not removed and run level is not correctly configured' diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml index 7c3ef557..fbf7bcec 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml index df56a30b..bd084a90 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Disable X Windows Startup By Setting Default Target' @@ -39,7 +39,7 @@ references: nist: CM-7(a),CM-7(b),CM-6(a) nist-csf: PR.AC-3,PR.PT-4 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel8: RHEL-08-040321 + stigid@almalinux8: RHEL-08-040321 ocil_clause: 'the X windows display server is running and/or has not been disabled' diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh index f7837a25..232f3740 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target.pass.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 systemctl set-default multi-user.target diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh index dc698edc..bd52c73a 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/correct_target_under_lib.pass.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh index 5a20e8ce..5c80ef64 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 systemctl set-default graphical.target diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh index 408409b9..3cc5a7b9 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/tests/wrong_target_under_lib.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = multi_platform_sle,multi_platform_rhv,multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml index 4f6d64fd..3c980eea 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh index 3aaa9140..b9490912 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("login_banner_text") }}} diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml index d5ecd700..6fcb28ec 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Modify the System Login Banner' @@ -114,7 +114,7 @@ references: stigid@ol7: OL07-00-010050 stigid@ol8: OL08-00-010060 stigid@rhel7: RHEL-07-010050 - stigid@rhel8: RHEL-08-010060 + stigid@almalinux8: RHEL-08-010060 stigid@sle12: SLES-12-010030 stigid@sle15: SLES-15-010020 vmmsrg: SRG-OS-000023-VMM-000060,SRG-OS-000024-VMM-000070 diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml index 2c645889..ab68929b 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh index c8267a96..03f6e6ae 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv {{{ bash_instantiate_variables("login_banner_text") }}} diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml index d8d116b5..f19df990 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Modify the System Message of the Day Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml index 856b4477..12dd6c8c 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_issue/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify Group Ownership of System Login Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml index 67ded673..3a8e93c1 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_groupowner_etc_motd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify Group Ownership of Message of the Day Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml index 2ff9b03e..3966251a 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_issue/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify ownership of System Login Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml index 279fad53..9dc1dce7 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_owner_etc_motd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify ownership of Message of the Day Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml index 7e833828..b9de8d32 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_issue/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify permissions on System Login Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml index 71c9d5b0..55d7079a 100644 --- a/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/file_permissions_etc_motd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Verify permissions on Message of the Day Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml index 5814a30b..aa4aa4c5 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml index c9bf3fb1..6a77807d 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_banner_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Enable GNOME3 Login Warning Banner' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-010030 stigid@ol8: OL08-00-010049 stigid@rhel7: RHEL-07-010030 - stigid@rhel8: RHEL-08-010049 + stigid@almalinux8: RHEL-08-010049 stigid@sle12: SLES-12-010040 stigid@sle15: SLES-15-010080 stigid@ubuntu2004: UBTU-20-010002 diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml index 86aff54f..b295782b 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle # reboot = false # strategy = unknown # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml index 9ba8310e..53f61be4 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Set the GNOME3 Login Warning Banner Text' @@ -55,7 +55,7 @@ references: stigid@ol7: OL07-00-010040 stigid@ol8: OL08-00-010050 stigid@rhel7: RHEL-07-010040 - stigid@rhel8: RHEL-08-010050 + stigid@almalinux8: RHEL-08-010050 stigid@sle12: SLES-12-010050 stigid@sle15: SLES-15-010090 stigid@ubuntu2004: UBTU-20-010003 diff --git a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh index 4f31757c..0ed60e11 100644 --- a/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh +++ b/linux_os/guide/system/accounts/accounts-banners/gui_login_banner/dconf_gnome_login_banner_text/tests/correct_value_stig.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8,AlmaLinux 8 # profiles = xccdf_org.ssgproject.content_profile_stig # packages = dconf,gdm diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml index ad3f0771..be0b1bef 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_wrlinux # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh index 138c7e0f..c0ee609d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ubuntu +# platform = multi_platform_sle,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ubuntu if [ -f /usr/bin/authselect ]; then if authselect check; then diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml index a8963c8c..aec18abe 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/rule.yml @@ -48,7 +48,7 @@ references: stigid@ol7: OL07-00-040530 stigid@ol8: OL08-00-020340 stigid@rhel7: RHEL-07-040530 - stigid@rhel8: RHEL-08-020340 + stigid@almalinux8: RHEL-08-020340 stigid@sle12: SLES-12-010390 stigid@sle15: SLES-15-020080 stigid@ubuntu2004: UBTU-20-010453 diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh index 745560a8..1a01cc0c 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh index c8e492a9..49d4d99a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_line_present.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh index 84b10027..4425caae 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh index 31973526..a4818191 100644 --- a/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/display_login_attempts/tests/authselect_silent_present.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml index bd7ad0c9..b11a08e0 100644 --- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol +# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh index b1d8a452..ed798c23 100644 --- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol +# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol if ! grep -Eq '^\s*session\s+required\s+pam_namespace.so\s*$' '/etc/pam.d/login' ; then echo "session required pam_namespace.so" >> "/etc/pam.d/login" fi diff --git a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml index c21c1cb8..e663f820 100644 --- a/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/enable_pam_namespace/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 title: Set Up a Private Namespace in PAM Configuration diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml index f3475f56..3795e5ea 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh index f9d341f0..882ee40d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml index 69a36c49..fd8355a5 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Limit Password Reuse: password-auth' @@ -43,7 +43,7 @@ references: stigid@ol7: OL07-00-010270 stigid@ol8: OL08-00-020220 stigid@rhel7: RHEL-07-010270 - stigid@rhel8: RHEL-08-020221 + stigid@almalinux8: RHEL-08-020221 vmmsrg: SRG-OS-000077-VMM-000440 ocil_clause: |- diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_argument_missing.fail.sh index 70ffeb21..3daa780d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_argument_missing.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_argument_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite authselect create-profile hardening -b sssd diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh index 601400d7..aa768167 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_correct_value.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite remember_cnt=5 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh index 84b10027..4425caae 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh index a1f7ed3c..6a03cccd 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_control.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite remember_cnt=5 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh index 91953352..36ae78c6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_password_auth/tests/authselect_wrong_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite remember_cnt=3 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml index 63ac7db7..52177dff 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh index 2fa41c88..17e1175c 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv {{{ bash_instantiate_variables("var_password_pam_remember", "var_password_pam_remember_control_flag") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml index e30d9f6a..27c416a2 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Limit Password Reuse: system-auth' @@ -43,7 +43,7 @@ references: stigid@ol7: OL07-00-010270 stigid@ol8: OL08-00-020220 stigid@rhel7: RHEL-07-010270 - stigid@rhel8: RHEL-08-020220 + stigid@almalinux8: RHEL-08-020220 vmmsrg: SRG-OS-000077-VMM-000440 ocil_clause: |- diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_argument_missing.fail.sh index 3acc798e..23ebf802 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_argument_missing.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_argument_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite authselect create-profile hardening -b sssd diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh index d0e5ea66..26c5a3e1 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_correct_value.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite remember_cnt=5 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh index 84b10027..4425caae 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh index 4891c441..314a2fad 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_control.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite remember_cnt=5 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh index 1523a9aa..53261854 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_pwhistory_remember_system_auth/tests/authselect_wrong_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_remember=5,var_password_pam_remember_control_flag=requisite remember_cnt=3 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml index 2bdc7fab..d3a5f0d9 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh index f3d2d4c9..db12348e 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("var_password_pam_unix_remember") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml index 8228339c..e1a4b4f4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 title: 'Limit Password Reuse' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_argument_missing.fail.sh index 9d150e25..f93697d4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_argument_missing.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_argument_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_remember=5 authselect create-profile hardening -b sssd diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh index 520ce05a..38816afe 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_correct_value.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_remember=5 remember_cnt=5 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh index 84b10027..4425caae 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh index 48138ce3..bcb790e6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_password_pam_unix_remember/tests/authselect_wrong_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_remember=5 remember_cnt=3 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml index d7344bd3..f5acfc8f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh index 1ec0b35f..36e16a61 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_deny") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml index 7116c61a..1cc2da48 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Lock Accounts After Failed Password Attempts' @@ -47,7 +47,7 @@ references: stigid@ol7: OL07-00-010320 stigid@ol8: OL08-00-020010 stigid@rhel7: RHEL-07-010320 - stigid@rhel8: RHEL-08-020010 + stigid@almalinux8: RHEL-08-020010 vmmsrg: SRG-OS-000021-VMM-000050 ocil_clause: 'limiting the number of failed logon attempts for users is not configured' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh index 1698c1c7..eefea7dc 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/authselect_modified_pam.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh index 3ace8942..892d2841 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_conflicting_settings.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none # variables = var_accounts_passwords_pam_faillock_deny=3 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh index 1f3098d5..e7908d00 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_expected_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_deny=3 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh index fd3ef218..be2476a9 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_lenient_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_deny=3 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh index 7cc53fce..fe906797 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none # variables = var_accounts_passwords_pam_faillock_deny=3 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh index fa81b645..f05ad984 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny/tests/pam_faillock_stricter_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_deny=3 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml index 8ebe5179..a6e53a36 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh index 1dc8548b..1002d32c 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle if [ -f /usr/sbin/authconfig ]; then authconfig --enablefaillock --update diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml index 6004aa8b..b7794d81 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Configure the root Account for Failed Password Attempts' @@ -41,7 +41,7 @@ references: stigid@ol7: OL07-00-010330 stigid@ol8: OL08-00-020022 stigid@rhel7: RHEL-07-010330 - stigid@rhel8: RHEL-08-020022 + stigid@almalinux8: RHEL-08-020022 ocil_clause: 'limiting the number of failed logon attempts for the root user is not configured' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh index 1698c1c7..eefea7dc 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/authselect_modified_pam.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh index cc8c766a..b5274885 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_conflicting_settings.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh index ce8ab690..4ef28d9b 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_expected_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 authselect select sssd --force authselect enable-feature with-faillock diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh index d055d651..bab42079 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_deny_root/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml index f7720460..97f584f6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9 # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh index 937c54e1..54190884 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9 if authselect check; then authselect enable-feature with-faillock diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml index 78ca3bef..35c07ad4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel8,rhel9 +prodtype: fedora,rhel8,almalinux8,rhel9 title: 'Enforce pam_faillock for Local Accounts Only' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh index 856bd56e..71194a32 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_disabled.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 authselect select sssd --force authselect disable-feature with-faillock diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh index 075791de..1ccb03db 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_expected_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 authselect select sssd --force authselect enable-feature with-faillock diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh index 978cccce..8cc6c0b5 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh index 053f9110..04f36271 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_enforce_local/tests/pam_faillock_not_required_pam_files.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none # This test scenario manually modify the pam_faillock.so entries in auth section from diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml index 5e10863a..504681e8 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh index 2d074ac8..1f288aba 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_fail_interval") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml index 28c02b16..3f5be3c3 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Set Interval For Counting Failed Password Attempts' @@ -68,7 +68,7 @@ references: stigid@ol7: OL07-00-010320 stigid@ol8: OL08-00-020012 stigid@rhel7: RHEL-07-010320 - stigid@rhel8: RHEL-08-020012 + stigid@almalinux8: RHEL-08-020012 vmmsrg: SRG-OS-000021-VMM-000050 ocil_clause: 'fail_interval is less than the required value' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh index 1698c1c7..eefea7dc 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/authselect_modified_pam.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh index 03aa084e..69025637 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_conflicting_settings.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none # variables = var_accounts_passwords_pam_faillock_fail_interval=900 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh index 33d3847d..6c6ff204 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_expected_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_fail_interval=900 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh index 9ff681e5..c46804ea 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_lenient_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_fail_interval=900 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh index 29f65d50..fe3dbe7a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none # variables = var_accounts_passwords_pam_faillock_fail_interval=900 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh index bcd46e74..6cd56ad2 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_interval/tests/pam_faillock_stricter_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_fail_interval=900 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml index 938ad04e..ce74f754 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh index 6b55cea5..56b4e403 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("var_accounts_passwords_pam_faillock_unlock_time") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml index 1c8b500f..3d82041e 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Set Lockout Time for Failed Password Attempts' @@ -47,7 +47,7 @@ references: stigid@ol7: OL07-00-010320 stigid@ol8: OL08-00-020014 stigid@rhel7: RHEL-07-010320 - stigid@rhel8: RHEL-08-020016 + stigid@almalinux8: RHEL-08-020016 vmmsrg: SRG-OS-000329-VMM-001180 ocil_clause: 'unlock_time is less than the expected value' diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh index 1698c1c7..eefea7dc 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/authselect_modified_pam.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh index d68ebfad..9e3f6a72 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_conflicting_settings.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none # variables = var_accounts_passwords_pam_faillock_unlock_time=600 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh index 2dc848cb..f2dce610 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_expected_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_unlock_time=600 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh index 38d95831..c4205265 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_lenient_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_unlock_time=600 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh index a4e91c71..fddde09a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_multiple_pam_unix_faillock_conf.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # remediation = none # variables = var_accounts_passwords_pam_faillock_unlock_time=600 diff --git a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh index 5c59de7c..35ad23e6 100644 --- a/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/locking_out_password_attempts/accounts_passwords_pam_faillock_unlock_time/tests/pam_faillock_stricter_faillock_conf.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,Oracle Linux 8 # variables = var_accounts_passwords_pam_faillock_unlock_time=600 authselect select sssd --force diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml index 8fa303fd..fabf9fae 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dcredit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Minimum Digit Characters' @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-010140 stigid@ol8: OL08-00-020130 stigid@rhel7: RHEL-07-010140 - stigid@rhel8: RHEL-08-020130 + stigid@almalinux8: RHEL-08-020130 stigid@ubuntu2004: UBTU-20-010052 vmmsrg: SRG-OS-000071-VMM-000380 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml index f70dbc38..7385655e 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_dictcheck/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol8,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure PAM Enforces Password Requirements - Prevent the Use of Dictionary Words' @@ -30,7 +30,7 @@ references: nist: IA-5(c),IA-5(1)(a),CM-6(a),IA-5(4) srg: SRG-OS-000480-GPOS-00225 stigid@ol8: OL08-00-020300 - stigid@rhel8: RHEL-08-020300 + stigid@almalinux8: RHEL-08-020300 stigid@ubuntu2004: UBTU-20-010056 ocil_clause: 'dictcheck is not found or not equal to the required value' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml index 6ec7dddb..b3a80208 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_difok/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Minimum Different Characters' @@ -48,7 +48,7 @@ references: stigid@ol7: OL07-00-010160 stigid@ol8: OL08-00-020170 stigid@rhel7: RHEL-07-010160 - stigid@rhel8: RHEL-08-020170 + stigid@almalinux8: RHEL-08-020170 stigid@ubuntu2004: UBTU-20-010053 vmmsrg: SRG-OS-000072-VMM-000390 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml index ae762335..9fb6286e 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_local/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel8,rhel9 +prodtype: fedora,rhel8,almalinux8,rhel9 title: 'Ensure PAM Enforces Password Requirements - Enforce for Local Accounts Only' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml index 33dcaf08..7fe6101a 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_enforce_root/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel8,rhel9 +prodtype: fedora,rhel8,almalinux8,rhel9 title: 'Ensure PAM Enforces Password Requirements - Enforce for root User' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml index ecc5aa5b..c7ab88cf 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_lcredit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Minimum Lowercase Characters' @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-010130 stigid@ol8: OL08-00-020120 stigid@rhel7: RHEL-07-010130 - stigid@rhel8: RHEL-08-020120 + stigid@almalinux8: RHEL-08-020120 stigid@ubuntu2004: UBTU-20-010051 vmmsrg: SRG-OS-000070-VMM-000370 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml index 9a829ac5..4d10c97f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxclassrepeat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Maximum Consecutive Repeating Characters from Same Character Class' @@ -40,7 +40,7 @@ references: stigid@ol7: OL07-00-010190 stigid@ol8: OL08-00-020140 stigid@rhel7: RHEL-07-010190 - stigid@rhel8: RHEL-08-020140 + stigid@almalinux8: RHEL-08-020140 ocil_clause: 'that is not the case' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml index d66cd6c1..341d60e4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_maxrepeat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019 title: 'Set Password Maximum Consecutive Repeating Characters' @@ -42,7 +42,7 @@ references: stigid@ol7: OL07-00-010180 stigid@ol8: OL08-00-020150 stigid@rhel7: RHEL-07-010180 - stigid@rhel8: RHEL-08-020150 + stigid@almalinux8: RHEL-08-020150 ocil_clause: 'maxrepeat is not found or not greater than or equal to the required value' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml index 80271080..4362ce4d 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minclass/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Minimum Different Categories' @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-010170 stigid@ol8: OL08-00-020160 stigid@rhel7: RHEL-07-010170 - stigid@rhel8: RHEL-08-020160 + stigid@almalinux8: RHEL-08-020160 ocil_clause: 'minclass is not found or not set equal to or greater than the required value' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml index 1dacca4f..32074440 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_minlen/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Minimum Length' @@ -51,7 +51,7 @@ references: stigid@ol7: OL07-00-010280 stigid@ol8: OL08-00-020230 stigid@rhel7: RHEL-07-010280 - stigid@rhel8: RHEL-08-020230 + stigid@almalinux8: RHEL-08-020230 stigid@ubuntu2004: UBTU-20-010054 vmmsrg: SRG-OS-000072-VMM-000390,SRG-OS-000078-VMM-000450 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml index 5ea25228..f696b791 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ocredit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Minimum Special Characters' @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-010150 stigid@ol8: OL08-00-020280 stigid@rhel7: RHEL-07-010150 - stigid@rhel8: RHEL-08-020280 + stigid@almalinux8: RHEL-08-020280 stigid@ubuntu2004: UBTU-20-010055 vmmsrg: SRG-OS-000266-VMM-000940 diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml index b44c91cb..ddab1b11 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh index d2fca2a7..54ba9638 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux PAM_FILE="password-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml index 34dd6e2f..4f884cdc 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Ensure PAM password complexity module is enabled in password-auth' @@ -24,7 +24,7 @@ identifiers: references: disa: CCI-000366 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel8: RHEL-08-020100 + stigid@almalinux8: RHEL-08-020100 ocil_clause: 'pam_pwquality.so is not enabled in password-auth' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh index 3d696c36..e61d1861 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_commented_entry.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh index 04358992..761dd879 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_correct_entry.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh index 472616a5..40fada43 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_missing_entry.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh index 59f9d6f7..f5217b7e 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_password_auth/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/password-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml index 13cd2045..22a155a2 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh index 9a7972a3..7bb7e02c 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux PAM_FILE="system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml index a5189c61..05a02b7c 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Ensure PAM password complexity module is enabled in system-auth' @@ -24,7 +24,7 @@ identifiers: references: disa: CCI-000366 srg: SRG-OS-000480-GPOS-00227 - stigid@rhel8: RHEL-08-020101 + stigid@almalinux8: RHEL-08-020101 ocil_clause: 'pam_pwquality.so is not enabled in system-auth' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh index 849f16d0..72680589 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_commented_entry.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh index 6a98c244..5cdd9203 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_correct_entry.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh index 6786f6c1..d2cbf886 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_missing_entry.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora authselect create-profile hardening -b sssd CUSTOM_PROFILE="custom/hardening" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh index b3d9e588..890c1cab 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_pwquality_system_auth/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml index 2ba2501d..d44ffffb 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml index 6b2219a3..00695601 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Authentication Retry Prompts Permitted Per-Session' @@ -51,7 +51,7 @@ references: stigid@ol7: OL07-00-010119 stigid@ol8: OL08-00-020100 stigid@rhel7: RHEL-07-010119 - stigid@rhel8: RHEL-08-020104 + stigid@almalinux8: RHEL-08-020104 stigid@ubuntu2004: UBTU-20-010057 ocil_clause: 'it is not the required value' diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh index cf3b3a70..c82c812f 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_commented.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9 # variables = var_password_pam_retry=3 CONF_FILE="/etc/security/pwquality.conf" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh index c0d4fe6c..0fd1cf73 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_correct.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9 # variables = var_password_pam_retry=3 CONF_FILE="/etc/security/pwquality.conf" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh index 3f6c22c5..67fdf9fd 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_missing.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9 CONF_FILE="/etc/security/pwquality.conf" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh index 008be5ba..63708206 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_retry/tests/pwquality_conf_wrong.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9 # variables = var_password_pam_retry=3 CONF_FILE="/etc/security/pwquality.conf" diff --git a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml index e1c2e35e..05c7be63 100644 --- a/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/password_quality/password_quality_pwquality/accounts_password_pam_ucredit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure PAM Enforces Password Requirements - Minimum Uppercase Characters' @@ -49,7 +49,7 @@ references: stigid@ol7: OL07-00-010120 stigid@ol8: OL08-00-020110 stigid@rhel7: RHEL-07-010120 - stigid@rhel8: RHEL-08-020110 + stigid@almalinux8: RHEL-08-020110 stigid@ubuntu2004: UBTU-20-010050 vmmsrg: SRG-OS-000069-VMM-000360 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml index b3e32aa3..547d137b 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh index f929a6e9..9145de3b 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv LIBUSER_CONF="/etc/libuser.conf" CRYPT_STYLE_REGEX='[[:space:]]*\[defaults](.*(\n)+)+?[[:space:]]*crypt_style[[:space:]]*' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml index 29e6497f..25769aee 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_libuserconf/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 title: 'Set Password Hashing Algorithm in /etc/libuser.conf' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml index 8dedf993..51c76b11 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh index 9e3a37d5..706c78de 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle {{{ bash_instantiate_variables("var_password_hashing_algorithm") }}} diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml index 3d9cd4fd..3b855832 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_logindefs/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Set Password Hashing Algorithm in /etc/login.defs' @@ -45,7 +45,7 @@ references: stigid@ol7: OL07-00-010210 stigid@ol8: OL08-00-010110 stigid@rhel7: RHEL-07-010210 - stigid@rhel8: RHEL-08-010110 + stigid@almalinux8: RHEL-08-010110 stigid@sle12: SLES-12-010210 stigid@sle15: SLES-15-010260 stigid@ubuntu2004: UBTU-20-010404 diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh index 1c151a1e..5366f717 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv if ! grep -q "^password.*sufficient.*pam_unix.so.*sha512" "/etc/pam.d/password-auth"; then sed -i --follow-symlinks "/^password.*sufficient.*pam_unix.so/ s/$/ sha512/" "/etc/pam.d/password-auth" diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml index 93752691..0e7e49f4 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_passwordauth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4 title: "Set PAM's Password Hashing Algorithm - password-auth" @@ -58,7 +58,7 @@ references: pcidss: Req-8.2.1 srg: SRG-OS-000073-GPOS-00041 stigid@rhel7: RHEL-07-010200 - stigid@rhel8: RHEL-08-010160 + stigid@almalinux8: RHEL-08-010160 vmmsrg: SRG-OS-000480-VMM-002000 ocil_clause: 'it does not' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh index e7503fee..7ef88148 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv AUTH_FILES[0]="/etc/pam.d/system-auth" {{%- if product == "rhel7" %}} diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml index 59fb48e9..a819d163 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: "Set PAM's Password Hashing Algorithm" @@ -70,7 +70,7 @@ references: stigid@ol7: OL07-00-010200 stigid@ol8: OL08-00-010160 stigid@rhel7: RHEL-07-010200 - stigid@rhel8: RHEL-08-010159 + stigid@almalinux8: RHEL-08-010159 stigid@sle12: SLES-12-010230 stigid@sle15: SLES-15-020170 vmmsrg: SRG-OS-000480-VMM-002000 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml index f6888e51..cae502b8 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle # reboot = false # strategy = disable # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh index 23edb3c9..daae2463 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_rhel,multi_platform_almalinux,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu {{{ bash_replace_or_append('/etc/systemd/system.conf', '^CtrlAltDelBurstAction=', 'none', '%s=%s') }}} diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml index 3045574e..7ce6bb46 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml index c7a63006..2ecbf610 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_burstaction/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 title: 'Disable Ctrl-Alt-Del Burst Action' @@ -71,7 +71,7 @@ references: nist@sle15: CM-6(b),CM-6.1(iv) srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040172 - stigid@rhel8: RHEL-08-040172 + stigid@almalinux8: RHEL-08-040172 stigid@sle15: SLES-15-040062 stigid@ubuntu2004: UBTU-20-010460 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml index 30f06a87..d1b625dd 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_sle # reboot = false # strategy = disable # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh index b20c5e3b..44ba612a 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle,multi_platform_ubuntu {{% if init_system == "systemd" -%}} systemctl disable --now ctrl-alt-del.target systemctl mask --now ctrl-alt-del.target diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml index 517c83c6..041e9a29 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml index e482731c..cfd3dd36 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Disable Ctrl-Alt-Del Reboot Activation' @@ -76,7 +76,7 @@ references: stigid@ol7: OL07-00-020230 stigid@ol8: OL08-00-040170 stigid@rhel7: RHEL-07-020230 - stigid@rhel8: RHEL-08-040170 + stigid@almalinux8: RHEL-08-040170 stigid@sle12: SLES-12-010610 stigid@sle15: SLES-15-040060 stigid@ubuntu2004: UBTU-20-010460 diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh index 8b440146..f53923e8 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/masked.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu systemctl disable --now ctrl-alt-del.target systemctl mask --now ctrl-alt-del.target diff --git a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh index 2279cb46..f4777104 100644 --- a/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/disable_ctrlaltdel_reboot/tests/not_masked.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu systemctl unmask ctrl-alt-del.target diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml index 9e69fdf4..9eabacb9 100644 --- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml index bc371853..ace64b71 100644 --- a/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/grub2_disable_interactive_boot/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Verify that Interactive Boot is Disabled' diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml index 5d28cffd..cb1d56d8 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/ansible/shared.yml @@ -9,7 +9,7 @@ create: yes dest: /usr/lib/systemd/system/emergency.service regexp: "^#?ExecStart=" - {{% if product in ["fedora", "rhel8", "rhel9", "ol8"] -%}} + {{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8"] -%}} line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency" {{%- else -%}} line: 'ExecStart=-/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh index 3e9c8eb0..9cc6f175 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/bash/shared.sh @@ -1,8 +1,8 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv service_file="/usr/lib/systemd/system/emergency.service" -{{% if product in ["fedora", "rhel8", "rhel9", "ol8"] -%}} +{{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8"] -%}} sulogin="/usr/lib/systemd/systemd-sulogin-shell emergency" {{%- else -%}} sulogin='/bin/sh -c "/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml index ef3e796b..7a912d9a 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/oval/shared.xml @@ -12,7 +12,7 @@ /usr/lib/systemd/system/emergency.service - {{%- if product in ["fedora", "rhel8", "rhel9", "ol8"] -%}} + {{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8"] -%}} ^ExecStart=\-/usr/lib/systemd/systemd-sulogin-shell[\s]+emergency {{%- else -%}} ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml index cc0a2c53..f088ded1 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15 title: 'Require Authentication for Emergency Systemd Target' @@ -45,7 +45,7 @@ references: stigid@ol7: OL07-00-010481 stigid@ol8: OL08-00-010152 stigid@rhel7: RHEL-07-010481 - stigid@rhel8: RHEL-08-010152 + stigid@almalinux8: RHEL-08-010152 ocil_clause: 'the output is different' @@ -53,7 +53,7 @@ ocil: |- To check if authentication is required for emergency mode, run the following command: 
$ grep sulogin /usr/lib/systemd/system/emergency.service
The output should be similar to the following, and the line must begin with - {{% if product in ["fedora", "rhel8", "rhel9", "ol8"] -%}} + {{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8"] -%}} ExecStart and /usr/lib/systemd/systemd-sulogin-shell. 
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell emergency
{{%- else -%}} diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh index a8a5c8cc..53d62c68 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/correct_value.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora service_file="/usr/lib/systemd/system/emergency.service" sulogin="/usr/lib/systemd/systemd-sulogin-shell" diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh index 96a0c842..048832a9 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/tests/wrong_value.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora service_file="/usr/lib/systemd/system/emergency.service" sulogin="/bin/bash" diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml index 8173ffa6..79eb17b0 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/ansible/shared.yml @@ -10,7 +10,7 @@ create: yes dest: /usr/lib/systemd/system/rescue.service regexp: "^#?ExecStart=" - {{% if product in ["fedora", "rhel8", "rhel9", "ol8"] -%}} + {{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8"] -%}} line: "ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue" {{% elif product in ["rhel7"] %}} line: 'ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh index 04c9e43c..e20b6d8c 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/bash/shared.sh @@ -1,10 +1,10 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv {{% if init_system == "systemd" -%}} service_file="/usr/lib/systemd/system/rescue.service" -{{% if product in ["fedora", "rhel8", "rhel9", "ol8"] -%}} +{{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8"] -%}} sulogin="/usr/lib/systemd/systemd-sulogin-shell rescue" {{%- elif product in ["rhel7"] -%}} sulogin='/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"' diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml index 9a12b8f1..05ad73ff 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/oval/shared.xml @@ -20,7 +20,7 @@ {{%- if init_system == "systemd" -%}} /usr/lib/systemd/system/rescue.service - {{%- if product in ["fedora", "rhel8", "rhel9", "ol8", "rhcos4"] -%}} + {{%- if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8", "rhcos4"] -%}} ^ExecStart=\-.*/usr/lib/systemd/systemd-sulogin-shell[ ]+rescue {{%- else -%}} ^ExecStart=\-/bin/sh[\s]+-c[\s]+\"(/usr)?/sbin/sulogin;[\s]+/usr/bin/systemctl[\s]+--fail[\s]+--no-block[\s]+default\" diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml index 8d7a4fa7..d5e8c095 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Require Authentication for Single User Mode' @@ -50,7 +50,7 @@ references: stigid@ol7: OL07-00-010481 stigid@ol8: OL08-00-010151 stigid@rhel7: RHEL-07-010481 - stigid@rhel8: RHEL-08-010151 + stigid@almalinux8: RHEL-08-010151 ocil_clause: 'the output is different' @@ -59,7 +59,7 @@ ocil: |- To check if authentication is required for single-user mode, run the following command: 
$ grep sulogin /usr/lib/systemd/system/rescue.service
The output should be similar to the following, and the line must begin with - {{% if product in ["fedora", "rhel8", "rhel9", "ol8", "rhcos4"] -%}} + {{% if product in ["fedora", "rhel8", "almalinux8", "rhel9", "ol8", "rhcos4"] -%}} ExecStart and /usr/lib/systemd/systemd-sulogin-shell. 
ExecStart=-/usr/lib/systemd/systemd-sulogin-shell rescue
{{%- elif product in ["rhel7"] -%}} diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh index 66d47a0e..047a82bd 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/correct_value.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora service_file="/usr/lib/systemd/system/rescue.service" sulogin="/usr/lib/systemd/systemd-sulogin-shell" diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh index d125b29e..6184023c 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/tests/wrong_value.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash -# platform = multi_platform_rhel,multi_platform_fedora +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora service_file="/usr/lib/systemd/system/rescue.service" sulogin="/bin/bash" diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml index 9f224748..2380e50b 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_bashrc_exec_tmux/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Support session locking with tmux' @@ -24,7 +24,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000031-GPOS-00012,SRG-OS-000028-GPOS-00009 stigid@ol8: OL08-00-020041 - stigid@rhel8: RHEL-08-020041 + stigid@almalinux8: RHEL-08-020041 ocil_clause: 'exec tmux is not present at the end of bashrc' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml index dc63eb65..dc693130 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml index ba17de40..1e98cfbd 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_after_time/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure tmux to lock session after inactivity' @@ -25,7 +25,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000029-GPOS-00010 stigid@ol8: OL08-00-020070 - stigid@rhel8: RHEL-08-020070 + stigid@almalinux8: RHEL-08-020070 ocil_clause: 'lock-after-time is not set or set to zero' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml index a3a23d8e..263bc54f 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Configure the tmux Lock Command' @@ -29,7 +29,7 @@ references: nist: AC-11(a),AC-11(b),CM-6(a) srg: SRG-OS-000028-GPOS-00009 stigid@ol8: OL08-00-020040 - stigid@rhel8: RHEL-08-020040 + stigid@almalinux8: RHEL-08-020040 vmmsrg: SRG-OS-000028-VMM-000090,SRG-OS-000030-VMM-000110 ocil_clause: 'lock-command is not set' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh index dacc9147..8a7eebd0 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/file_empty.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 echo > '/etc/tmux.conf' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh index 3b5a134b..34b13717 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_commented.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 echo '# set -g lock-command vlock' >> '/etc/tmux.conf' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh index 7862a7e9..d1806b59 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/line_is_there.pass.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 echo 'set -g lock-command vlock' >> '/etc/tmux.conf' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh index e747275d..07b43ed4 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/configure_tmux_lock_command/tests/wrong_value.fail.sh @@ -1,4 +1,4 @@ #!/bin/bash -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 echo 'set -g lock-command locker' >> '/etc/tmux.conf' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml index 6b2d6cd5..c20712c9 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml index b069a87f..19668abe 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/no_tmux_in_shells/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9 title: 'Prevent user from disabling the screen lock' @@ -26,7 +26,7 @@ references: ospp: FMT_SMF_EXT.1 srg: SRG-OS-000324-GPOS-00125,SRG-OS-000028-GPOS-00009 stigid@ol8: OL08-00-020042 - stigid@rhel8: RHEL-08-020042 + stigid@almalinux8: RHEL-08-020042 ocil_clause: 'tmux is listed in /etc/shells' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml index a76cdedd..be480047 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/console_screen_locking/package_tmux_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4 +prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4 title: 'Install the tmux Package' @@ -43,7 +43,7 @@ references: ospp: FMT_MOF_EXT.1 srg: SRG-OS-000030-GPOS-00011,SRG-OS-000028-GPOS-00009 stigid@ol8: OL08-00-020039 - stigid@rhel8: RHEL-08-020039 + stigid@almalinux8: RHEL-08-020039 vmmsrg: SRG-OS-000030-VMM-000110 ocil_clause: 'the package is not installed' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml index 748bff82..1760268e 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml index 00c9b8cb..607aca4a 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/configure_opensc_card_drivers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Configure opensc Smart Card Drivers' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml index f79727a0..49f74f41 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_rhv,multi_platform_ol,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml index fc2c75e8..367e7869 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/force_opensc_card_drivers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Force opensc To Use Defined Smart Card Driver' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml index 54524233..3697fd65 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/group.yml @@ -5,7 +5,7 @@ title: 'Hardware Tokens for Authentication' description: |- The use of hardware tokens such as smart cards for system login provides stronger, two-factor authentication than using a username and password. - {{% if product in ['ol7', 'ol8'] %}} + {{% if product in ['ol7', 'ol8', 'almalinux8'] %}} In {{{ full_name }}} servers, hardware token login {{% else %}} In Red Hat Enterprise Linux servers and workstations, hardware token login diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml index 27725848..d4221ccc 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml @@ -12,7 +12,7 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Install Smart Card Packages For Multifactor Authentication' @@ -51,7 +51,7 @@ references: stigid@ol7: OL07-00-041001 stigid@ol8: OL08-00-010390 stigid@rhel7: RHEL-07-041001 - stigid@rhel8: RHEL-08-010390 + stigid@almalinux8: RHEL-08-010390 stigid@sle12: SLES-12-030500 stigid@sle15: SLES-15-010460 stigid@ubuntu2004: UBTU-20-010063 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml index a9bcfc66..5e762d5b 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004 title: 'Install the opensc Package For Multifactor Authentication' @@ -36,7 +36,7 @@ references: nist: CM-6(a) srg: SRG-OS-000375-GPOS-00160,SRG-OS-000376-GPOS-00161 stigid@ol8: OL08-00-010410 - stigid@rhel8: RHEL-08-010410 + stigid@almalinux8: RHEL-08-010410 stigid@ubuntu2004: UBTU-20-010064 vmmsrg: SRG-OS-000376-VMM-001520 diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml index 9c6534cf..6cfe9268 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_pcsc-lite_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Install the pcsc-lite package' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml index 6472ade5..2efa5cb5 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/service_pcscd_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Enable the pcscd Service' diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh index 2744af58..0f5c92be 100644 --- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/smartcard_configure_cert_checking/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_ol,multi_platform_sle +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_ol,multi_platform_sle # Install required packages if ! rpm --quiet -q pam_pkcs11; then yum -y -d 1 install pam_pkcs11; fi diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml index ff493491..082c8e61 100644 --- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml +++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml index a9d19544..3db95485 100644 --- a/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/service_debug-shell_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Disable debug-shell SystemD Service' @@ -38,7 +38,7 @@ references: ospp: FIA_UAU.1 srg: SRG-OS-000324-GPOS-00125,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-040180 - stigid@rhel8: RHEL-08-040180 + stigid@almalinux8: RHEL-08-040180 ocil: |- {{{ ocil_service_disabled(service="debug-shell") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml index 74598bc7..680caf4b 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh index 8f1ea001..027aea64 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle {{{ bash_instantiate_variables("var_account_disable_post_pw_expiration") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml index 48d3ecd3..9905d9b5 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Set Account Expiration Following Inactivity' @@ -54,7 +54,7 @@ references: stigid@ol7: OL07-00-010310 stigid@ol8: OL08-00-020260 stigid@rhel7: RHEL-07-010310 - stigid@rhel8: RHEL-08-020260 + stigid@almalinux8: RHEL-08-020260 stigid@sle12: SLES-12-010340 stigid@sle15: SLES-15-020050 stigid@ubuntu2004: UBTU-20-010409 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml index 12926969..572f3fbb 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_emergency_expire_date/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8,rhel9 +prodtype: fedora,ol8,rhel8,almalinux8,rhel9 title: 'Assign Expiration Date to Emergency Accounts' @@ -42,7 +42,7 @@ references: nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6 srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002 stigid@ol8: OL08-00-020270 - stigid@rhel8: RHEL-08-020270 + stigid@almalinux8: RHEL-08-020270 vmmsrg: SRG-OS-000002-VMM-000020,SRG-OS-000123-VMM-000620 ocil_clause: 'any emergency accounts have no expiration date set or do not expire within a documented time frame' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml index bb5a1d55..ecf80300 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_temp_expire_date/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Assign Expiration Date to Temporary Accounts' @@ -45,7 +45,7 @@ references: nist-csf: DE.CM-1,DE.CM-3,PR.AC-1,PR.AC-4,PR.AC-6 srg: SRG-OS-000123-GPOS-00064,SRG-OS-000002-GPOS-00002 stigid@ol8: OL08-00-020000 - stigid@rhel8: RHEL-08-020000 + stigid@almalinux8: RHEL-08-020000 stigid@sle12: SLES-12-010360 stigid@sle15: SLES-15-020000 stigid@ubuntu2004: UBTU-20-010000 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml index d0665b41..f6ced399 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_unique_id/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Ensure All Accounts on the System Have Unique User IDs' @@ -26,7 +26,7 @@ references: nist@sle12: IA-2,IA-2.1,IA-8,IA-8.1 srg: SRG-OS-000104-GPOS-00051,SRG-OS-000121-GPOS-00062,SRG-OS-000042-GPOS-00020 stigid@ol8: OL08-00-020240 - stigid@rhel8: RHEL-08-020240 + stigid@almalinux8: RHEL-08-020240 stigid@sle12: SLES-12-010640 stigid@sle15: SLES-15-010230 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml index d4a4c6b6..7434f97e 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15 title: 'Only Authorized Local User Accounts Exist on Operating System' @@ -39,7 +39,7 @@ references: stigid@ol7: OL07-00-020270 stigid@ol8: OL08-00-020320 stigid@rhel7: RHEL-07-020270 - stigid@rhel8: RHEL-08-020320 + stigid@almalinux8: RHEL-08-020320 stigid@sle12: SLES-12-010630 stigid@sle15: SLES-15-020090 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh index d942f81d..bcafb5e8 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/accounts_authorized_local_users/tests/default.pass.sh @@ -1,5 +1,5 @@ #! /bin/bash -# platform = multi_platform_rhel +# platform = multi_platform_rhel,multi_platform_almalinux var_accounts_authorized_local_users_regex="^(root|bin|daemon|adm|lp|sync|shutdown|halt|mail|operator|games|ftp|nobody|pegasus|systemd-bus-proxy|systemd-network|dbus|polkitd|abrt|unbound|tss|libstoragemgmt|rpc|colord|usbmuxd$|pcp|saslauth|geoclue|setroubleshoot|rtkit|chrony|qemu|radvd|rpcuser|nfsnobody|pulse|gdm|gnome-initial-setup|postfix|avahi|ntp|sshd|tcpdump|oprofile|uuidd)$" diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml index f21cc003..681af208 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_id/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,sle15 +prodtype: fedora,rhel7,rhel8,almalinux8,sle15 title: 'Ensure All Groups on the System Have Unique Group ID' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml index dae8462a..9a804d56 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/group_unique_name/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8,sle15 +prodtype: fedora,rhel7,rhel8,almalinux8,sle15 title: 'Ensure All Groups on the System Have Unique Group Names' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml index bed135a4..1df8f3a2 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh index de0ea219..196d11b0 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_fedora,multi_platform_ubuntu +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_fedora,multi_platform_ubuntu {{{ bash_instantiate_variables("var_accounts_maximum_age_login_defs") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml index 206a08a3..d4136dd0 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_maximum_age_login_defs/rule.yml @@ -54,7 +54,7 @@ references: stigid@ol7: OL07-00-010250 stigid@ol8: OL08-00-020200 stigid@rhel7: RHEL-07-010250 - stigid@rhel8: RHEL-08-020200 + stigid@almalinux8: RHEL-08-020200 stigid@sle12: SLES-12-010280 stigid@sle15: SLES-15-020220 stigid@ubuntu2004: UBTU-20-010008 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml index 0c81c0ee..29f31c65 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml index 34df2e5c..28421050 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_minimum_age_login_defs/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-010230 stigid@ol8: OL08-00-020190 stigid@rhel7: RHEL-07-010230 - stigid@rhel8: RHEL-08-020190 + stigid@almalinux8: RHEL-08-020190 stigid@sle12: SLES-12-010260 stigid@sle15: SLES-15-020200 stigid@ubuntu2004: UBTU-20-010007 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml index eee37bda..a231fa41 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh index cb5efaa5..b2a0809b 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_instantiate_variables("var_accounts_password_minlen_login_defs") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml index c8acda93..907ea25b 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/rule.yml @@ -46,7 +46,7 @@ references: ospp: FMT_MOF_EXT.1 srg: SRG-OS-000078-GPOS-00046 stigid@ol8: OL08-00-020231 - stigid@rhel8: RHEL-08-020231 + stigid@almalinux8: RHEL-08-020231 ocil_clause: 'it is not set to the required value' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh index c1acf5e2..9b209867 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_10.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # # profiles = xccdf_org.ssgproject.content_profile_ospp -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 if grep -q "^PASS_MIN_LEN" /etc/login.defs; then sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 10/" /etc/login.defs diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh index 0e31bd79..a2ff1105 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_12.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # # profiles = xccdf_org.ssgproject.content_profile_ospp -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 if grep -q "^PASS_MIN_LEN" /etc/login.defs; then sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 12/" /etc/login.defs diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh index 88509363..64a38232 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_15.pass.sh @@ -1,7 +1,7 @@ #!/bin/bash # # profiles = xccdf_org.ssgproject.content_profile_ospp -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 if grep -q "^PASS_MIN_LEN" /etc/login.defs; then sed -i "s/^PASS_MIN_LEN.*/PASS_MIN_LEN 15/" /etc/login.defs diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh index bd7ed7a2..78ff205e 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_commented.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # # profiles = xccdf_org.ssgproject.content_profile_ospp -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 sed -i "s/.*PASS_MIN_LEN.*/#PASS_MIN_LEN 12/" /etc/login.defs diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh index 88ecd439..678d3b6d 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_minlen_login_defs/tests/password_minlen_not_there.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # # profiles = xccdf_org.ssgproject.content_profile_ospp -# platform = multi_platform_fedora,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8 sed -i "/^PASS_MIN_LEN.*/d" /etc/login.defs diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh index fc2d9735..58fba606 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml index 4a355eee..a1174cc5 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_max_life_existing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Set Existing Passwords Maximum Age' @@ -34,7 +34,7 @@ references: stigid@ol7: OL07-00-010260 stigid@ol8: OL08-00-020210 stigid@rhel7: RHEL-07-010260 - stigid@rhel8: RHEL-08-020210 + stigid@almalinux8: RHEL-08-020210 stigid@sle12: SLES-12-010290 stigid@sle15: SLES-15-020230 vmmsrg: SRG-OS-000076-VMM-000430 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh index e55a4c9e..468e73ed 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml index 831a3c52..1377b469 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_set_min_life_existing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Set Existing Passwords Minimum Age' @@ -35,7 +35,7 @@ references: stigid@ol7: OL07-00-010240 stigid@ol8: OL08-00-020180 stigid@rhel7: RHEL-07-010240 - stigid@rhel8: RHEL-08-020180 + stigid@almalinux8: RHEL-08-020180 stigid@sle12: SLES-12-010270 stigid@sle15: SLES-15-020210 vmmsrg: SRG-OS-000075-VMM000420 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml index 1091f8c8..00da1b03 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_expiration/accounts_password_warn_age_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml index 2db962da..5351e7ee 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_all_shadowed_sha512/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Verify All Account Password Hashes are Shadowed with SHA512' @@ -37,7 +37,7 @@ references: nist: IA-5(1)(c),IA-5(1).1(v),IA-7,IA-7.1 srg: SRG-OS-000073-GPOS-00041,SRG-OS-000120-GPOS-00061 stigid@ol8: OL08-00-010120 - stigid@rhel8: RHEL-08-010120 + stigid@almalinux8: RHEL-08-010120 stigid@sle12: SLES-12-010220 stigid@sle15: SLES-15-020180 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml index dd260c7e..1b43bf44 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh index b0c50f5f..1f86d0cf 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml index 28e993e5..3bf7ecf2 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Set number of Password Hashing Rounds - password-auth' @@ -33,7 +33,7 @@ references: disa: CCI-000196 srg: SRG-OS-000073-GPOS-00041 stigid@ol8: OL08-00-010130 - stigid@rhel8: RHEL-08-010130 + stigid@almalinux8: RHEL-08-010130 ocil_clause: 'it does not set the appropriate number of hashing rounds' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh index 244ae3db..daf80c77 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_argument_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_rounds=65536 authselect create-profile hardening -b sssd diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh index 8af81389..29542c0f 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_correct_value.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_rounds=65536 ROUNDS=65536 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh index 5af0640b..d853eba1 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none # variables = var_password_pam_unix_rounds=65536 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh index 10d83eac..86d37185 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_password_auth/tests/authselect_wrong_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_rounds=65536 ROUNDS=4000 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml index 2e5aabcd..8f3d7421 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh index 1cd0f94c..67e60d6d 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv {{{ bash_instantiate_variables("var_password_pam_unix_rounds") }}} diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml index 72707db7..2e05990b 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Set number of Password Hashing Rounds - system-auth' @@ -33,7 +33,7 @@ references: disa: CCI-000196 srg: SRG-OS-000073-GPOS-00041 stigid@ol8: OL08-00-010131 - stigid@rhel8: RHEL-08-010131 + stigid@almalinux8: RHEL-08-010131 ocil_clause: 'it does not set the appropriate number of hashing rounds' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh index 506a8075..ed3c8ad2 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_argument_missing.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_rounds=65536 authselect create-profile hardening -b sssd diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh index 48c7f5a4..913b37d7 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_correct_value.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_rounds=65536 ROUNDS=65536 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh index d111f61e..62977fa4 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none # variables = var_password_pam_unix_rounds=65536 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh index 3c25268d..c34e3a10 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/accounts_password_pam_unix_rounds_system_auth/tests/authselect_wrong_value.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # variables = var_password_pam_unix_rounds=65536 ROUNDS=4000 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml index 8e1ae005..27d584b4 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh index c82f2f73..7942e2f7 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = configure # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml index 075cc631..47e67288 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml index 6cf476b6..cbbf8834 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/rule.yml @@ -54,7 +54,7 @@ references: stigid@ol7: OL07-00-010290 stigid@ol8: OL08-00-020331 stigid@rhel7: RHEL-07-010290 - stigid@rhel8: RHEL-08-020331 + stigid@almalinux8: RHEL-08-020331 stigid@sle12: SLES-12-010231 stigid@sle15: SLES-15-020300 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh index 84b10027..4425caae 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_modified_pam.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora # remediation = none SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh index 52ad383d..920e34b3 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_empty_passwords/tests/authselect_nullok_present.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # packages = authselect -# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora SYSTEM_AUTH_FILE="/etc/pam.d/system-auth" diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml index acf0496e..7f1fb69d 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 +# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml index 126f2ba5..9c45e22a 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Ensure there are no legacy + NIS entries in /etc/group' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml index 5baef258..84ddc1e0 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 +# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml index 12e9a125..6bf3b7cc 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Ensure there are no legacy + NIS entries in /etc/passwd' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml index c969414d..7b71e4ce 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4 +# platform = multi_platform_fedora,Red Hat OpenShift Container Platform 4,Oracle Linux 7,Oracle Linux 8,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4 # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml index 102c4def..9dd2ada2 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Ensure there are no legacy + NIS entries in /etc/shadow' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml index 8bc5319d..2b8df2c9 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/accounts_no_uid_except_zero/rule.yml @@ -51,7 +51,7 @@ references: stigid@ol7: OL07-00-020310 stigid@ol8: OL08-00-040200 stigid@rhel7: RHEL-07-020310 - stigid@rhel8: RHEL-08-040200 + stigid@almalinux8: RHEL-08-040200 stigid@sle12: SLES-12-010650 stigid@sle15: SLES-15-020100 diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml index 6fbb7c72..d8e71c19 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml index 8f87bf06..6bed5ef5 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_direct_root_logins/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml index b5bfabab..6742eeb2 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_root_webbrowsing/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 title: 'Restrict Web Browser Use for Administrative Accounts' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml index 2cd7a9ef..f2c75308 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml index 5f9c92aa..119219eb 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/restrict_serial_port_logins/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml index 84560835..c0f76497 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/root_path_default/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8 title: 'Root Path Must Be Vendor Default' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml index 94594008..c71e3c69 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/securetty_root_login_console_only/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml index 7194be9c..33bf1622 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh index 96a41cad..5b36c8a7 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # uncomment the option if commented sed '/^[[:space:]]*#[[:space:]]*auth[[:space:]]\+required[[:space:]]\+pam_wheel\.so[[:space:]]\+use_uid$/s/^[[:space:]]*#//' -i /etc/pam.d/su diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml index 9845160e..4596cfbe 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/use_pam_wheel_for_su/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Enforce usage of pam_wheel for su authentication' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml index e53f7863..f8bfacd0 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh index be3cc99c..6770cf9e 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_fedora {{{ set_config_file("/etc/login.defs", "CREATE_HOME", "yes", create=true, insert_after="", insert_before="^\s*CREATE_HOME", insensitive=true) }}} diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml index 0587c51e..d83d4d1d 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_have_homedir_login_defs/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure Home Directories are Created for New Users' @@ -31,7 +31,7 @@ references: stigid@ol7: OL07-00-020610 stigid@ol8: OL08-00-010760 stigid@rhel7: RHEL-07-020610 - stigid@rhel8: RHEL-08-010760 + stigid@almalinux8: RHEL-08-010760 stigid@sle12: SLES-12-010720 stigid@sle15: SLES-15-020110 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml index 53b68079..2a6b6612 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_sle,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ol # disruption = low # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh index e18dacd3..f7eb010c 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol {{{ bash_instantiate_variables("var_accounts_fail_delay") }}} diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml index e8a68060..b2705ed0 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_logon_fail_delay/rule.yml @@ -32,7 +32,7 @@ references: stigid@ol7: OL07-00-010430 stigid@ol8: OL08-00-020310 stigid@rhel7: RHEL-07-010430 - stigid@rhel8: RHEL-08-020310 + stigid@almalinux8: RHEL-08-020310 stigid@sle12: SLES-12-010140 ocil_clause: 'the above command returns no output, or FAIL_DELAY is configured less than the expected value' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml index 536ac295..d1bff5ff 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh index c0b854da..cb75cd10 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ubuntu,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ubuntu,multi_platform_sle {{{ bash_instantiate_variables("var_accounts_max_concurrent_login_sessions") }}} diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml index 8a6ca3c8..307af457 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_max_concurrent_login_sessions/rule.yml @@ -39,7 +39,7 @@ references: stigid@ol7: OL07-00-040000 stigid@ol8: OL08-00-020024 stigid@rhel7: RHEL-07-040000 - stigid@rhel8: RHEL-08-020024 + stigid@almalinux8: RHEL-08-020024 stigid@sle12: SLES-12-010120 stigid@sle15: SLES-15-020020 stigid@ubuntu2004: UBTU-20-010400 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml index 1bd99ce7..a4f03471 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_tmp/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml index 81a86072..678586dd 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_polyinstantiated_var_tmp/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = multi_platform_fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml index f37ac948..dc8eb410 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml index b970972a..ba6d300d 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Set Interactive Session Timeout' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml index e7d83f84..a8ca1ec9 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_group_ownership/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,ubuntu2004,wrlinux1019 title: 'User Initialization Files Must Be Group-Owned By The Primary User' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml index 94a8b358..5dfeb554 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_no_world_writable_programs/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'User Initialization Files Must Not Run World-Writable Programs' @@ -32,7 +32,7 @@ references: stigid@ol7: OL07-00-020730 stigid@ol8: OL08-00-010660 stigid@rhel7: RHEL-07-020730 - stigid@rhel8: RHEL-08-010660 + stigid@almalinux8: RHEL-08-010660 stigid@sle12: SLES-12-010780 stigid@sle15: SLES-15-040130 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml index 33bb0f51..649e1068 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_dot_user_ownership/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,ubuntu2004,wrlinux1019 title: 'User Initialization Files Must Be Owned By the Primary User' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml index 350d2cc5..76e98b04 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_home_paths_only/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure that Users Path Contains Only Local Directories' @@ -35,7 +35,7 @@ references: stigid@ol7: OL07-00-020720 stigid@ol8: OL08-00-010690 stigid@rhel7: RHEL-07-020720 - stigid@rhel8: RHEL-08-010690 + stigid@almalinux8: RHEL-08-010690 stigid@sle12: SLES-12-010770 stigid@sle15: SLES-15-040120 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml index a666d82f..3e6404d4 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_defined/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'All Interactive Users Must Have A Home Directory Defined' @@ -32,7 +32,7 @@ references: stigid@ol7: OL07-00-020600 stigid@ol8: OL08-00-010720 stigid@rhel7: RHEL-07-020600 - stigid@rhel8: RHEL-08-010720 + stigid@almalinux8: RHEL-08-010720 stigid@sle12: SLES-12-010710 stigid@sle15: SLES-15-040070 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml index 5bca9149..3fabb448 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'All Interactive Users Home Directories Must Exist' @@ -37,7 +37,7 @@ references: stigid@ol7: OL07-00-020620 stigid@ol8: OL08-00-010750 stigid@rhel7: RHEL-07-020620 - stigid@rhel8: RHEL-08-010750 + stigid@almalinux8: RHEL-08-010750 stigid@sle12: SLES-12-010730 stigid@sle15: SLES-15-040080 diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml index b5d629a4..5df2b3e5 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_groupownership/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 title: 'All User Files and Directories In The Home Directory Must Be Group-Owned By The Primary User' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml index 00f5f0b9..55b7fcb0 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_ownership/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 title: 'All User Files and Directories In The Home Directory Must Have a Valid Owner' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml index 4777f8a3..4e9bc29f 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_users_home_files_permissions/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle15,wrlinux1019 title: 'All User Files and Directories In The Home Directory Must Have Mode 0750 Or Less Permissive' diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml index 0d99f9aa..8a93692f 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' @@ -38,7 +38,7 @@ references: stigid@ol7: OL07-00-020650 stigid@ol8: OL08-00-010740 stigid@rhel7: RHEL-07-020650 - stigid@rhel8: RHEL-08-010740 + stigid@almalinux8: RHEL-08-010740 stigid@sle12: SLES-12-010750 stigid@sle15: SLES-15-040100 diff --git a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml index 754dd064..e28b1faf 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_ownership_home_directories/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019 title: 'All Interactive User Home Directories Must Be Owned By The Primary User' diff --git a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml index e33c068f..5a5fa38b 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_permission_user_init_files/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure All User Initialization Files Have Mode 0740 Or Less Permissive' @@ -29,7 +29,7 @@ references: stigid@ol7: OL07-00-020710 stigid@ol8: OL08-00-010770 stigid@rhel7: RHEL-07-020710 - stigid@rhel8: RHEL-08-010770 + stigid@almalinux8: RHEL-08-010770 stigid@sle12: SLES-12-010760 stigid@sle15: SLES-15-040110 diff --git a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml index e8211cb5..b78cb8e9 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_permissions_home_directories/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'All Interactive User Home Directories Must Have mode 0750 Or Less Permissive' @@ -34,7 +34,7 @@ references: stigid@ol7: OL07-00-020630 stigid@ol8: OL08-00-010730 stigid@rhel7: RHEL-07-020630 - stigid@rhel8: RHEL-08-010730 + stigid@almalinux8: RHEL-08-010730 stigid@sle12: SLES-12-010740 stigid@sle15: SLES-15-040090 diff --git a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml index 4e7ea875..ecbce672 100644 --- a/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/root_paths/accounts_root_path_dirs_no_write/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh index 9417c63d..fb02f72b 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol {{{ bash_instantiate_variables("var_accounts_user_umask") }}} diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml index 73c0d4c0..5a2cd9e4 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure the Default Bash Umask is Set Correctly' @@ -40,7 +40,7 @@ references: nist-csf: PR.IP-2 srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227 stigid@ol8: OL08-00-020353 - stigid@rhel8: RHEL-08-020353 + stigid@almalinux8: RHEL-08-020353 ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh index eaaf1d3b..c5abfe41 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/tests/stig_correct.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # profiles = xccdf_org.ssgproject.content_profile_stig -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 sed -i '/umask/d' /etc/bashrc echo "umask 077" >> /etc/bashrc diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh index b5fa44e9..10d895a0 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol {{{ bash_instantiate_variables("var_accounts_user_umask") }}} diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml index 3fe2ebc9..6ea4c7e0 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu2004 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,ubuntu2004 title: 'Ensure the Default C Shell Umask is Set Correctly' @@ -33,7 +33,7 @@ references: nist: AC-6(1),CM-6(a) nist-csf: PR.IP-2 srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227 - stigid@rhel8: RHEL-08-020353 + stigid@almalinux8: RHEL-08-020353 ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh index a6db2863..f33d4eca 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_csh_cshrc/tests/stig_correct.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # profiles = xccdf_org.ssgproject.content_profile_stig -# platform = Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 8,AlmaLinux 8 sed -i '/umask/d' /etc/csh.cshrc echo "umask 077" >> /etc/csh.cshrc diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml index ea0edc6f..073a937f 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh index 575d2b5b..c3a04c68 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_accounts_user_umask") }}} diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml index 11d6291b..368baec7 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_login_defs/rule.yml @@ -41,7 +41,7 @@ references: stigid@ol7: OL07-00-020240 stigid@ol8: OL08-00-020351 stigid@rhel7: RHEL-07-020240 - stigid@rhel8: RHEL-08-020351 + stigid@almalinux8: RHEL-08-020351 stigid@sle12: SLES-12-010620 stigid@sle15: SLES-15-040420 stigid@ubuntu2004: UBTU-20-010016 diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml index 771a09d4..66396b4c 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_profile/rule.yml @@ -36,7 +36,7 @@ references: nist: AC-6(1),CM-6(a) nist-csf: PR.IP-2 srg: SRG-OS-000480-GPOS-00228,SRG-OS-000480-GPOS-00227 - stigid@rhel8: RHEL-08-020353 + stigid@almalinux8: RHEL-08-020353 ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml index 9219e578..e0dd6c26 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_interactive_users/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 title: 'Ensure the Default Umask is Set Correctly For Interactive Users' @@ -28,7 +28,7 @@ references: stigid@ol7: OL07-00-021040 stigid@ol8: OL08-00-020352 stigid@rhel7: RHEL-07-021040 - stigid@rhel8: RHEL-08-020352 + stigid@almalinux8: RHEL-08-020352 ocil_clause: 'the above command returns no output, or if the umask is configured incorrectly' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml index eadfb057..efe6a244 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chmod/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030410 stigid@ol8: OL08-00-030490 stigid@rhel7: RHEL-07-030410 - stigid@rhel8: RHEL-08-030490 + stigid@almalinux8: RHEL-08-030490 stigid@sle12: SLES-12-020460 stigid@sle15: SLES-15-030290 stigid@ubuntu2004: UBTU-20-010152 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml index 970fed53..66609376 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_chown/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030370 stigid@ol8: OL08-00-030480 stigid@rhel7: RHEL-07-030370 - stigid@rhel8: RHEL-08-030480 + stigid@almalinux8: RHEL-08-030480 stigid@sle12: SLES-12-020420 stigid@sle15: SLES-15-030250 stigid@ubuntu2004: UBTU-20-010148 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml index 81cc315e..d32d7960 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmod/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030420 stigid@ol8: OL08-00-030540 stigid@rhel7: RHEL-07-030420 - stigid@rhel8: RHEL-08-030490 + stigid@almalinux8: RHEL-08-030490 stigid@sle12: SLES-12-020470 stigid@sle15: SLES-15-030300 stigid@ubuntu2004: UBTU-20-010153 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml index 9a16e0c0..70b0e92f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchmodat/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030430 stigid@ol8: OL08-00-030530 stigid@rhel7: RHEL-07-030430 - stigid@rhel8: RHEL-08-030490 + stigid@almalinux8: RHEL-08-030490 stigid@sle12: SLES-12-020480 stigid@sle15: SLES-15-030310 stigid@ubuntu2004: UBTU-20-010154 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml index 11d522c2..72012bac 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchown/rule.yml @@ -61,7 +61,7 @@ references: stigid@ol7: OL07-00-030380 stigid@ol8: OL08-00-030520 stigid@rhel7: RHEL-07-030380 - stigid@rhel8: RHEL-08-030480 + stigid@almalinux8: RHEL-08-030480 stigid@sle12: SLES-12-020430 stigid@sle15: SLES-15-030260 stigid@ubuntu2004: UBTU-20-010149 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml index 1f74f950..11288f64 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fchownat/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030400 stigid@ol8: OL08-00-030510 stigid@rhel7: RHEL-07-030400 - stigid@rhel8: RHEL-08-030480 + stigid@almalinux8: RHEL-08-030480 stigid@sle12: SLES-12-020450 stigid@sle15: SLES-15-030280 stigid@ubuntu2004: UBTU-20-010150 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml index a7a3a872..33332a47 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fremovexattr/rule.yml @@ -11,13 +11,13 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -25,13 +25,13 @@ description: |- utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S fremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}} @@ -75,7 +75,7 @@ references: stigid@ol7: OL07-00-030480 stigid@ol8: OL08-00-030240 stigid@rhel7: RHEL-07-030480 - stigid@rhel8: RHEL-08-030200 + stigid@almalinux8: RHEL-08-030200 stigid@sle12: SLES-12-020410 stigid@sle15: SLES-15-030210 stigid@ubuntu2004: UBTU-20-010147 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml index 0bff8533..112e3259 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_fsetxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S fsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S fsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} @@ -70,7 +70,7 @@ references: stigid@ol7: OL07-00-030450 stigid@ol8: OL08-00-030230 stigid@rhel7: RHEL-07-030450 - stigid@rhel8: RHEL-08-030200 + stigid@almalinux8: RHEL-08-030200 stigid@sle12: SLES-12-020380 stigid@sle15: SLES-15-030230 stigid@ubuntu2004: UBTU-20-010144 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml index dec01548..26c3cce5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lchown/rule.yml @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030390 stigid@ol8: OL08-00-030500 stigid@rhel7: RHEL-07-030390 - stigid@rhel8: RHEL-08-030480 + stigid@almalinux8: RHEL-08-030480 stigid@sle12: SLES-12-020440 stigid@sle15: SLES-15-030270 stigid@ubuntu2004: UBTU-20-010151 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml index 8f29dd24..6c5db2b7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lremovexattr/rule.yml @@ -11,13 +11,13 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8"] %}} +{{%- if product in ["rhel8", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8"] %}} +{{%- if product in ["rhel8", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -25,13 +25,13 @@ description: |- utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8"] %}} +{{%- if product in ["rhel8", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lremovexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8"] %}} +{{%- if product in ["rhel8", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S lremovexattr -F auid=0 -F key=perm_mod
{{%- endif %}} @@ -75,7 +75,7 @@ references: stigid@ol7: OL07-00-030490 stigid@ol8: OL08-00-030200 stigid@rhel7: RHEL-07-030490 - stigid@rhel8: RHEL-08-030200 + stigid@almalinux8: RHEL-08-030200 stigid@sle12: SLES-12-020400 stigid@sle15: SLES-15-030200 stigid@ubuntu2004: UBTU-20-010146 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml index 44ff9cf8..52ae4834 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_lsetxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S lsetxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S lsetxattr -F auid=0 -F key=perm_mod
{{%- endif %}} @@ -69,7 +69,7 @@ references: stigid@ol7: OL07-00-030460 stigid@ol8: OL08-00-030220 stigid@rhel7: RHEL-07-030460 - stigid@rhel8: RHEL-08-030200 + stigid@almalinux8: RHEL-08-030200 stigid@sle15: SLES-15-030240 stigid@ubuntu2004: UBTU-20-010143 vmmsrg: SRG-OS-000458-VMM-001810,SRG-OS-000474-VMM-001940 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml index f5b0d926..64ef3a12 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_removexattr/rule.yml @@ -10,13 +10,13 @@ description: |- program to read audit rules during daemon startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

@@ -24,13 +24,13 @@ description: |- utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}}

If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S removexattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S removexattr -F auid=0 -F key=perm_mod
{{%- endif %}} @@ -74,7 +74,7 @@ references: stigid@ol7: OL07-00-030470 stigid@ol8: OL08-00-030210 stigid@rhel7: RHEL-07-030470 - stigid@rhel8: RHEL-08-030200 + stigid@almalinux8: RHEL-08-030200 stigid@sle12: SLES-12-020390 stigid@sle15: SLES-15-030190 stigid@ubuntu2004: UBTU-20-010145 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml index 5dc13a0a..27f641ed 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_dac_actions/audit_rules_dac_modification_setxattr/rule.yml @@ -9,24 +9,24 @@ description: |- startup (the default), add the following line to a file with suffix .rules in the directory /etc/audit/rules.d: 
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the auditd daemon is configured to use the auditctl utility to read audit rules during daemon startup, add the following line to /etc/audit/audit.rules file: 
-a always,exit -F arch=b32 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b32 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} If the system is 64 bit then also add the following line: 
-a always,exit -F arch=b64 -S setxattr -F auid>={{{ auid }}} -F auid!=unset -F key=perm_mod
-{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} 
-a always,exit -F arch=b64 -S setxattr -F auid=0 -F key=perm_mod
{{%- endif %}} @@ -70,7 +70,7 @@ references: stigid@ol7: OL07-00-030440 stigid@ol8: OL08-00-030270 stigid@rhel7: RHEL-07-030440 - stigid@rhel8: RHEL-08-030200 + stigid@almalinux8: RHEL-08-030200 stigid@sle12: SLES-12-020370 stigid@sle15: SLES-15-030220 stigid@ubuntu2004: UBTU-20-010142 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml index eb29c31f..525f475c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_chacl/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Record Any Attempts to Run chacl' @@ -37,7 +37,7 @@ references: nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210 stigid@ol8: OL08-00-030570 - stigid@rhel8: RHEL-08-030570 + stigid@almalinux8: RHEL-08-030570 stigid@sle12: SLES-12-020620 stigid@sle15: SLES-15-030440 stigid@ubuntu2004: UBTU-20-010168 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml index 401f22ff..4d7555c9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_acl_commands/audit_rules_execution_setfacl/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Record Any Attempts to Run setfacl' @@ -37,7 +37,7 @@ references: nist@sle12: AU-3,AU-3.1,AU-12.1(ii),AU-12(a),AU-12.1(iv),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030330 - stigid@rhel8: RHEL-08-030330 + stigid@almalinux8: RHEL-08-030330 stigid@sle12: SLES-12-020610 stigid@sle15: SLES-15-030430 stigid@ubuntu2004: UBTU-20-010167 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml index 6aa92b44..99d49d4b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_chcon/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Any Attempts to Run chcon' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030580 stigid@ol8: OL08-00-030260 stigid@rhel7: RHEL-07-030580 - stigid@rhel8: RHEL-08-030260 + stigid@almalinux8: RHEL-08-030260 stigid@sle12: SLES-12-020630 stigid@sle15: SLES-15-030450 stigid@ubuntu2004: UBTU-20-010165 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml index 02b16e46..cb5b37cb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_restorecon/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Record Any Attempts to Run restorecon' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml index c4a1a692..019ab9a2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_semanage/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 title: 'Record Any Attempts to Run semanage' @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030560 stigid@ol8: OL08-00-030313 stigid@rhel7: RHEL-07-030560 - stigid@rhel8: RHEL-08-030313 + stigid@almalinux8: RHEL-08-030313 vmmsrg: SRG-OS-000463-VMM-001850 ocil: |- diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml index 57f66640..a23e8b47 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setfiles/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Any Attempts to Run setfiles' @@ -47,7 +47,7 @@ references: stigid@ol7: OL07-00-030590 stigid@ol8: OL08-00-030314 stigid@rhel7: RHEL-07-030590 - stigid@rhel8: RHEL-08-030314 + stigid@almalinux8: RHEL-08-030314 vmmsrg: SRG-OS-000463-VMM-001850 ocil: |- diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml index a6ce0ee6..c1224c2d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_setsebool/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 title: 'Record Any Attempts to Run setsebool' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-030570 stigid@ol8: OL08-00-030316 stigid@rhel7: RHEL-07-030570 - stigid@rhel8: RHEL-08-030316 + stigid@almalinux8: RHEL-08-030316 vmmsrg: SRG-OS-000463-VMM-001850 ocil: |- diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml index 00684ec0..2d111f1d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_execution_selinux_commands/audit_rules_execution_seunshare/rule.yml @@ -1,11 +1,11 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Any Attempts to Run seunshare' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh index 275e61d5..6fe950aa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # Perform the remediation for the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml index 3099393b..15487c16 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure auditd Collects File Deletion Events by User' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml index 2157ea14..e877083a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rename/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-030880 stigid@ol8: OL08-00-030361 stigid@rhel7: RHEL-07-030880 - stigid@rhel8: RHEL-08-030361 + stigid@almalinux8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010269 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml index 2598ee66..819f26a3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_renameat/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-030890 stigid@ol8: OL08-00-030362 stigid@rhel7: RHEL-07-030890 - stigid@rhel8: RHEL-08-030361 + stigid@almalinux8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010270 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml index ecb3dfe0..3ab7d061 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_rmdir/rule.yml @@ -49,7 +49,7 @@ references: stigid@ol7: OL07-00-030900 stigid@ol8: OL08-00-030363 stigid@rhel7: RHEL-07-030900 - stigid@rhel8: RHEL-08-030361 + stigid@almalinux8: RHEL-08-030361 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 {{{ complete_ocil_entry_audit_syscall(syscall="rmdir") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml index 8fea9dc4..dab9ce26 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlink/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-030910 stigid@ol8: OL08-00-030364 stigid@rhel7: RHEL-07-030910 - stigid@rhel8: RHEL-08-030361 + stigid@almalinux8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010267 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml index 6a5dcb6b..547ec963 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_deletion_events/audit_rules_file_deletion_events_unlinkat/rule.yml @@ -52,7 +52,7 @@ references: stigid@ol7: OL07-00-030920 stigid@ol8: OL08-00-030365 stigid@rhel7: RHEL-07-030920 - stigid@rhel8: RHEL-08-030361 + stigid@almalinux8: RHEL-08-030361 stigid@ubuntu2004: UBTU-20-010268 vmmsrg: SRG-OS-000466-VMM-001870,SRG-OS-000468-VMM-001890 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml index d3b01863..2bb5eb1b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chmod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Record Successful Permission Changes to Files - chmod' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml index 241d1d63..f9749a32 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_chown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Ownership Changes to Files - chown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml index a1f8f395..173d16fb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Access Attempts to Files - creat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml index ce7070ed..8fdaba2d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - fchmod' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml index 4b6cee01..3f60a691 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchmodat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - fchmodat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml index 6bc0b959..71a0383b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Ownership Changes to Files - fchown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml index e882a57b..ef4a46a9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fchownat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Ownership Changes to Files - fchownat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml index ee4ff3a8..9aaea3ee 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fremovexattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - fremovexattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml index d40bfdee..8ce3cb3a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_fsetxattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - fsetxattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml index 4fe00220..d99a82aa 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_ftruncate/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Access Attempts to Files - ftruncate' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml index 90873b10..2e82232c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lchown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Ownership Changes to Files - lchown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml index acbfbc0e..dfdcfbad 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lremovexattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - lremovexattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml index b669f750..9897c41b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_lsetxattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - lsetxattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml index 9cc9ff86..3de02e18 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Access Attempts to Files - open' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml index 89a65e14..bc586252 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Access Attempts to Files - open_by_handle_at' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml index 38a00312..ad07bfd0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_CREAT' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml index 5ed132a5..0352431c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_by_handle_at_o_trunc_write/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Record Successful Creation Attempts to Files - open_by_handle_at O_TRUNC_WRITE' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml index bef2d87a..ac4e2ebe 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Record Successful Creation Attempts to Files - open O_CREAT' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml index 653e1d8e..d6cf93b7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_open_o_trunc_write/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Record Successful Creation Attempts to Files - open O_TRUNC_WRITE' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml index 16e9b483..7ede712e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Access Attempts to Files - openat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml index 75ead44a..1d342e48 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Record Successful Creation Attempts to Files - openat O_CREAT' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml index 13ff5e23..11279f4b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_openat_o_trunc_write/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9 title: 'Record Successful Creation Attempts to Files - openat O_TRUNC_WRITE' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml index 7d7e3ebe..6e115c37 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_removexattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - removexattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml index 82d103ec..84fa9b87 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_rename/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Delete Attempts to Files - rename' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml index 1736c971..046a17f3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_renameat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Delete Attempts to Files - renameat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml index 75809f4a..852c7f93 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_setxattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Permission Changes to Files - setxattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml index 4d850dc8..c1a49a4f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_truncate/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Access Attempts to Files - truncate' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml index 91e8f67b..0c57eabc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlink/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Delete Attempts to Files - unlink' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml index a11b195b..3e87d37f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_successful_file_modification_unlinkat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4 title: 'Record Successful Delete Attempts to Files - unlinkat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh index 853f8fe9..103b83c1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # Perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml index b6aeb8bc..edb084f7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure auditd Collects Unauthorized Access Attempts to Files (unsuccessful)' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml index ddfe1e9d..ec62165d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chmod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - chmod' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml index 6ca6e27b..bb624b8f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_chown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Ownership Changes to Files - chown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml index 24a4b100..4e38d942 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Unsuccessful Access Attempts to Files - creat' @@ -63,7 +63,7 @@ references: stigid@ol7: OL07-00-030500 stigid@ol8: OL08-00-030470 stigid@rhel7: RHEL-07-030500 - stigid@rhel8: RHEL-08-030420 + stigid@almalinux8: RHEL-08-030420 stigid@sle12: SLES-12-020520 stigid@sle15: SLES-15-030160 stigid@ubuntu2004: UBTU-20-010158 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml index 1a93b453..170e0027 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - fchmod' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml index dd77cd60..bc79016c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchmodat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - fchmodat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml index 3e5da890..6e55b2a9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Ownership Changes to Files - fchown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml index 76f0e177..016e13c9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fchownat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Ownership Changes to Files - fchownat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml index a6fbb185..c1455d6c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fremovexattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - fremovexattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml index bf1ff867..ac79f42c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_fsetxattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - fsetxattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml index f9212bbb..7446c16b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_ftruncate/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Unsuccessful Access Attempts to Files - ftruncate' @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030550 stigid@ol8: OL08-00-030460 stigid@rhel7: RHEL-07-030550 - stigid@rhel8: RHEL-08-030420 + stigid@almalinux8: RHEL-08-030420 stigid@sle12: SLES-12-020510 stigid@sle15: SLES-15-030320 stigid@ubuntu2004: UBTU-20-010157 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml index 3d42cea2..d6d0f45e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lchown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Ownership Changes to Files - lchown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml index 05c1f7c8..a464da9f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lremovexattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - lremovexattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml index e388ec2d..314b64f7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_lsetxattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - lsetxattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml index d64c2a19..13cf42e0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Unsuccessful Access Attempts to Files - open' @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030510 stigid@ol8: OL08-00-030440 stigid@rhel7: RHEL-07-030510 - stigid@rhel8: RHEL-08-030420 + stigid@almalinux8: RHEL-08-030420 stigid@sle12: SLES-12-020490 stigid@sle15: SLES-15-030150 stigid@ubuntu2004: UBTU-20-010155 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml index 937aa74c..dd23cc56 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Unsuccessful Access Attempts to Files - open_by_handle_at' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030530 stigid@ol8: OL08-00-030450 stigid@rhel7: RHEL-07-030530 - stigid@rhel8: RHEL-08-030420 + stigid@almalinux8: RHEL-08-030420 stigid@sle12: SLES-12-020540 stigid@sle15: SLES-15-030180 stigid@ubuntu2004: UBTU-20-010160 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh index b3a9d84a..f9d579a9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml index dbca575d..f00a0ff9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessful Creation Attempts to Files - open_by_handle_at O_CREAT' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh index b3a9d84a..f9d579a9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml index b3a06000..462ad0a1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_o_trunc_write/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessful Modification Attempts to Files - open_by_handle_at O_TRUNC_WRITE' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh index c944fb9e..b506644a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml index 650f5b6d..7104f6cd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_by_handle_at_rule_order/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure auditd Unauthorized Access Attempts To open_by_handle_at Are Ordered Correctly' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh index c1352ae3..31de4374 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml index e0d4117e..222d70c8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessful Creation Attempts to Files - open O_CREAT' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh index c1352ae3..31de4374 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml index 1cc53b18..2d82f928 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_o_trunc_write/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessful Modification Attempts to Files - open O_TRUNC_WRITE' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh index c944fb9e..b506644a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml index 34e5d448..7d6ab8dc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_open_rule_order/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure auditd Rules For Unauthorized Attempts To open Are Ordered Correctly' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml index 15fd7fec..172d1285 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Unsuccessful Access Attempts to Files - openat' @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030520 stigid@ol8: OL08-00-030430 stigid@rhel7: RHEL-07-030520 - stigid@rhel8: RHEL-08-030420 + stigid@almalinux8: RHEL-08-030420 stigid@sle12: SLES-12-020530 stigid@sle15: SLES-15-030170 stigid@ubuntu2004: UBTU-20-010159 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh index c1352ae3..31de4374 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml index b66f7225..e6c6c787 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_creat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessful Creation Attempts to Files - openat O_CREAT' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh index c1352ae3..31de4374 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml index bf575128..4081e603 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_o_trunc_write/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessful Modification Attempts to Files - openat O_TRUNC_WRITE' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh index c944fb9e..b506644a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = multi_platform_rhel,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol {{{ bash_create_audit_remediation_unsuccessful_file_modification_detailed("/etc/audit/rules.d/30-ospp-v42-remediation.rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml index 4a09bc68..40f06aae 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_openat_rule_order/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure auditd Rules For Unauthorized Attempts To openat Are Ordered Correctly' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml index b16b964d..f5d1c1ea 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_removexattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - removexattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml index ae390fc9..bc2c87f4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_rename/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Record Unsuccessul Delete Attempts to Files - rename' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml index b26847c4..95aed62a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_renameat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Record Unsuccessul Delete Attempts to Files - renameat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml index a45d0cda..69fc6720 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_setxattr/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Unsuccessul Permission Changes to Files - setxattr' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml index 3c6a1b12..8ca0eeae 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_truncate/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Unsuccessful Access Attempts to Files - truncate' @@ -65,7 +65,7 @@ references: stigid@ol7: OL07-00-030540 stigid@ol8: OL08-00-030420 stigid@rhel7: RHEL-07-030540 - stigid@rhel8: RHEL-08-030420 + stigid@almalinux8: RHEL-08-030420 stigid@sle12: SLES-12-020500 stigid@sle15: SLES-15-030610 stigid@ubuntu2004: UBTU-20-010156 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml index 327bf51e..b2018008 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlink/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Record Unsuccessul Delete Attempts to Files - unlink' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml index ae5f119a..13f0356d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_file_modification/audit_rules_unsuccessful_file_modification_unlinkat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15 title: 'Record Unsuccessul Delete Attempts to Files - unlinkat' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml index 905c14fe..fb7f6cff 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml index c3d70a84..cbea82ed 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml index f5469c0e..6caf0ab7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol # reboot = false # complexity = low # disruption = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml index 51a61028..71df13a4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml index d55bf54d..f23ea207 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_delete/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on Kernel Module Unloading - delete_module' @@ -54,7 +54,7 @@ references: stigid@ol7: OL07-00-030830 stigid@ol8: OL08-00-030390 stigid@rhel7: RHEL-07-030830 - stigid@rhel8: RHEL-08-030390 + stigid@almalinux8: RHEL-08-030390 stigid@sle12: SLES-12-020730 stigid@sle15: SLES-15-030520 stigid@ubuntu2004: UBTU-20-010302 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml index 2e0780af..2ecb0742 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # complexity = low # disruption = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml index 90d7d43d..818c3cad 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml index 410c103a..50a2090d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_finit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on Kernel Module Loading and Unloading - finit_module' @@ -51,7 +51,7 @@ references: stigid@ol7: OL07-00-030821 stigid@ol8: OL08-00-030380 stigid@rhel7: RHEL-07-030821 - stigid@rhel8: RHEL-08-030360 + stigid@almalinux8: RHEL-08-030360 stigid@sle12: SLES-12-020740 stigid@sle15: SLES-15-030530 stigid@ubuntu2004: UBTU-20-010180 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml index 6f6bd182..d20223bf 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_sle,multi_platform_ol +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_sle,multi_platform_ol # reboot = false # complexity = low # disruption = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml index 2fb9a7ff..7cef862d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml index c7d78888..0ab729e7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_kernel_module_loading/audit_rules_kernel_module_loading_init/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on Kernel Module Loading - init_module' @@ -53,7 +53,7 @@ references: stigid@ol7: OL07-00-030820 stigid@ol8: OL08-00-030360 stigid@rhel7: RHEL-07-030820 - stigid@rhel8: RHEL-08-030360 + stigid@almalinux8: RHEL-08-030360 stigid@sle12: SLES-12-020750 stigid@sle15: SLES-15-030540 stigid@ubuntu2004: UBTU-20-010179 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh index 13991cd7..77a89efb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml index 858affea..0027d79a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Record Attempts to Alter Logon and Logout Events' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml index 6a8fa7cb..7d3cc6c9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_faillock/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Record Attempts to Alter Logon and Logout Events - faillock' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml index cfd5fd79..20a33dde 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_lastlog/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Attempts to Alter Logon and Logout Events - lastlog' @@ -54,7 +54,7 @@ references: stigid@ol7: OL07-00-030620 stigid@ol8: OL08-00-030600 stigid@rhel7: RHEL-07-030620 - stigid@rhel8: RHEL-08-030600 + stigid@almalinux8: RHEL-08-030600 stigid@sle12: SLES-12-020660 stigid@sle15: SLES-15-030480 stigid@ubuntu2004: UBTU-20-010171 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml index ff8a7b24..cfd75f28 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_login_events/audit_rules_login_events_tallylog/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Attempts to Alter Logon and Logout Events - tallylog' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml index 68c8497c..83094aae 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh index 727868f8..76cc889b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_perform_audit_rules_privileged_commands_remediation("auditctl", auid) }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh index 7e15005a..59b04990 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_default.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh index fd97dc6e..78add9a6 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_missing_rule.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules sed -i '/newgrp/d' /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh index 3f534d4d..209478b1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_one_rule.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/audit.rules sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh index 11463a77..cc44abea 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_configured.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules sed -i "s%^ExecStartPost=.*%ExecStartPost=-/sbin/auditctl%" /usr/lib/systemd/system/auditd.service diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh index 0ba1cfb2..77a72fb3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/auditctl_rules_with_perm_x.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/audit.rules sed -i -E 's/^(.*path=[[:graph:]]+ )(.*$)/\1-F perm=x \2/' /etc/audit/audit.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh index 8293c08f..03770257 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_default.fail.sh @@ -1,5 +1,5 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 # augenrules is default for rhel7 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh index c8017b46..576f0d55 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_duplicated.fail.sh @@ -1,7 +1,7 @@ #!/bin/bash # Remediation for this rule cannot remove the duplicates # remediation = none -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d ./generate_privileged_commands_rule.sh 1000 privileged /tmp/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh index 83b00b1e..56866ef9 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_missing_rule.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh index ff78e3de..192f8919 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_one_rule.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d echo "-a always,exit -F path=/usr/bin/sudo -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh index ff080377..1743b072 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh index 694bc049..92b92961 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_configured_mixed_keys.pass.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh index 473d8a0b..2374ffeb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_rules_with_perm_x.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d ./generate_privileged_commands_rule.sh 1000 privileged /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh index 8c7f0479..289aaae3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_mixed_keys.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -k privileged" >> /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh index b7258fe0..beecff6e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/augenrules_two_rules_sep_files.fail.sh @@ -1,6 +1,6 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 mkdir -p /etc/audit/rules.d echo "-a always,exit -F path=/usr/bin/newgrp -F auid>=1000 -F auid!=unset -F key=privileged" >> /etc/audit/rules.d/priv.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh index 3a947ea1..8471b399 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands/tests/rules_with_own_key.pass.sh @@ -1,5 +1,5 @@ #!/bin/bash # remediation = bash -# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8 +# platform = Fedora,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8 ./generate_privileged_commands_rule.sh 1000 own_key /etc/audit/rules.d/privileged.rules diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml index 453b64fe..8da9508a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_at/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "ubuntu2004"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - at' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml index 1ba98b84..182eb072 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chage/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chage' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030660 stigid@ol8: OL08-00-030250 stigid@rhel7: RHEL-07-030660 - stigid@rhel8: RHEL-08-030250 + stigid@almalinux8: RHEL-08-030250 stigid@sle12: SLES-12-020690 stigid@sle15: SLES-15-030120 stigid@ubuntu2004: UBTU-20-010175 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml index b2573957..2be5e675 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_chsh/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - chsh' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030720 stigid@ol8: OL08-00-030410 stigid@rhel7: RHEL-07-030720 - stigid@rhel8: RHEL-08-030410 + stigid@almalinux8: RHEL-08-030410 stigid@sle12: SLES-12-020580 stigid@sle15: SLES-15-030100 stigid@ubuntu2004: UBTU-20-010163 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml index 48fad244..4b2ac61a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_crontab/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - crontab' @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030800 stigid@ol8: OL08-00-030400 stigid@rhel7: RHEL-07-030800 - stigid@rhel8: RHEL-08-030400 + stigid@almalinux8: RHEL-08-030400 stigid@sle12: SLES-12-020710 stigid@sle15: SLES-15-030130 stigid@ubuntu2004: UBTU-20-010177 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml index a0922716..4e766e4a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_gpasswd/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - gpasswd' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030650 stigid@ol8: OL08-00-030370 stigid@rhel7: RHEL-07-030650 - stigid@rhel8: RHEL-08-030370 + stigid@almalinux8: RHEL-08-030370 stigid@sle12: SLES-12-020560 stigid@sle15: SLES-15-030080 stigid@ubuntu2004: UBTU-20-010174 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml index 5baa999e..cb49a4d7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh index f9cbf11b..02cfce0d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_insmod/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/insmod", "x", "modules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml index f5ec9ecf..af2fa414 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_kmod/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["rhel8"] %}} +{{%- if product in ["rhel8", "almalinux8"] %}} {{%- set kmod_audit="-a always,exit -F path=/usr/bin/kmod -F perm=x -F auid>=1000 -F auid!=unset -F key=privileged" %}} {{%- elif product in ["ubuntu2004"] %}} {{%- set kmod_audit="-w /bin/kmod -p x -k modules" %}} @@ -8,7 +8,7 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - kmod' @@ -46,7 +46,7 @@ references: nist: AU-3,AU-3.1,AU-12(a),AU-12.1(ii),AU-12.1(iv)AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000471-GPOS-00216,SRG-OS-000477-GPOS-00222 stigid@ol8: OL08-00-030580 - stigid@rhel8: RHEL-08-030580 + stigid@almalinux8: RHEL-08-030580 stigid@sle12: SLES-12-020360 stigid@sle15: SLES-15-030410 stigid@ubuntu2004: UBTU-20-010297 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml index 8f61ee32..07ddf429 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh index ed9771d0..665d2cc0 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_modprobe/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel,multi_platform_ubuntu +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/modprobe", "x", "modules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml index c8a729bc..82141829 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_mount/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - mount' @@ -50,7 +50,7 @@ references: stigid@ol7: OL07-00-030740 stigid@ol8: OL08-00-030300 stigid@rhel7: RHEL-07-030740 - stigid@rhel8: RHEL-08-030300 + stigid@almalinux8: RHEL-08-030300 stigid@sle12: SLES-12-020290 stigid@ubuntu2004: UBTU-20-010138 vmmsrg: SRG-OS-000471-VMM-001910 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml index e57cd67d..da2919b3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgidmap/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "ubuntu2004"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgidmap' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml index 72a54c6b..3fddf556 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newgrp/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newgrp' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030710 stigid@ol8: OL08-00-030350 stigid@rhel7: RHEL-07-030710 - stigid@rhel8: RHEL-08-030350 + stigid@almalinux8: RHEL-08-030350 stigid@sle12: SLES-12-020570 stigid@sle15: SLES-15-030090 stigid@ubuntu2004: UBTU-20-010164 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml index c66e67d1..831f1655 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_newuidmap/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "ubuntu2004"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - newuidmap' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml index 6d161b5d..7e65a6d5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pam_timestamp_check/rule.yml @@ -1,5 +1,5 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} @@ -11,7 +11,7 @@ documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pam_timestamp_check' @@ -66,7 +66,7 @@ references: stigid@ol7: OL07-00-030810 stigid@ol8: OL08-00-030340 stigid@rhel7: RHEL-07-030810 - stigid@rhel8: RHEL-08-030340 + stigid@almalinux8: RHEL-08-030340 stigid@sle12: SLES-12-020720 stigid@sle15: SLES-15-030510 stigid@ubuntu2004: UBTU-20-010178 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml index 586efb3e..cc26d446 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_passwd/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - passwd' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030630 stigid@ol8: OL08-00-030290 stigid@rhel7: RHEL-07-030630 - stigid@rhel8: RHEL-08-030290 + stigid@almalinux8: RHEL-08-030290 stigid@sle12: SLES-12-020550 stigid@sle15: SLES-15-030070 stigid@ubuntu2004: UBTU-20-010172 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml index c5cd8408..b2b5d4cf 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postdrop/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postdrop' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-030760 stigid@ol8: OL08-00-030311 stigid@rhel7: RHEL-07-030760 - stigid@rhel8: RHEL-08-030311 + stigid@almalinux8: RHEL-08-030311 vmmsrg: SRG-OS-000471-VMM-001910 ocil_clause: 'it is not the case' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml index 4a15cd91..1d268284 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_postqueue/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - postqueue' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-030770 stigid@ol8: OL08-00-030312 stigid@rhel7: RHEL-07-030770 - stigid@rhel8: RHEL-08-030312 + stigid@almalinux8: RHEL-08-030312 vmmsrg: SRG-OS-000471-VMM-001910 ocil_clause: 'it is not the case' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml index 0b4bb3cc..37995c62 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_pt_chown/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - pt_chown' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml index f3c3324e..d5545d32 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh index cab3cb16..d895a1d3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_rmmod/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_sle,multi_platform_rhel +# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/sbin/rmmod", "x", "modules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml index 8cdfca3d..72b0ee78 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_agent/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Record Any Attempts to Run ssh-agent' @@ -39,7 +39,7 @@ references: nist@sle12: AU-3,AU-3.1,AU-12(a),AU-12(c),AU-12.1(a),AU-12.1(ii),AU-12.1(iv),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030280 - stigid@rhel8: RHEL-08-030280 + stigid@almalinux8: RHEL-08-030280 stigid@sle12: SLES-12-020310 stigid@sle15: SLES-15-030370 stigid@ubuntu2004: UBTU-20-010140 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml index 96fd5e95..914f7b0d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_ssh_keysign/rule.yml @@ -1,4 +1,4 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} @@ -10,7 +10,7 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - ssh-keysign' @@ -65,7 +65,7 @@ references: stigid@ol7: OL07-00-030780 stigid@ol8: OL08-00-030320 stigid@rhel7: RHEL-07-030780 - stigid@rhel8: RHEL-08-030320 + stigid@almalinux8: RHEL-08-030320 stigid@sle12: SLES-12-020320 stigid@sle15: SLES-15-030060 stigid@ubuntu2004: UBTU-20-010141 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml index cd83c4ed..659233c3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_su/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - su' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030680 stigid@ol8: OL08-00-030190 stigid@rhel7: RHEL-07-030680 - stigid@rhel8: RHEL-08-030190 + stigid@almalinux8: RHEL-08-030190 stigid@sle12: SLES-12-020250 stigid@sle15: SLES-15-030550 stigid@ubuntu2004: UBTU-20-010136 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml index a3bac816..0da31642 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudo/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudo' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030690 stigid@ol8: OL08-00-030550 stigid@rhel7: RHEL-07-030690 - stigid@rhel8: RHEL-08-030550 + stigid@almalinux8: RHEL-08-030550 stigid@sle12: SLES-12-020260 stigid@sle15: SLES-15-030560 stigid@ubuntu2004: UBTU-20-010161 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml index a401027e..15a7c2cb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_sudoedit/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle15", "ubuntu2004"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle15", "ubuntu2004"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - sudoedit' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml index 5fa4a273..f649ffb2 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_umount/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - umount' @@ -58,7 +58,7 @@ references: stigid@ol7: OL07-00-030750 stigid@ol8: OL08-00-030301 stigid@rhel7: RHEL-07-030750 - stigid@rhel8: RHEL-08-030301 + stigid@almalinux8: RHEL-08-030301 stigid@sle12: SLES-12-020300 stigid@ubuntu2004: UBTU-20-010139 vmmsrg: SRG-OS-000471-VMM-001910 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml index 15fe5052..aa270bad 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_chkpwd/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_chkpwd' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030640 stigid@ol8: OL08-00-030317 stigid@rhel7: RHEL-07-030640 - stigid@rhel8: RHEL-08-030317 + stigid@almalinux8: RHEL-08-030317 stigid@sle12: SLES-12-020680 stigid@sle15: SLES-15-030110 vmmsrg: SRG-OS-000471-VMM-001910 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml index 64a4c85e..7ea9b814 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_unix_update/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - unix_update' @@ -38,7 +38,7 @@ references: disa: CCI-000169,CCI-000172 srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000064-GPOS-00033,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215 stigid@ol8: OL08-00-030310 - stigid@rhel8: RHEL-08-030310 + stigid@almalinux8: RHEL-08-030310 stigid@ubuntu2004: UBTU-20-010173 ocil_clause: 'it is not the case' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml index 448d36c4..b085b827 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_userhelper/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - userhelper' @@ -57,7 +57,7 @@ references: stigid@ol7: OL07-00-030670 stigid@ol8: OL08-00-030315 stigid@rhel7: RHEL-07-030670 - stigid@rhel8: RHEL-08-030315 + stigid@almalinux8: RHEL-08-030315 vmmsrg: SRG-OS-000471-VMM-001910 ocil_clause: 'it is not the case' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml index 8cd21a5c..853577b8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usermod/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usermod' @@ -41,7 +41,7 @@ references: nist@sle12: AU-3,AU-12(a),AU-12(c),MA-4(1)(a) srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000466-GPOS-00210 stigid@ol8: OL08-00-030560 - stigid@rhel8: RHEL-08-030560 + stigid@almalinux8: RHEL-08-030560 stigid@sle12: SLES-12-020700 stigid@sle15: SLES-15-030500 stigid@ubuntu2004: UBTU-20-010176 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml index 88fc3a7c..1159b2eb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_privileged_commands/audit_rules_privileged_commands_usernetctl/rule.yml @@ -1,10 +1,10 @@ -{{%- if product in ["rhel8", "rhel9"] %}} +{{%- if product in ["rhel8", "rhel9", "almalinux8"] %}} {{%- set perm_x="-F perm=x " %}} {{%- endif %}} documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects Information on the Use of Privileged Commands - usernetctl' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml index 4fd5bef0..30e9c339 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/group' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml index 79dc227e..d97d3a1e 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/group' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml index e1221d1a..d4b05056 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_group_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/group' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml index 84d77e89..969bb5e4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/gshadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml index 3c8971e4..91444872 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/gshadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml index 6ee8ef91..7b7abadc 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_gshadow_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/gshadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml index 449fe58e..9a8dc9be 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/passwd' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml index 37094bd4..a62486e4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/passwd' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml index ee516082..6ae9798c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_passwd_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/passwd' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml index 01b22ecb..f3c198fb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open syscall - /etc/shadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml index 0eaf7977..2c4c9699 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_open_by_handle_at/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via open_by_handle_at syscall - /etc/shadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml index a1a40472..325c88f4 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_etc_shadow_openat/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9 title: 'Record Events that Modify User/Group Information via openat syscall - /etc/shadow' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh index b9daadd7..514f4744 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Traverse all of: # diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml index 26d02c24..28daa910 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos apiVersion: machineconfiguration.openshift.io/v1 kind: MachineConfig spec: diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml index d298d9e9..d4add406 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_immutable/rule.yml @@ -51,4 +51,4 @@ references: pcidss: Req-10.5.2 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 stigid@ol8: OL08-00-030121 - stigid@rhel8: RHEL-08-030121 + stigid@almalinux8: RHEL-08-030121 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml index e55119fd..2e7514b5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh index 632149b9..038c574b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/selinux/", "wa", "MAC-policy") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml index 4534624b..7d1db5bb 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_mac_modification/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml index e3b53819..cef1ede1 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_media_export/rule.yml @@ -53,7 +53,7 @@ references: stigid@ol7: OL07-00-030740 stigid@ol8: OL08-00-030302 stigid@rhel7: RHEL-07-030740 - stigid@rhel8: RHEL-08-030302 + stigid@almalinux8: RHEL-08-030302 stigid@sle12: SLES-12-020290 stigid@sle15: SLES-15-030350 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml index 3c1ca33a..fdb0252c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot =false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh index 352d01bd..a3b0b525 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_networkconfig_modification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml index 7f2f4e29..7ad5c59a 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh index d01b505a..8cce3781 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/var/run/utmp", "wa", "session") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml index 1decbff9..083f80bd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_session_events/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml index 36f780a9..f4141fe3 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers' @@ -30,7 +30,7 @@ references: disa: CCI-000169,CCI-002884 srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 stigid@ol8: OL08-00-030171 - stigid@rhel8: RHEL-08-030171 + stigid@almalinux8: RHEL-08-030171 ocil_clause: 'there is not output' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml index a5f906e9..36370d87 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sudoers_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'Ensure auditd Collects System Administrator Actions - /etc/sudoers.d/' @@ -30,7 +30,7 @@ references: disa: CCI-000169,CCI-002884 srg: SRG-OS-000004-GPOS-00004,SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000304-GPOS-00121,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000470-GPOS-00214,SRG-OS-000471-GPOS-00215,SRG-OS-000239-GPOS-00089,SRG-OS-000240-GPOS-00090,SRG-OS-000241-GPOS-00091,SRG-OS-000303-GPOS-00120,SRG-OS-000304-GPOS-00121,SRG-OS-000466-GPOS-00210,SRG-OS-000476-GPOS-00221 stigid@ol8: OL08-00-030172 - stigid@rhel8: RHEL-08-030172 + stigid@almalinux8: RHEL-08-030172 ocil_clause: 'there is not output' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml index 9583a47b..b68aa06b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh index c474fe55..d3ad208d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml index 6635fa92..53d1d152 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_suid_privilege_function/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004 title: 'Record Events When Privileged Executables Are Run' @@ -41,7 +41,7 @@ references: stigid@ol7: OL07-00-030360 stigid@ol8: OL08-00-030000 stigid@rhel7: RHEL-07-030360 - stigid@rhel8: RHEL-08-030000 + stigid@almalinux8: RHEL-08-030000 stigid@sle12: SLES-12-020240 stigid@sle15: SLES-15-030640 stigid@ubuntu2004: UBTU-20-010211 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh index 3b1d4ede..420f5707 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle +# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/sudoers", "wa", "actions") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml index 5c99e72f..88c36f80 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_sysadmin_actions/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml index 9f8dd579..7683678f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_system_shutdown/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 +prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019 title: 'Shutdown System When Auditing Failures Occur' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh index 39eac550..5d9c29be 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/group", "wa", "audit_rules_usergroup_modification") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml index 6cb77454..8abc7409 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_group/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Events that Modify User/Group Information - /etc/group' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030871 stigid@ol8: OL08-00-030170 stigid@rhel7: RHEL-07-030871 - stigid@rhel8: RHEL-08-030170 + stigid@almalinux8: RHEL-08-030170 stigid@sle12: SLES-12-020210 stigid@sle15: SLES-15-030010 stigid@ubuntu2004: UBTU-20-010101 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml index 1bdaf0fe..11403df8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_gshadow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Events that Modify User/Group Information - /etc/gshadow' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030872 stigid@ol8: OL08-00-030160 stigid@rhel7: RHEL-07-030872 - stigid@rhel8: RHEL-08-030160 + stigid@almalinux8: RHEL-08-030160 stigid@sle12: SLES-12-020590 stigid@sle15: SLES-15-030040 stigid@ubuntu2004: UBTU-20-010103 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml index f039be50..0eaf7df5 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_opasswd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Events that Modify User/Group Information - /etc/security/opasswd' @@ -60,7 +60,7 @@ references: stigid@ol7: OL07-00-030874 stigid@ol8: OL08-00-030140 stigid@rhel7: RHEL-07-030874 - stigid@rhel8: RHEL-08-030140 + stigid@almalinux8: RHEL-08-030140 stigid@sle12: SLES-12-020230 stigid@sle15: SLES-15-030030 stigid@ubuntu2004: UBTU-20-010104 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml index 188d28a7..47fb62ff 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_passwd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Events that Modify User/Group Information - /etc/passwd' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030870 stigid@ol8: OL08-00-030150 stigid@rhel7: RHEL-07-030870 - stigid@rhel8: RHEL-08-030150 + stigid@almalinux8: RHEL-08-030150 stigid@sle12: SLES-12-020200 stigid@sle15: SLES-15-030000 stigid@ubuntu2004: UBTU-20-010100 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml index 7e2e181f..c87e8290 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_rules_usergroup_modification_shadow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Record Events that Modify User/Group Information - /etc/shadow' @@ -59,7 +59,7 @@ references: stigid@ol7: OL07-00-030873 stigid@ol8: OL08-00-030130 stigid@rhel7: RHEL-07-030873 - stigid@rhel8: RHEL-08-030130 + stigid@almalinux8: RHEL-08-030130 stigid@sle12: SLES-12-020220 stigid@sle15: SLES-15-030020 stigid@ubuntu2004: UBTU-20-010102 diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh index e829590e..e72d090f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml index 3fbd4948..27378a92 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_adjtimex/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh index 1dd7cb10..9c43228d 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # First perform the remediation of the syscall rule # Retrieve hardware architecture of the underlying system diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml index 18bb2671..8f0bffdd 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_clock_settime/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh index e829590e..e72d090f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml index e2f2d649..bd5c2434 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_settimeofday/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh index e829590e..e72d090f 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/bash/shared.sh @@ -1,3 +1,3 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle {{{ bash_perform_audit_adjtimex_settimeofday_stime_remediation() }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml index 7ea72adf..28662fe8 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_stime/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh index 742bbfc4..e9db1df7 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle # Perform the remediation for both possible tools: 'auditctl' and 'augenrules' {{{ bash_fix_audit_watch_rule("auditctl", "/etc/localtime", "wa", "audit_time_rules") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml index ac72267a..67ee8659 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/audit_time_rules/audit_rules_time_watch_localtime/kubernetes/shared.yml @@ -1,5 +1,5 @@ --- -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos # reboot = true # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml index ec17adf5..0ecb4079 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_access_var_log_audit/ansible/shared.yml @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv # reboot = false # strategy = restrict # complexity = low diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml index 95272cce..2daa232b 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_group_ownership_var_log_audit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'System Audit Directories Must Be Group Owned By Root' @@ -34,7 +34,7 @@ references: pcidss: Req-10.5.1 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030110 - stigid@rhel8: RHEL-08-030110 + stigid@almalinux8: RHEL-08-030110 ocil: |- {{{ describe_file_group_owner(file="/var/log/audit", group="root") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml index acec72a8..a7322a9c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_ownership_var_log_audit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9 +prodtype: ol8,rhel8,almalinux8,rhel9 title: 'System Audit Directories Must Be Owned By Root' @@ -32,7 +32,7 @@ references: pcidss: Req-10.5.1 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030100 - stigid@rhel8: RHEL-08-030100 + stigid@almalinux8: RHEL-08-030100 ocil: |- {{{ describe_file_owner(file="/var/log/audit", owner="root") }}} diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh index 8683b710..14f0fc0c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu if LC_ALL=C grep -iw ^log_file /etc/audit/auditd.conf; then DIR=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ' | rev | cut -d"/" -f2- | rev) diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml index 10d443b7..c42b97ad 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/directory_permissions_var_log_audit/rule.yml @@ -31,7 +31,7 @@ references: nist-csf: DE.AE-3,DE.AE-5,PR.AC-4,PR.DS-5,PR.PT-1,RS.AN-1,RS.AN-4 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029 stigid@ol8: OL08-00-030120 - stigid@rhel8: RHEL-08-030120 + stigid@almalinux8: RHEL-08-030120 stigid@ubuntu2004: UBTU-20-010128 ocil_clause: 'any are more permissive' diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml index 2efc71f8..cfaf1e45 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_group_ownership_var_log_audit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,ubuntu2004 title: 'System Audit Logs Must Be Group Owned By Root' @@ -37,7 +37,7 @@ references: pcidss: Req-10.5.1 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030090 - stigid@rhel8: RHEL-08-030090 + stigid@almalinux8: RHEL-08-030090 stigid@ubuntu2004: UBTU-20-010124 ocil: |- diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml index 60d46adc..048ecf8c 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_ownership_var_log_audit_stig/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol8,rhel8,rhel9,ubuntu2004 +prodtype: ol8,rhel8,almalinux8,rhel9,ubuntu2004 title: 'System Audit Logs Must Be Owned By Root' @@ -34,7 +34,7 @@ references: pcidss: Req-10.5.1 srg: SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029,SRG-OS-000206-GPOS-00084 stigid@ol8: OL08-00-030080 - stigid@rhel8: RHEL-08-030080 + stigid@almalinux8: RHEL-08-030080 stigid@ubuntu2004: UBTU-20-010123 ocil: |- diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh index 2b146586..859d7317 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/bash/shared.sh @@ -1,4 +1,4 @@ -# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu +# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu if LC_ALL=C grep -iw log_file /etc/audit/auditd.conf; then FILE=$(awk -F "=" '/^log_file/ {print $2}' /etc/audit/auditd.conf | tr -d ' ') diff --git a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml index a7056eda..e84a3847 100644 --- a/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml +++ b/linux_os/guide/system/auditing/auditd_configure_rules/file_permissions_var_log_audit/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu2004 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu2004 title: 'System Audit Logs Must Have Mode 0640 or Less Permissive' @@ -40,7 +40,7 @@ references: stigid@ol7: OL07-00-910055 stigid@ol8: OL08-00-030070 stigid@rhel7: RHEL-07-910055 - stigid@rhel8: RHEL-08-030070 + stigid@almalinux8: RHEL-08-030070 stigid@ubuntu2004: UBTU-20-010122 ocil_clause: 'any are more permissive' diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml index eb3fd508..132047e0 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/ansible/shared.yml @@ -1,11 +1,11 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle # reboot = false # strategy = configure # complexity = low # disruption = low {{{ ansible_instantiate_variables("var_audispd_remote_server") }}} -{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} +{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}} {{% set audisp_config_file_path = "/etc/audit/audisp-remote.conf" %}} {{% else %}} {{% set audisp_config_file_path = "/etc/audisp/audisp-remote.conf" %}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh index cc85e4a2..b86f0ef4 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/bash/shared.sh @@ -1,8 +1,8 @@ -# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle,multi_platform_ubuntu +# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle,multi_platform_ubuntu {{{ bash_instantiate_variables("var_audispd_remote_server") }}} -{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} +{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}} AUDITCONFIG=/etc/audit/audisp-remote.conf {{% else %}} AUDITCONFIG=/etc/audisp/audisp-remote.conf diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml index a19f62d3..b9d78eb9 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/oval/shared.xml @@ -1,4 +1,4 @@ -{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}} +{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}} {{% set audisp_config_file_path = "/etc/audit/audisp-remote.conf" %}} {{% else %}} {{% set audisp_config_file_path = "/etc/audisp/audisp-remote.conf" %}} diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml index 814f868f..797ced64 100644 --- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml +++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019 title: 'Configure audispd Plugin To Send Logs To Remote Server' @@ -12,7 +12,7 @@ description: |- 
/etc/audisp/plugins.d/au-remote.conf
{{% endif %}} Set the remote_server option in 
-{{%- if product in ["rhel8", "fedora", "ol8", "rhv4"] -%}}
+{{%- if product in ["rhel8", "fedora", "almalinux8", "ol8", "rhv4"] -%}}
     /etc/audit/audisp-remote.conf
 {{%- else -%}}
     /etc/audisp/audisp-remote.conf
@@ -59,7 +59,7 @@ ocil: |-
 {{% endif %}}
     To verify the audispd plugin off-loads audit records onto a different system or
     media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
     
$ sudo grep -i remote_server /etc/audit/audisp-remote.conf

 {{% else %}}
     
$ sudo grep -i remote_server /etc/audisp/audisp-remote.conf

diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
index f3401af3..dc069b05 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_hostname.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 . $SHARED/auditd_utils.sh
 prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
index 29cf6015..61a9640e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_remote_server/tests/audit_remote_server_not_there.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 . $SHARED/auditd_utils.sh
 prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
index 2426f830..316d0819 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_configure_sufficiently_large_partition/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Configure a Sufficiently Large Partition for Audit Logs'
 
@@ -45,7 +45,7 @@ references:
     nist@sle15: AU-4
     srg: SRG-OS-000341-GPOS-00132,SRG-OS-000342-GPOS-00133
     stigid@ol8: OL08-00-030660
-    stigid@rhel8: RHEL-08-030660
+    stigid@almalinux8: RHEL-08-030660
     stigid@sle12: SLES-12-020020 
     stigid@sle15: SLES-15-030660
     stigid@ubuntu2004: UBTU-20-010215
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
index e5c33838..b855ec67 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_disk_full_action/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Configure audispd''s Plugin disk_full_action When Disk Is Full'
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
index 536220c6..5be962ce 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/bash/shared.sh
@@ -1,6 +1,6 @@
 # platform = multi_platform_wrlinux,multi_platform_all
 
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
 AUDISP_REMOTE_CONFIG="/etc/audit/audisp-remote.conf"
 option="^transport"
 value="KRB5"
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
index 1e21e071..9d74788c 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/oval/shared.xml
@@ -1,6 +1,6 @@
 
   
-    {{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+    {{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
     {{{ oval_metadata("transport setting in /etc/audit/audisp-remote.conf is set to 'KRB5'") }}}
     {{% else %}}
     {{{ oval_metadata("enable_krb5 setting in /etc/audisp/audisp-remote.conf is set to 'yes'") }}}
@@ -17,14 +17,14 @@
   
 
   
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
     /etc/audit/audisp-remote.conf
 {{% else %}}
     /etc/audisp/audisp-remote.conf
 {{% endif %}}
     
     
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
     ^[ ]*transport[ ]+=[ ]+KRB5[ ]*$
 {{% else %}}
     ^[ ]*enable_krb5[ ]+=[ ]+yes[ ]*$
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
index 9c3f34e2..e62aaf08 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/rule.yml
@@ -1,13 +1,13 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Encrypt Audit Records Sent With audispd Plugin'
 
 description: |-
     Configure the operating system to encrypt the transfer of off-loaded audit
     records onto a different system or media from the system being audited.
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
     Set the transport option in 
/etc/audit/audisp-remote.conf

     to KRB5.
 {{% else %}}
@@ -44,7 +44,7 @@ ocil_clause: 'audispd is not encrypting audit records when sent over the network
 ocil: |-
     To verify the audispd plugin encrypts audit records off-loaded onto a different
     system or media from the system being audited, run the following command:
-{{% if product in ["rhel8", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora", "ol8", "rhv4"] %}}
     
$ sudo grep -i transport /etc/audit/audisp-remote.conf

     The output should return the following:
     
transport = KRB5

diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
index 9b2f37fd..4f7164e3 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_bogus_value.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 . $SHARED/auditd_utils.sh
 prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
index 8933828d..75fe1ce1 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_correct_value.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 . $SHARED/auditd_utils.sh
 prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
index 5d6fb974..a8e33c70 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_not_there.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 . $SHARED/auditd_utils.sh
 prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
index 7d594d64..5d1ae6e8 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_encrypt_sent_records/tests/transport_wrong_value.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 . $SHARED/auditd_utils.sh
 prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
index 08d2794f..8e3bc55b 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_network_failure_action/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Configure audispd''s Plugin network_failure_action On Network Failure'
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
index 976c8104..f5cb4872 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/ansible/shared.yml
@@ -6,7 +6,7 @@
 
 - name: enable syslog plugin
   lineinfile:
-    {{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] -%}}
+    {{% if product in ["rhel8", "almalinux8", "rhel9", "fedora", "ol8", "rhv4"] -%}}
     dest: /etc/audit/plugins.d/syslog.conf
     {{%- else -%}}
     dest: /etc/audisp/plugins.d/syslog.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
index 96de94d4..bc59bf9a 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/bash/shared.sh
@@ -1,7 +1,7 @@
 # platform = multi_platform_all
 var_syslog_active="yes"
 
-{{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9", "fedora", "ol8", "rhv4"] %}}
 AUDISP_SYSLOGCONFIG=/etc/audit/plugins.d/syslog.conf
 {{% else %}}
 AUDISP_SYSLOGCONFIG=/etc/audisp/plugins.d/syslog.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
index 7ab522e0..87d5c878 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/oval/shared.xml
@@ -1,6 +1,6 @@
 
   
-    {{{ oval_metadata("active setting in " + ("/etc/audit/plugins.d/syslog.conf" if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] else "/etc/audisp/plugins.d/syslog.conf") + " is set to 'yes'") }}}
+    {{{ oval_metadata("active setting in " + ("/etc/audit/plugins.d/syslog.conf" if product in ["rhel8", "rhel9", "almalinux8", "fedora", "ol8", "rhv4"] else "/etc/audisp/plugins.d/syslog.conf") + " is set to 'yes'") }}}
 
     
         
@@ -13,7 +13,7 @@
   
 
   
-{{% if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9", "fedora", "ol8", "rhv4"] %}}
     /etc/audit/plugins.d/syslog.conf
 {{% else %}}
     /etc/audisp/plugins.d/syslog.conf
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
index 4b37d016..162582f7 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/rule.yml
@@ -6,7 +6,7 @@ description: |-
     To configure the auditd service to use the
     syslog plug-in of the audispd audit event multiplexor, set
     the active line in 
-{{%- if product in ["rhel8", "rhel9", "fedora", "ol8", "rhv4"] -%}}
+{{%- if product in ["rhel8", "rhel9", "almalinux8", "fedora", "ol8", "rhv4"] -%}}
     /etc/audit/plugins.d/syslog.conf
 {{%- else -%}}
     /etc/audisp/plugins.d/syslog.conf
@@ -50,7 +50,7 @@ ocil_clause: 'it is not activated'
 
 ocil: |-
     To verify the audispd's syslog plugin is active, run the following command:
-{{% if product in ["rhel8", "rhel9", "fedora", "rhv4"] %}}
+{{% if product in ["rhel8", "almalinux8", "rhel9", "fedora", "rhv4"] %}}
     
$ sudo grep active /etc/audit/plugins.d/syslog.conf

 {{% else %}}
     
$ sudo grep active /etc/audisp/plugins.d/syslog.conf

diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
index b1dd2333..3234308f 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 # remediation = bash
 
 . $SHARED/auditd_utils.sh
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
index 0755a9dd..cb85748f 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_activated_not_there.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 # remediation = bash
 
 . $SHARED/auditd_utils.sh
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
index 046c9ac9..83adb66c 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_audispd_syslog_plugin_activated/tests/audit_syslog_plugin_not_activated.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9,multi_platform_fedora
 # remediation = bash
 
 . $SHARED/auditd_utils.sh
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
index 06f4a10c..ba788edb 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
index 355c9210..d8e8305e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 
 {{{ bash_instantiate_variables("var_auditd_disk_error_action") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
index dc335a66..516b3b76 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_error_action/rule.yml
@@ -38,7 +38,7 @@ references:
     nist-csf: DE.AE-3,DE.AE-5,PR.DS-4,PR.PT-1,RS.AN-1,RS.AN-4
     srg: SRG-OS-000047-GPOS-00023
     stigid@ol8: OL08-00-030040
-    stigid@rhel8: RHEL-08-030040
+    stigid@almalinux8: RHEL-08-030040
 
 ocil_clause: 'the system is not configured to switch to single-user mode for corrective action'
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
index 61cc4751..7f66a5c1 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
index 8ab6e16a..11021155 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
 
 {{{ bash_instantiate_variables("var_auditd_disk_full_action") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
index 286c4715..fc4a9e2b 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_disk_full_action/rule.yml
@@ -43,7 +43,7 @@ references:
     nist@sle12: AU-5(b),AU-5.1(iv)
     srg: SRG-OS-000047-GPOS-00023
     stigid@ol8: OL08-00-030060
-    stigid@rhel8: RHEL-08-030060
+    stigid@almalinux8: RHEL-08-030060
     stigid@sle12: SLES-12-020060
     stigid@sle15: SLES-15-030590
     stigid@ubuntu2004: UBTU-20-010118
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
index b82e6d17..717e52b9 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
index 9633d4ff..9855bd95 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle
 
 {{{ bash_instantiate_variables("var_auditd_action_mail_acct") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
index 8e653594..d7fc8bed 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_action_mail_acct/rule.yml
@@ -47,7 +47,7 @@ references:
     stigid@ol7: OL07-00-030350
     stigid@ol8: OL08-00-030020
     stigid@rhel7: RHEL-07-030350
-    stigid@rhel8: RHEL-08-030020
+    stigid@almalinux8: RHEL-08-030020
     stigid@sle12: SLES-12-020040
     stigid@sle15: SLES-15-030570
     stigid@ubuntu2004: UBTU-20-010117
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
index 9efd2d5e..95c46c53 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
index 0d7dff4c..129da2eb 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle
 
 {{{ bash_instantiate_variables("var_auditd_admin_space_left_action") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_admin_space_left_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
index 9c8afcfa..53a6da7e 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
index d3a53c59..ac99ce76 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 
 {{{ bash_instantiate_variables("var_auditd_flush") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
index c0d1894f..38884203 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Configure auditd flush priority'
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
index 9817ba88..1a718d62 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_data.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # remediation = bash
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
index 2dc2791e..eb6d3368 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # remediation = bash
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
index dadc03e8..ae2b6248 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_incremental_async.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # remediation = bash
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
index 741e5487..453786c9 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_none.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # remediation = bash
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
index fb0da2f5..3206a5a3 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_not_there.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # remediation = bash
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
index 9a930ab2..0b4e4944 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_flush/tests/flush_sync.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,multi_platform_rhel
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # remediation = bash
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
index c70cd104..c97fbf56 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
index 8ac93789..e8a6dab1 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 
 {{{ bash_instantiate_variables("var_auditd_max_log_file") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
index 69ae3cb8..f48f3656 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
index 3a69df68..67d60999 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 
 {{{ bash_instantiate_variables("var_auditd_max_log_file_action") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
index cc9e6c73..0aa28666 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/rule.yml
@@ -54,7 +54,7 @@ references:
     pcidss: Req-10.7
     srg: SRG-OS-000047-GPOS-00023
     stigid@ol8: OL08-00-030050
-    stigid@rhel8: RHEL-08-030050
+    stigid@almalinux8: RHEL-08-030050
 
 ocil_clause: 'the system has not been properly configured to rotate audit logs'
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh
index de16233b..38c22bf5 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_max_log_file_action/tests/max_log_file_action_stig.pass.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # profiles = xccdf_org.ssgproject.content_profile_stig
-# platform = Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9, multi_platform_fedora
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9, multi_platform_fedora
 
 . $SHARED/auditd_utils.sh
 prepare_auditd_test_enviroment
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
index 7deaa060..748a59d8 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_num_logs/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
index ab0bea58..a6158699 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
index 62901056..5e8deca1 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
 
 {{{ bash_instantiate_variables("var_auditd_space_left") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
index 04042fa1..82988db4 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Configure auditd space_left on Low Disk Space'
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
index 46560f89..123e5ef3 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
index 870f6619..a1dc8844 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle,multi_platform_ubuntu
 
 {{{ bash_instantiate_variables("var_auditd_space_left_action") }}}
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
index 1dc1f330..ac8d6ec7 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_action/rule.yml
@@ -57,7 +57,7 @@ references:
     stigid@ol7: OL07-00-030340
     stigid@ol8: OL08-00-030731
     stigid@rhel7: RHEL-07-030340
-    stigid@rhel8: RHEL-08-030731
+    stigid@almalinux8: RHEL-08-030731
     stigid@ubuntu2004: UBTU-20-010217
     vmmsrg: SRG-OS-000343-VMM-001240
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
index dff73762..5f066b7d 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_data_retention_space_left_percentage/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel7,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Configure auditd space_left on Low Disk Space'
 
@@ -37,7 +37,7 @@ references:
     srg: SRG-OS-000343-GPOS-00134
     stigid@ol8: OL08-00-030730
     stigid@rhel7: RHEL-07-030330
-    stigid@rhel8: RHEL-08-030730
+    stigid@almalinux8: RHEL-08-030730
     stigid@ubuntu2004: UBTU-20-010217
     vmmsrg: SRG-OS-000343-VMM-001240
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_freq/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
index f4780b4a..8bc1f3d9 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_local_events/rule.yml
@@ -25,7 +25,7 @@ references:
     ospp: FAU_GEN.1
     srg: SRG-OS-000062-GPOS-00031,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-030061
-    stigid@rhel8: RHEL-08-030061
+    stigid@almalinux8: RHEL-08-030061
 
 ocil_clause: local_events isn't set to yes
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
index b536a68c..ca2bf485 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_log_format/rule.yml
@@ -26,7 +26,7 @@ references:
     ospp: FAU_GEN.1.2
     srg: SRG-OS-000255-GPOS-00096,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-030063
-    stigid@rhel8: RHEL-08-030063
+    stigid@almalinux8: RHEL-08-030063
 
 ocil_clause: log_format isn't set to ENRICHED
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
index 8da90cd7..0c143a84 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_name_format/rule.yml
@@ -29,7 +29,7 @@ references:
     stigid@ol7: OL07-00-030211
     stigid@ol8: OL08-00-030062
     stigid@rhel7: RHEL-07-030211
-    stigid@rhel8: RHEL-08-030062
+    stigid@almalinux8: RHEL-08-030062
 
 ocil_clause: name_format isn't set to hostname
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
index 41fc224a..f92ab0a1 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
index 84cb1cc1..358aeb69 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
index 887c7885..90204db7 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_overflow_action/rule.yml
@@ -32,7 +32,7 @@ references:
     stigid@ol7: OL07-00-030210
     stigid@ol8: OL08-00-030700
     stigid@rhel7: RHEL-07-030210
-    stigid@rhel8: RHEL-08-030700
+    stigid@almalinux8: RHEL-08-030700
 
 ocil_clause: 'auditd overflow action is not setup correctly'
 
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
index c865ad76..f226ae34 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/auditd_write_logs/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
index bcafc35b..1579dc90 100644
--- a/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
+++ b/linux_os/guide/system/auditing/configure_auditd_data_retention/var_audispd_remote_server.var
@@ -3,7 +3,7 @@ documentation_complete: true
 title: 'Remote server for audispd to send audit records'
 
 description: |-
-{{% if product in ["rhel8", "fedora"] %}}
+{{% if product in ["rhel8", "almalinux8", "fedora"] %}}
     The setting for remote_server in /etc/audit/audisp-remote.conf
 {{% else %}}
     The setting for remote_server in /etc/audisp/audisp-remote.conf
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index 4f5abc19..3a6580b6 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon'
 
@@ -44,7 +44,7 @@ references:
     pcidss: Req-10.3
     srg: SRG-OS-000037-GPOS-00015,SRG-OS-000042-GPOS-00020,SRG-OS-000062-GPOS-00031,SRG-OS-000392-GPOS-00172,SRG-OS-000462-GPOS-00206,SRG-OS-000471-GPOS-00215,SRG-OS-000473-GPOS-00218,SRG-OS-000254-GPOS-00095
     stigid@ol8: OL08-00-030601
-    stigid@rhel8: RHEL-08-030601
+    stigid@almalinux8: RHEL-08-030601
     stigid@ubuntu2004: UBTU-20-010198
     vmmsrg: SRG-OS-000254-VMM-000880
 
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh
index dfffe3a7..1526a372 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/arg_not_there_rhel8.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Removes audit argument from kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
index 956c8ac7..006899d7 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/blank_grubenv_rhel8.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # remediation = none
 
 # Removes audit argument from kernel command line in /boot/grub2/grubenv
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh
index 9823b08d..4522a4c6 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/correct_grubenv.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit=1"
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
index 556b82c4..fa266b77 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/double_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Break the audit argument in kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
index 59f1ed22..e9cac86b 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/tests/wrong_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Break the audit argument in kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
index efbc3dae..a24d7031 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Extend Audit Backlog Limit for the Audit Daemon'
 
@@ -34,7 +34,7 @@ references:
     ospp: FAU_STG.1,FAU_STG.3
     srg: SRG-OS-000254-GPOS-00095,SRG-OS-000341-GPOS-00132
     stigid@ol8: OL08-00-030602
-    stigid@rhel8: RHEL-08-030602
+    stigid@almalinux8: RHEL-08-030602
 
 ocil_clause: 'audit backlog limit is not configured'
 
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
index 3648f215..1db7652a 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/correct_grubenv.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) audit_backlog_limit=8192"
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
index 921c9db9..d54cf31e 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/tests/wrong_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Break the audit_backlog_limit argument in kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
index 864e508b..7c9d8a3f 100644
--- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Install audispd-plugins Package'
 
diff --git a/linux_os/guide/system/auditing/package_audit_installed/rule.yml b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
index 795089c8..4f170680 100644
--- a/linux_os/guide/system/auditing/package_audit_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audit_installed/rule.yml
@@ -30,7 +30,7 @@ references:
     ospp: FAU_GEN.1
     srg: SRG-OS-000122-GPOS-00063,SRG-OS-000337-GPOS-00129,SRG-OS-000348-GPOS-00136,SRG-OS-000349-GPOS-00137,SRG-OS-000350-GPOS-00138,SRG-OS-000351-GPOS-00139,SRG-OS-000352-GPOS-00140,SRG-OS-000353-GPOS-00141,SRG-OS-000354-GPOS-00142,SRG-OS-000358-GPOS-00145,SRG-OS-000359-GPOS-00146,SRG-OS-000365-GPOS-00152,SRG-OS-000474-GPOS-00219,SRG-OS-000475-GPOS-00220,SRG-OS-000480-GPOS-00227,SRG-OS-000062-GPOS-00031
     stigid@ol8: OL08-00-030180
-    stigid@rhel8: RHEL-08-030180
+    stigid@almalinux8: RHEL-08-030180
     stigid@sle12: SLES-12-020000
     stigid@sle15: SLES-15-030650
     stigid@ubuntu2004: UBTU-20-010182
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml
index e3314050..603abfb9 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
index 26c7eea7..19b4493a 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of unsuccessful file accesses'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/tests/rules_from_audit_package.pass.sh
index 5d19cb09..a554e489 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-3-access-failed.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
index 41329308..3f8c50a3 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
index 262cf290..e0794c38 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of successful file accesses'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_access_success/tests/rules_from_audit_package.pass.sh
index 411fdc41..5d82a353 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-3-access-success.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
index f6242690..bd3ddd10 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
index 19dc3320..b96d469a 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure basic parameters of Audit system'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/tests/rules_from_audit_package.pass.sh
index 23e5e84c..018f4056 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/10-base-config.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml
index 981a0c86..ab7d657c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
index d23651be..8762d394 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of unsuccessful file creations'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/tests/rules_from_audit_package.pass.sh
index a4918944..ffa84daf 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-1-create-failed.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
index 60be6eb1..9d1e0063 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of successful file creations'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_create_success/tests/rules_from_audit_package.pass.sh
index 83e8dec1..63bb706d 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-1-create-success.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
index 023388b6..655883af 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
index 286b0ff8..3c0e01cf 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of unsuccessful file deletions'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/tests/rules_from_audit_package.pass.sh
index bf661297..32b34abe 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-4-delete-failed.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
index 6c42b726..1da7bb5f 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 
 {{% set file_contents = """## Successful file delete
 -a always,exit -F arch=b32 -S unlink,unlinkat,rename,renameat -F success=1 -F auid>=1000 -F auid!=unset -F key=successful-delete
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
index 2f7c9f05..f7c6b6c1 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of successful file deletions'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/tests/rules_from_audit_package.pass.sh
index fc77e6b3..b17a5bff 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-4-delete-success.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
index 4b611673..42e1c3da 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
index 70357c15..4fd0cfe7 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure immutable Audit login UIDs'
 
@@ -40,7 +40,7 @@ references:
     ospp: FAU_GEN.1.2
     srg: SRG-OS-000462-GPOS-00206,SRG-OS-000475-GPOS-00220,SRG-OS-000057-GPOS-00027,SRG-OS-000058-GPOS-00028,SRG-OS-000059-GPOS-00029
     stigid@ol8: OL08-00-030122
-    stigid@rhel8: RHEL-08-030122
+    stigid@almalinux8: RHEL-08-030122
 
 ocil_clause: 'the file does not exist or the content differs'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/tests/rules_from_audit_package.pass.sh
index 2f236b0e..27e58829 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/11-loginuid.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
index 2d927984..ec647737 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
index 8e8361a6..c0ac95aa 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of unsuccessful file modifications'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/tests/rules_from_audit_package.pass.sh
index 2bae4b7d..ebe19e45 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-2-modify-failed.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
index c6f79696..7a6e545c 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
index ab542a2c..83c9b8df 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of successful file modifications'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/tests/rules_from_audit_package.pass.sh
index 7a59c265..dccc2bd8 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-2-modify-success.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
index f8cd8b73..090554c0 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
index 519ffbc8..cb015616 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of loading and unloading of kernel modules'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_module_load/tests/rules_from_audit_package.pass.sh
index 84826498..86cf7576 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/43-module-load.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
index a93771e8..22e9b17b 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
index bdc59faa..ac97fec2 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Perform general configuration of Audit for OSPP'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/correct_rules.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/correct_rules.pass.sh
index c59e7e5e..72a131b6 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/correct_rules.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/correct_rules.pass.sh
@@ -1,3 +1,3 @@
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp $SHARED/audit/30-ospp-v42.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/rules_from_audit_package.pass.sh
index acfdc7d1..1f352b57 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
index c1035b0f..9599aa99 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of unsuccessful ownership changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/tests/rules_from_audit_package.pass.sh
index 593f3ed8..26afdea1 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-6-owner-change-failed.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
index 85998273..0cebc1fa 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of successful ownership changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/tests/rules_from_audit_package.pass.sh
index e7f61fd6..31fabb01 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-6-owner-change-success.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
index ba60b921..bc3a6b83 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of unsuccessful permission changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/tests/rules_from_audit_package.pass.sh
index ee58a47c..271e05fa 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-5-perm-change-failed.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
index 10790eb5..a78af617 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhcos4,rhel8,rhel9
+prodtype: ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Configure auditing of successful permission changes'
 
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/tests/rules_from_audit_package.pass.sh b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/tests/rules_from_audit_package.pass.sh
index bf26da4b..5c633722 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/tests/rules_from_audit_package.pass.sh
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/tests/rules_from_audit_package.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 cp /usr/share/audit/sample-rules/30-ospp-v42-5-perm-change-success.rules /etc/audit/rules.d/
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
index d460ded7..5f1f0142 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_rules_for_ospp/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure audit according to OSPP requirements'
 
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
index 0d05bd46..ea629355 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
index 99edca3e..20e4e867 100644
--- a/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
+++ b/linux_os/guide/system/auditing/service_auditd_enabled/rule.yml
@@ -56,7 +56,7 @@ references:
     stigid@ol7: OL07-00-030000
     stigid@ol8: OL08-00-030181
     stigid@rhel7: RHEL-07-030000
-    stigid@rhel8: RHEL-08-030181
+    stigid@almalinux8: RHEL-08-030181
     stigid@sle12: SLES-12-020010
     stigid@sle15: SLES-15-030050
     vmmsrg: SRG-OS-000037-VMM-000150,SRG-OS-000063-VMM-000310,SRG-OS-000038-VMM-000160,SRG-OS-000039-VMM-000170,SRG-OS-000040-VMM-000180,SRG-OS-000041-VMM-000190
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
index d6bfc02f..98c11ac6 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
 
 title: 'Configure kernel to trust the CPU random number generator'
 
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
index 091ac6fa..dbef772c 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Based on shared/templates/grub2_bootloader_argument/tests/arg_not_there.fail.sh
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Removes audit argument from kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_etcdefaultgrub.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_etcdefaultgrub.fail.sh
index b7e25f38..a6a2fe32 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_etcdefaultgrub.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/arg_not_there_etcdefaultgrub.fail.sh
@@ -4,7 +4,7 @@ if grep -q CONFIG_RANDOM_TRUST_CPU /boot/config-`uname -r`; then
     sed -Ei 's/(.*)CONFIG_RANDOM_TRUST_CPU=.(.*)/\1CONFIG_RANDOM_TRUST_CPU=N\2/' /boot/config-`uname -r`
 fi
 
-{{% if product == "rhel8" %}}
+{{% if product == "rhel8" or product == "almalinux8" %}}
 file="/boot/grub2/grubenv"
 if grep -q '^.*random.trust_cpu=.*'  "$file" ; then
 	sed -i 's/\(^.*\)random.trust_cpu=[^[:space:]]*\(.*\)/\1 \2/'  "$file"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/boot_parameter.pass.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/boot_parameter.pass.sh
index 4ee60679..b2c0535a 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/boot_parameter.pass.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/boot_parameter.pass.sh
@@ -5,7 +5,7 @@ if grep -q CONFIG_RANDOM_TRUST_CPU /boot/config-`uname -r`; then
     sed -Ei 's/(.*)CONFIG_RANDOM_TRUST_CPU=.(.*)/\1CONFIG_RANDOM_TRUST_CPU=N\2/' /boot/config-`uname -r`
 fi
 
-{{% if product == "rhel8" %}}
+{{% if product == "rhel8" or product == "almalinux8" %}}
 grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) random.trust_cpu=on"
 {{% else %}}
 grubby --update-kernel=ALL --args="random.trust_cpu=on"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh
index 13a89d0f..8d0b0acc 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_but_overridden.fail.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # make sure that the option is overridden through boot parameter
-{{% if product == "rhel8" %}}
+{{% if product == "rhel8" or product == "almalinux8" %}}
 grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) random.trust_cpu=off"
 {{% else %}}
 grubby --update-kernel=ALL --args="random.trust_cpu=off"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_uppercase.pass.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_uppercase.pass.sh
index b28cd6e3..608ee59d 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_uppercase.pass.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/compiled_uppercase.pass.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # make sure that the option is not configured through boot parameter
-{{% if product == "rhel8" %}}
+{{% if product == "rhel8" or product == "almalinux8" %}}
 file="/boot/grub2/grubenv"
 if grep -q '^.*random.trust_cpu=.*'  "$file" ; then
 	sed -i 's/\(^.*\)random.trust_cpu=[^[:space:]]*\(.*\)/\1 \2/'  "$file"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
index b3d9ab27..ef22e767 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/tests/wrong_value.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # Based on shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Break the argument in kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
index 52a308e3..8097b24c 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: 'Enable Kernel Page-Table Isolation (KPTI)'
 
@@ -27,7 +27,7 @@ references:
     nist: SI-16
     srg: SRG-OS-000433-GPOS-00193,SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040004
-    stigid@rhel8: RHEL-08-040004
+    stigid@almalinux8: RHEL-08-040004
 
 ocil_clause: 'Kernel page-table isolation is not enabled'
 
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh
index f9b42970..2f0e238f 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/arg_not_there.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Removes pti argument from kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh
index dfebbbf7..25a0020c 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/correct.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) pti=on"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh
index b4dd962b..c4092a2d 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Break the pti argument in kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
index 93eb31da..897d39fa 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable vsyscalls'
 
@@ -27,7 +27,7 @@ references:
     ospp: FPT_ASLR_EXT.1
     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
     stigid@ol8: OL08-00-010422
-    stigid@rhel8: RHEL-08-010422
+    stigid@almalinux8: RHEL-08-010422
 
 ocil_clause: 'vsyscalls are enabled'
 
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
index a40f068c..08a9ba85 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
 
 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership'
 
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
index 5457cebe..a6012704 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership'
 
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
index 58c73139..e6a8a658 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_permissions_grub2_cfg/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Permissions'
 
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
index 85e953f9..2a845e73 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_admin_username/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Set the Boot Loader Admin Username to a Non-Default Value'
 
@@ -50,7 +50,7 @@ references:
     stigid@ol7: OL07-00-010483
     stigid@ol8: OL08-00-010149
     stigid@rhel7: RHEL-07-010483
-    stigid@rhel8: RHEL-08-010149
+    stigid@almalinux8: RHEL-08-010149
 
 ocil_clause: 'it does not'
 
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml
index c2b738aa..4bbff3f3 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_no_removeable_media/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019
 
 title: 'Boot Loader Is Not Installed On Removeable Media'
 
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
index ad515a65..2fd91d45 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Set Boot Loader Password in grub2'
 
@@ -72,7 +72,7 @@ references:
     stigid@ol7: OL07-00-010482
     stigid@ol8: OL08-00-010150
     stigid@rhel7: RHEL-07-010482
-    stigid@rhel8: RHEL-08-010150
+    stigid@almalinux8: RHEL-08-010150
     stigid@sle12: SLES-12-010430
     stigid@sle15: SLES-15-010190
     stigid@ubuntu2004: UBTU-20-010009
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
index f44e85a0..96feebbd 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_groupowner_efi_grub2_cfg/rule.yml
@@ -1,20 +1,20 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Verify the UEFI Boot Loader grub.cfg Group Ownership'
 
 description: |-
 {{%- if product == "fedora" %}}
-    The file /boot/efi/EFI/fedora/grub.cfg should
+    The file /boot/efi/EFI/almalinux/grub.cfg should
     be group-owned by the root group to prevent
     destruction or modification of the file.
-    {{{ describe_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}}
+    {{{ describe_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
 {{% else %}}
-    The file /boot/efi/EFI/redhat/grub.cfg should
+    The file /boot/efi/EFI/almalinux/grub.cfg should
     be group-owned by the root group to prevent
     destruction or modification of the file.
-    {{{ describe_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
+    {{{ describe_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
 {{%- endif %}}
 
 rationale: |-
@@ -44,16 +44,16 @@ references:
 
 ocil_clause: |-
 {{%- if product == "fedora" %}}
-    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}}
+    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
 {{% else %}}
-    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
+    {{{ ocil_clause_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
 {{%- endif %}}
 
 ocil: |-
 {{%- if product == "fedora" %}}
-    {{{ ocil_file_group_owner(file="/boot/efi/EFI/fedora/grub.cfg", group="root") }}}
+    {{{ ocil_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
 {{% else %}}
-    {{{ ocil_file_group_owner(file="/boot/efi/EFI/redhat/grub.cfg", group="root") }}}
+    {{{ ocil_file_group_owner(file="/boot/efi/EFI/almalinux/grub.cfg", group="root") }}}
 {{%- endif %}}
 
 platform: machine
@@ -61,6 +61,6 @@ platform: machine
 template:
     name: file_groupowner
     vars:
-        filepath: /boot/efi/EFI/redhat/grub.cfg
-        filepath@fedora: /boot/efi/EFI/fedora/grub.cfg
+        filepath: /boot/efi/EFI/almalinux/grub.cfg
+        filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg
         filegid: '0'
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
index a9468d00..b4ee87fe 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_owner_efi_grub2_cfg/rule.yml
@@ -1,20 +1,20 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Verify the UEFI Boot Loader grub.cfg User Ownership'
 
 description: |-
 {{%- if product == "fedora" %}}
-    The file /boot/efi/EFI/fedora/grub.cfg should
+    The file /boot/efi/EFI/almalinux/grub.cfg should
     be owned by the root user to prevent destruction
     or modification of the file.
-    {{{ describe_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}}
+    {{{ describe_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
 {{% else %}}
-    The file /boot/efi/EFI/redhat/grub.cfg should
+    The file /boot/efi/EFI/almalinux/grub.cfg should
     be owned by the root user to prevent destruction
     or modification of the file.
-    {{{ describe_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
+    {{{ describe_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
 {{%- endif %}}
 
 rationale: 'Only root should be able to modify important boot parameters.'
@@ -42,16 +42,16 @@ references:
 
 ocil_clause: |-
 {{%- if product == "fedora" %}}
-    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}}
+    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
 {{% else %}}
-    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
+    {{{ ocil_clause_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
 {{%- endif %}}
 
 ocil: |-
 {{%- if product == "fedora" %}}
-    {{{ ocil_file_owner(file="/boot/efi/EFI/fedora/grub.cfg", owner="root") }}}
+    {{{ ocil_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
 {{% else %}}
-    {{{ ocil_file_owner(file="/boot/efi/EFI/redhat/grub.cfg", owner="root") }}}
+    {{{ ocil_file_owner(file="/boot/efi/EFI/almalinux/grub.cfg", owner="root") }}}
 {{%- endif %}}
 
 platform: machine
@@ -59,6 +59,6 @@ platform: machine
 template:
     name: file_owner
     vars:
-        filepath: /boot/efi/EFI/redhat/grub.cfg
-        filepath@fedora: /boot/efi/EFI/fedora/grub.cfg
+        filepath: /boot/efi/EFI/almalinux/grub.cfg
+        filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg
         fileuid: '0'
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
index d9c0be8c..97c0ff73 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/file_permissions_efi_grub2_cfg/rule.yml
@@ -1,16 +1,16 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Verify the UEFI Boot Loader grub.cfg Permissions'
 
 description: |-
 {{%- if product == "fedora" %}}
-    File permissions for /boot/efi/EFI/fedora/grub.cfg should be set to 700.
-    {{{ describe_file_permissions(file="/boot/efi/EFI/fedora/grub.cfg", perms="700") }}}
+    File permissions for /boot/efi/EFI/almalinux/grub.cfg should be set to 700.
+    {{{ describe_file_permissions(file="/boot/efi/EFI/almalinux/grub.cfg", perms="700") }}}
 {{% else %}}
-    File permissions for /boot/efi/EFI/redhat/grub.cfg should be set to 700.
-    {{{ describe_file_permissions(file="/boot/efi/EFI/redhat/grub.cfg", perms="700") }}}
+    File permissions for /boot/efi/EFI/almalinux/grub.cfg should be set to 700.
+    {{{ describe_file_permissions(file="/boot/efi/EFI/almalinux/grub.cfg", perms="700") }}}
 {{%- endif %}}
 
 rationale: |-
@@ -41,11 +41,11 @@ ocil_clause: 'it does not'
 
 ocil: |-
 {{%- if product == "fedora" %}}
-    To check the permissions of /boot/efi/EFI/fedora/grub.cfg, run the command:
-    
$ sudo ls -lL /boot/efi/EFI/fedora/grub.cfg

+    To check the permissions of /boot/efi/EFI/almalinux/grub.cfg, run the command:
+    
$ sudo ls -lL /boot/efi/EFI/almalinux/grub.cfg

 {{% else %}}
-    To check the permissions of /boot/efi/EFI/redhat/grub.cfg, run the command:
-    
$ sudo ls -lL /boot/efi/EFI/redhat/grub.cfg

+    To check the permissions of /boot/efi/EFI/almalinux/grub.cfg, run the command:
+    
$ sudo ls -lL /boot/efi/EFI/almalinux/grub.cfg

 {{%- endif %}}
     If properly configured, the output should indicate the following
     permissions: -rwx------
@@ -55,6 +55,6 @@ platform: machine
 template:
     name: file_permissions
     vars:
-        filepath: /boot/efi/EFI/redhat/grub.cfg
-        filepath@fedora: /boot/efi/EFI/fedora/grub.cfg
+        filepath: /boot/efi/EFI/almalinux/grub.cfg
+        filepath@fedora: /boot/efi/EFI/almalinux/grub.cfg
         filemode: '0700'
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
index 56e93d41..d4197f17 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_admin_username/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Set the UEFI Boot Loader Admin Username to a Non-Default Value'
 
@@ -57,7 +57,7 @@ references:
     stigid@ol7: OL07-00-010492
     stigid@ol8: OL08-00-010141
     stigid@rhel7: RHEL-07-010492
-    stigid@rhel8: RHEL-08-010141
+    stigid@almalinux8: RHEL-08-010141
 
 ocil_clause: 'it does not'
 
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
index 8fc73653..5850545c 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/oval/shared.xml
@@ -25,7 +25,7 @@
     1
   
 
-  
+  
     
   
   
@@ -34,7 +34,7 @@
     1
   
 
-  
+  
     
   
   
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
index 4579b1ff..33407d60 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/grub2_uefi_password/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Set the UEFI Boot Loader Password'
 
@@ -72,7 +72,7 @@ references:
     stigid@ol7: OL07-00-010491
     stigid@ol8: OL08-00-010140
     stigid@rhel7: RHEL-07-010491
-    stigid@rhel8: RHEL-08-010140
+    stigid@almalinux8: RHEL-08-010140
     stigid@sle12: SLES-12-010440
     stigid@sle15: SLES-15-010200
     stigid@ubuntu2004: UBTU-20-010009
diff --git a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml
index 051dd5b5..f7b08d5b 100644
--- a/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/uefi/uefi_no_removeable_media/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'UEFI Boot Loader Is Not Installed On Removeable Media'
 
@@ -31,7 +31,7 @@ ocil_clause: 'it is not'
 ocil: |-
     To verify the system is not configured to use a boot loader on removable media,
     run the following command:
-    
$ sudo grep "set root='hd0" /boot/efi/EFI/redhat/grub.cfg

+    
$ sudo grep "set root='hd0" /boot/efi/EFI/almalinux/grub.cfg

     The output should return something similar to:
     
set root='hd0,msdos1'

     usb0, cd, fd0, etc. are some examples of removeable
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
index 483e0cf9..6b3f90d7 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9,ubuntu2004
+prodtype: rhcos4,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
index 7a828837..d13ae7f5 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/correct_option.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Make sure boot loader entries contain audit=1
 for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
index 3af83d30..28a0af73 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_cmdline.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Make sure boot loader entries contain audit=1
 for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
index 5650cc0a..1ee37320 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/tests/missing_in_entry.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Remove audit=1 from all boot entries
 sed -Ei 's/(^options.*\s)audit=1(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
index 7396b916..7ee2f6fb 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9,ubuntu2004
+prodtype: rhcos4,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
index 56b634d4..3ad83680 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9
+prodtype: rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Ensure all zIPL boot entries are BLS compliant'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
index e3adb996..13e5314b 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/image_configured.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # remediation = none
 
 # Make sure no image configured in zipl config file
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
index 47626442..2a88d2ab 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/tests/no_image.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # remediation = none
 
 # Make sure no image configured in zipl config file
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
index 7f2be356..80f8b55f 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
index 6c7e3396..b23d9d8c 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9
+prodtype: rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Ensure zIPL bootmap is up to date'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
index 728c6b7b..b06f989e 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_boot_entry.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # remediation = none
 
 touch /etc/zipl.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
index 1ae4d631..0f115566 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/newer_zipl_conf.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # remediation = none
 
 touch /boot/loader/entries/*.conf # Update current existing entries
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
index 7981ba8c..8bfdce20 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/tests/up_to_date.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # remediation = none
 
 touch /etc/zipl.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
index a763429f..a0e5a7ba 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_enable_selinux/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9
+prodtype: rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Ensure SELinux Not Disabled in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
index 50cf1b78..33cd2971 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/correct_option.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
 
 # Make sure boot loader entries contain init_on_alloc=1
 for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
index 7c0d9154..f8fd73ed 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_cmdline.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
 
 # Make sure boot loader entries contain init_on_alloc=1
 for file in /boot/loader/entries/*.conf
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
index 9d330c91..62547cbb 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
+++ b/linux_os/guide/system/bootloader-zipl/zipl_init_on_alloc_argument/tests/missing_in_entry.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8, Red Hat Enterprise Linux 9
 
 # Remove init_on_alloc=1 from all boot entries
 sed -Ei 's/(^options.*\s)init_on_alloc=1(.*?)$/\1\2/' /boot/loader/entries/*
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
index 0cd61ae2..0d87202c 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9
+prodtype: rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Enable page allocator poisoning in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
index df0f6c3e..0f1501c9 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9
+prodtype: rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Enable SLUB/SLAB allocator poisoning in zIPL'
 
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
index 9d645c88..9ef0b3fe 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8,rhel9
+prodtype: rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Disable vsyscalls in zIPL'
 
diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml
index 555d53cb..9c53ce53 100644
--- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml
+++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_hostlimit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
 
 title: 'Configure Logwatch HostLimit Line'
 
diff --git a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml
index 405034e9..c1cab9d3 100644
--- a/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml
+++ b/linux_os/guide/system/logging/configure_logwatch_on_logserver/logwatch_configured_splithosts/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
 
 title: 'Configure Logwatch SplitHosts Line'
 
diff --git a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml
index 245b9fa8..60ad4244 100644
--- a/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml
+++ b/linux_os/guide/system/logging/disable_logwatch_for_logserver/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
 
 title: 'Disable Logwatch on Clients if a Logserver Exists'
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
index f9cbce52..61ea43f5 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux
 
 if ! grep -s "^\s*cron\.\*\s*/var/log/cron$" /etc/rsyslog.conf /etc/rsyslog.d/*.conf; then
 	mkdir -p /etc/rsyslog.d
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
index 076bda66..4deb40f8 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_cron_logging/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Ensure cron Is Logging To Rsyslog'
 
@@ -38,7 +38,7 @@ references:
     stigid@ol7: OL07-00-021100
     stigid@ol8: OL08-00-030010
     stigid@rhel7: RHEL-07-021100
-    stigid@rhel8: RHEL-08-030010
+    stigid@almalinux8: RHEL-08-030010
 
 ocil_clause: 'cron is not logging to rsyslog'
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
index 4e321fec..2818c4ca 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
index e6cb34fc..004c2b45 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
index 61dadb78..4b2ba43f 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdriverauthmode/rule.yml
@@ -27,7 +27,7 @@ references:
     nist: AU-4(1)
     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
     stigid@ol8: OL08-00-030720
-    stigid@rhel8: RHEL-08-030720
+    stigid@almalinux8: RHEL-08-030720
 
 
 ocil_clause: '$ActionSendStreamDriverAuthMode in /etc/rsyslog.conf is not set to x509/name'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
index 80eddf0c..3e8323a5 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
index 52ff2bd0..7f5aaf29 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_actionsendstreamdrivermode/rule.yml
@@ -27,7 +27,7 @@ references:
     nist: AU-4(1)
     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
     stigid@ol8: OL08-00-030710
-    stigid@rhel8: RHEL-08-030710
+    stigid@almalinux8: RHEL-08-030710
 
 ocil_clause: 'rsyslogd ActionSendStreamDriverMode not set to 1'
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
index c0497e88..9d3f9c08 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
index 7abebfef..83df23c4 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_encrypt_offload_defaultnetstreamdriver/rule.yml
@@ -27,7 +27,7 @@ references:
     nist: AU-4(1)
     srg: SRG-OS-000342-GPOS-00133,SRG-OS-000479-GPOS-00224
     stigid@ol8: OL08-00-030710
-    stigid@rhel8: RHEL-08-030710
+    stigid@almalinux8: RHEL-08-030710
 
 ocil_clause: 'rsyslogd DefaultNetstreamDriver not set to gtls'
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
index 575530ef..d6d0b31c 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check rsyslog.conf with root group-owner log from rules and
 # non root group-owner log from $IncludeConfig fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
index 39efc1a4..2c9d68d8 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/IncludeConfig_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check rsyslog.conf with root group-owner log from rules and
 # root group-owner log from $IncludeConfig passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
index c0db7056..6b10e5d4 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root group-owner log from rules and
 # non root group-owner log from include() fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
index 1feaf762..d468b4a4 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root group-owner log from rules and
 # root group-owner log from include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
index 9747e0b2..2b4205d6 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root group-owner log from rules and
 # non root group-owner log from include() fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
index 05dd50ed..705c7a9f 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root group-owner log from rules and
 # root group-owner log from include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
index 5a357d02..b130db62 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/include_multiline_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root group-owner log from rules and
 # root group-owner log from multiline include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
index c7c01132..43deebea 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check if log file with non root group-owner in rsyslog.conf fails.
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
index 0ecbb35b..b67836e3 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_groupownership/tests/is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check if log file with root group-owner in rsyslog.conf passes.
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
index 6c82a194..a28595e7 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check rsyslog.conf with root user log from rules and
 # non root user log from $IncludeConfig fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
index b24e5e16..8bc9b6cc 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/IncludeConfig_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check rsyslog.conf with root user log from rules and
 # root user log from $IncludeConfig passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
index 18f43c69..b3ce3fa8 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root user log from rules and
 # non root user log from include() fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
index 69dead51..1233e8a0 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root user log from rules and
 # root user log from include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
index e725fb4d..84cc72c8 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root user log from rules and
 # non root user log from include() fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
index ca47d453..3dc1eb21 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_is_root_IncludeConfig_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root user log from rules and
 # root user log from include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
index d68cc2e6..08526e66 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/include_multiline_is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with root user log from rules and
 # root user log from multiline include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
index 7edbb17e..bcd74022 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_other.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check if log file with non root user in rsyslog.conf fails.
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
index e0e518bc..0586491a 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_ownership/tests/is_root.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check if log file with root user in rsyslog.conf passes.
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
index 8846bc9a..ef07b0a1 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 
 # List of log file paths to be inspected for correct permissions
 # * Primarily inspect log file paths listed in /etc/rsyslog.conf
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
index a6ff6a11..22503b19 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0600.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check rsyslog.conf with log file permissions 0600 from rules and
 # log file permissions 0600 from $IncludeConfig passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
index 2ae5c89a..f4133e40 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/IncludeConfig_perms_0601.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 
 # Check rsyslog.conf with log file permissions 0600 from rules and
 # log file permissions 0601 from $IncludeConfig fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
index eabcb219..3af66e64 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_multiline_perms_0600.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with log file permissions 0600 from rules and
 # log file permissions 0600 from multiline include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
index 32cd4c33..23ec3d88 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8,multi_platform_sle
 
 # Check rsyslog.conf with log file permissions 0600 from rules and
 # log file permissions 0600 from include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
index 357d4f97..2f4ea8df 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0600.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
 
 # Check rsyslog.conf with log file permisssions 0600 from rules and
 # log file permissions 0600 from include() passes.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
index 7bdb830c..70025baa 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0600_IncludeConfig_perms_0601.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
 
 # Check rsyslog.conf with log file permisssions 0600 from rules and
 # log file permissions 0601 from include() fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
index fd3f9e92..3b31950c 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/include_perms_0601.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
 
 # Check rsyslog.conf with log file permissions 0600 from rules and
 # log file permissions 0601 from include() fails.
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
index fbdcd18f..10dac763 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0600.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check if log file with permissions 0600 in rsyslog.conf passes.
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
index 75e9558c..ce301226 100755
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_files_permissions/tests/perms_0601.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 # Check if log file with permissions 0601 in rsyslog.conf fails.
 
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml
index 770ce1a0..de8531c3 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
index 86c55b65..427491bb 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Ensure remote access methods are monitored in Rsyslog'
 
@@ -32,7 +32,7 @@ references:
     nist: AC-17(1)
     srg: SRG-OS-000032-GPOS-00013
     stigid@ol8: OL08-00-010070
-    stigid@rhel8: RHEL-08-010070
+    stigid@almalinux8: RHEL-08-010070
     stigid@ubuntu2004: UBTU-20-010403
 
 ocil_clause: 'remote access methods are not logging to rsyslog'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh
index 271b2feb..f04e53d4 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/no_remote_methods.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
 
 declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
 RSYSLOG_CONF='/etc/rsyslog.conf'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh
index 76927895..0c57f7e6 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_multiple_configs.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
 
 declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
 RSYSLOG_CONF='/etc/rsyslog.conf'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh
index 8042172b..ffdd945e 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_conf.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
 
 declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
 RSYSLOG_CONF='/etc/rsyslog.conf'
diff --git a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh
index 38bdf916..1b8201ef 100644
--- a/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh
+++ b/linux_os/guide/system/logging/ensure_rsyslog_log_file_configuration/rsyslog_remote_access_monitoring/tests/remote_method_set_rsyslog_d.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ubuntu
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ubuntu
 
 declare -A REMOTE_METHODS=( ['auth.*']='^.*auth\.\*.*$' ['authpriv.*']='^.*authpriv\.\*.*$' ['daemon.*']='^.*daemon\.\*.*$' )
 RSYSLOG_CONF='/etc/rsyslog.conf'
diff --git a/linux_os/guide/system/logging/journald/journald_compress/rule.yml b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
index c2dd21da..09516d55 100644
--- a/linux_os/guide/system/logging/journald/journald_compress/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_compress/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,sle15
+prodtype: rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: Ensure journald is configured to compress large log files
 
diff --git a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
index 56d9a5d5..c387ce3e 100644
--- a/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_forward_to_syslog/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: Ensure journald is configured to send logs to rsyslog
 
diff --git a/linux_os/guide/system/logging/journald/journald_storage/rule.yml b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
index eb814ac1..381fdb2e 100644
--- a/linux_os/guide/system/logging/journald/journald_storage/rule.yml
+++ b/linux_os/guide/system/logging/journald/journald_storage/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,sle15
+prodtype: rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: Ensure journald is configured to write log files to persistent disk
 
diff --git a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
index 859ea93e..9b9ea07f 100644
--- a/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
+++ b/linux_os/guide/system/logging/log_rotation/ensure_logrotate_activated/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_rhcos
+# platform = multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_rhcos
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
index 81ae57a9..2d5cb49a 100644
--- a/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
+++ b/linux_os/guide/system/logging/package_rsyslog-gnutls_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Ensure rsyslog-gnutls is installed'
 
@@ -25,7 +25,7 @@ references:
     ospp: FTP_ITC_EXT.1.1
     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000120-GPOS-00061
     stigid@ol8: OL08-00-030680
-    stigid@rhel8: RHEL-08-030680
+    stigid@almalinux8: RHEL-08-030680
 
 ocil_clause: 'the package is not installed'
 
diff --git a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
index 7968d903..5b3ab2da 100644
--- a/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
+++ b/linux_os/guide/system/logging/package_rsyslog_installed/rule.yml
@@ -34,7 +34,7 @@ references:
     ospp: FTP_ITC_EXT.1.1
     srg: SRG-OS-000479-GPOS-00224,SRG-OS-000051-GPOS-00024,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-030670
-    stigid@rhel8: RHEL-08-030670
+    stigid@almalinux8: RHEL-08-030670
 
 ocil_clause: 'the package is not installed'
 
diff --git a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
index c73b2fb0..2427ee70 100644
--- a/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_accepting_remote_messages/rsyslog_nolisten/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019
 
 title: 'Ensure rsyslog Does Not Accept Remote Messages Unless Acting As Log Server'
 
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
index 74270442..8e8c6fdb 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
index f34bc83e..f7c79cd3 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle
 
 {{{ bash_instantiate_variables("rsyslog_remote_loghost_address") }}}
 
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
index 3239b7ac..02191114 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_loghost/rule.yml
@@ -65,7 +65,7 @@ references:
     stigid@ol7: OL07-00-031000
     stigid@ol8: OL08-00-030690
     stigid@rhel7: RHEL-07-031000
-    stigid@rhel8: RHEL-08-030690
+    stigid@almalinux8: RHEL-08-030690
     stigid@sle12: SLES-12-030340
     stigid@sle15: SLES-15-010580
     vmmsrg: SRG-OS-000032-VMM-000130
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml
index 83c6d933..073d8b24 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure TLS for rsyslog remote logging'
 
diff --git a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
index 818f2471..8beaebea 100644
--- a/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
+++ b/linux_os/guide/system/logging/rsyslog_sending_messages/rsyslog_remote_tls_cacert/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure CA certificate for rsyslog remote logging'
 
diff --git a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
index 105c7dec..b21caee7 100644
--- a/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
+++ b/linux_os/guide/system/logging/service_rsyslog_enabled/rule.yml
@@ -35,7 +35,7 @@ references:
     nist-csf: DE.CM-1,DE.CM-3,DE.CM-7,ID.SC-4,PR.DS-4,PR.PT-1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010561
-    stigid@rhel8: RHEL-08-010561
+    stigid@almalinux8: RHEL-08-010561
     stigid@ubuntu2004: UBTU-20-010432
 
 ocil: |-
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
index 2fc0d19e..9e9fe3d2 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/package_firewalld_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: 'Install firewalld Package'
 
@@ -27,7 +27,7 @@ references:
     nist@sle15: CM-7,CM-7.1(iii),CM-7(b),AC-17(1)
     srg: SRG-OS-000096-GPOS-00050,SRG-OS-000297-GPOS-00115,SRG-OS-000298-GPOS-00116,SRG-OS-000480-GPOS-00227,SRG-OS-000480-GPOS-00232
     stigid@ol8: OL08-00-040100
-    stigid@rhel8: RHEL-08-040100
+    stigid@almalinux8: RHEL-08-040100
     stigid@sle15:  SLES-15-010220
 
 ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index ff0f33b4..0a9a47c5 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019
 
 title: 'Verify firewalld Enabled'
 
@@ -41,7 +41,7 @@ references:
     stigid@ol7: OL07-00-040520
     stigid@ol8: OL08-00-040101
     stigid@rhel7: RHEL-07-040520
-    stigid@rhel8: RHEL-08-040101
+    stigid@almalinux8: RHEL-08-040101
     stigid@sle15: SLES-15-010220
 
 ocil: |-
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
index cbd36322..868d8994 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Configure the Firewalld Ports'
 
@@ -54,7 +54,7 @@ references:
     stigid@ol7: OL07-00-040100
     stigid@ol8: OL08-00-040030
     stigid@rhel7: RHEL-07-040100
-    stigid@rhel8: RHEL-08-040030
+    stigid@almalinux8: RHEL-08-040030
     vmmsrg: SRG-OS-000096-VMM-000490,SRG-OS-000480-VMM-002000
 
 ocil_clause: 'the default rules are not configured'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
index 787eb697..b507337f 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/configure_firewalld_rate_limiting/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ol
 # reboot = false
 # strategy = configure
 # complexity = low
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
index f4d78fb7..41f0d78d 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Set Default firewalld Zone for Incoming Packets'
 
diff --git a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
index 275ae401..401629d2 100644
--- a/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/libreswan_approved_tunnels/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Verify Any Configured IPSec Tunnel Connections'
 
diff --git a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
index 3bf641e4..6e7ad928 100644
--- a/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
+++ b/linux_os/guide/system/network/network-ipsec/package_libreswan_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Install libreswan Package'
 
diff --git a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
index bd6fc70c..fc82cb6a 100644
--- a/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
+++ b/linux_os/guide/system/network/network-iptables/package_iptables_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Install iptables Package'
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml
index 23dfed41..e90a8c6a 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_default_gateway/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Manually Assign IPv6 Router Address'
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
index d787fbbb..d209806d 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
 
 # enable randomness in ipv6 address generation
 for interface in /etc/sysconfig/network-scripts/ifcfg-*
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml
index 5d554b2c..fad68a9b 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_privacy_extensions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Use Privacy Extensions for Address'
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml
index aac0fae4..ca69e4d4 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/network_ipv6_static_address/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Manually Assign Global IPv6 Address'
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
index 87306fed..88e2884b 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
index 9a3dad87..d688c1fb 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Configure Accepting Router Advertisements on All IPv6 Interfaces'
 
@@ -33,7 +33,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-3
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040261
-    stigid@rhel8: RHEL-08-040261
+    stigid@almalinux8: RHEL-08-040261
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.all.accept_ra", value="0") }}}
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
index 979201fc..07de17fc 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_defrtr/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
index d430df13..544c2b3f 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_pinfo/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
index 8c009414..6b7852da 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_ra_rtr_pref/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
index 8792fc66..2c7c4b02 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
index a52041c9..cf42fdd5 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable Accepting ICMP Redirects for All IPv6 Interfaces'
 
@@ -36,7 +36,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-3
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040280
-    stigid@rhel8: RHEL-08-040280
+    stigid@almalinux8: RHEL-08-040280
     stigid@sle12: SLES-12-030363
     stigid@sle15: SLES-15-040341
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
index e222b1c8..85b92ce9 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
index f93fa581..89bb2c23 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv6 Interfaces'
 
@@ -46,7 +46,7 @@ references:
     stigid@ol7: OL07-00-040830
     stigid@ol8: OL08-00-040240
     stigid@rhel7: RHEL-07-040830
-    stigid@rhel8: RHEL-08-040240
+    stigid@almalinux8: RHEL-08-040240
     stigid@sle12: SLES-12-030361
     stigid@sle15: SLES-15-040310
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
index d0b011dd..4716dde4 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_autoconf/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Auto Configuration on All IPv6 Interfaces
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
index b09b2b53..8354888d 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_forwarding/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable Kernel Parameter for IPv6 Forwarding'
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
index 038d4b2e..e832c9bc 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_max_addresses/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml
index 697718ee..01b7652c 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_all_router_solicitations/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure Denying Router Solicitations on All IPv6 Interfaces'
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
index 4ed2c480..f59b6d7c 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
index 48f6daf6..31c41ceb 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable Accepting Router Advertisements on all IPv6 Interfaces by Default'
 
@@ -33,7 +33,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-3
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040262
-    stigid@rhel8: RHEL-08-040262
+    stigid@almalinux8: RHEL-08-040262
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv6.conf.default.accept_ra", value="0") }}}
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
index 2da8c426..4d247fed 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_defrtr/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Accepting Default Router in Router Advertisements on All IPv6 Interfaces By Default
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
index 2865601d..2b7a44e8 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_pinfo/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Accepting Prefix Information in Router Advertisements on All IPv6 Interfaces By Default
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
index 6de9820b..e9f91a67 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_ra_rtr_pref/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Accepting Router Preference in Router Advertisements on All IPv6 Interfaces By Default
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
index 845b013e..063776b8 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
index c1173b53..6785d617 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv6 Interfaces'
 
@@ -38,7 +38,7 @@ references:
     nist@sle15: CM-6(b),CM-6.1(iv)
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040210
-    stigid@rhel8: RHEL-08-040210
+    stigid@almalinux8: RHEL-08-040210
     stigid@sle12: SLES-12-030401
     stigid@sle15: SLES-15-040350
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
index e2951d84..0335df12 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
index e2d14e3a..fc382f08 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv6 Interfaces by Default'
 
@@ -44,7 +44,7 @@ references:
     nist-csf: DE.AE-1,ID.AM-3,PR.AC-5,PR.DS-5,PR.PT-4
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040250
-    stigid@rhel8: RHEL-08-040250
+    stigid@almalinux8: RHEL-08-040250
     stigid@sle12: SLES-12-030362
     stigid@sle15: SLES-15-040321
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
index 95a023ef..b0e039fc 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_autoconf/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Auto Configuration on All IPv6 Interfaces By Default
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
index d7795727..f7627692 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_max_addresses/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: Configure Maximum Number of Autoconfigured Addresses on All IPv6 Interfaces By Default
 
diff --git a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
index d4eeebf7..16f3c9b5 100644
--- a/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/configuring_ipv6/sysctl_net_ipv6_conf_default_router_solicitations/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure Denying Router Solicitations on All IPv6 Interfaces By Default'
 
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
index 9e1ca48e..676e2f27 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Ensure IPv6 is disabled through kernel boot parameter'
 
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
index 5d8daaa6..604dc02c 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/arg_not_there_rhel8.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Removes ipv6.disable argument from kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
index 0e84a458..bf898a7c 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/correct_grubenv.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 grub2-editenv - set "$(grub2-editenv - list | grep kernelopts) ipv6.disable=1"
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
index db339c35..38d2f0d6 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/grub2_ipv6_disable_argument/tests/wrong_value_rhel8.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Break the ipv6.disable argument in kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml
index 86299ffb..672d504a 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_interfaces/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
 
 title: 'Disable Interface Usage of IPv6'
 
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
index 48e71c26..5a54df85 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux
 
 # Drop 'tcp6' and 'udp6' entries from /etc/netconfig to prevent RPC
 # services for NFSv4 from attempting to start IPv6 network listeners
diff --git a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml
index 2d0ac285..5d39af15 100644
--- a/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml
+++ b/linux_os/guide/system/network/network-ipv6/disabling_ipv6/network_ipv6_disable_rpc/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhv4
+prodtype: fedora,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Disable Support for RPC IPv6'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
index 6bb6de13..1f0664a0 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
index 9393044b..07a07b2c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Accepting ICMP Redirects for All IPv4 Interfaces'
 
@@ -46,7 +46,7 @@ references:
     stigid@ol7: OL07-00-040641
     stigid@ol8: OL08-00-040279
     stigid@rhel7: RHEL-07-040641
-    stigid@rhel8: RHEL-08-040279
+    stigid@almalinux8: RHEL-08-040279
     stigid@sle12: SLES-12-030390
     stigid@sle15: SLES-15-040330
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
index b3d72bb4..b89b8a35 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
index e0dae613..545db8bf 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on all IPv4 Interfaces'
 
@@ -47,7 +47,7 @@ references:
     stigid@ol7: OL07-00-040610
     stigid@ol8: OL08-00-040239
     stigid@rhel7: RHEL-07-040610
-    stigid@rhel8: RHEL-08-040239
+    stigid@almalinux8: RHEL-08-040239
     stigid@sle12: SLES-12-030360
     stigid@sle15: SLES-15-040300
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
index 70e767cc..fbe1a27a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
index 14c868df..5c2a453c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_log_martians/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Enable Kernel Parameter to Log Martian Packets on all IPv4 Interfaces'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
index c64da37a..08535e5a 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
index b183e3d2..7c197e6f 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_rp_filter/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces'
 
@@ -41,7 +41,7 @@ references:
     stigid@ol7: OL07-00-040611
     stigid@ol8: OL08-00-040285
     stigid@rhel7: RHEL-07-040611
-    stigid@rhel8: RHEL-08-040285
+    stigid@almalinux8: RHEL-08-040285
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.conf.all.rp_filter", value="1") }}}
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
index 8b075d55..0dd17a34 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
index abb8ab51..8175b793 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_all_secure_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable Kernel Parameter for Accepting Secure ICMP Redirects on all IPv4 Interfaces'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
index 2bfbd9e4..8ea37100 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
index 8942b0eb..1afc98bf 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable Kernel Parameter for Accepting ICMP Redirects by Default on IPv4 Interfaces'
 
@@ -45,7 +45,7 @@ references:
     stigid@ol7: OL07-00-040640
     stigid@ol8: OL08-00-040209
     stigid@rhel7: RHEL-07-040640
-    stigid@rhel8: RHEL-08-040209
+    stigid@almalinux8: RHEL-08-040209
     stigid@sle12: SLES-12-030400
     stigid@sle15: SLES-15-040340
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
index aa7d1562..08668d03 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
index 3fab05c8..42196cd9 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_accept_source_route/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Kernel Parameter for Accepting Source-Routed Packets on IPv4 Interfaces by Default'
 
@@ -48,7 +48,7 @@ references:
     stigid@ol7: OL07-00-040620
     stigid@ol8: OL08-00-040249
     stigid@rhel7: RHEL-07-040620
-    stigid@rhel8: RHEL-08-040249
+    stigid@almalinux8: RHEL-08-040249
     stigid@sle12: SLES-12-030370
     stigid@sle15: SLES-15-040320
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
index 3a60ab17..728ddb81 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
index c717e0eb..47d9ae27 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_log_martians/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Enable Kernel Paremeter to Log Martian Packets on all IPv4 Interfaces by Default'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
index b6e53de3..0b652c7c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
index 6a0a6a27..d22fdcf0 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_rp_filter/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Enable Kernel Parameter to Use Reverse Path Filtering on all IPv4 Interfaces by Default'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
index aeb67c4e..f47a8ab6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
index d8c39e65..369a83e9 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_conf_default_secure_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Configure Kernel Parameter for Accepting Secure Redirects By Default'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
index 52d74441..08c8c256 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
index f6dcc9c2..a2564588 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_echo_ignore_broadcasts/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Enable Kernel Parameter to Ignore ICMP Broadcast Echo Requests on IPv4 Interfaces'
 
@@ -43,7 +43,7 @@ references:
     stigid@ol7: OL07-00-040630
     stigid@ol8: OL08-00-040230
     stigid@rhel7: RHEL-07-040630
-    stigid@rhel8: RHEL-08-040230
+    stigid@almalinux8: RHEL-08-040230
     stigid@sle12: SLES-12-030380
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.ipv4.icmp_echo_ignore_broadcasts", value="1") }}}
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
index 9e3a85af..d4f4d31c 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
index e90a6a19..215c9f65 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_icmp_ignore_bogus_error_responses/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Enable Kernel Parameter to Ignore Bogus ICMP Error Responses on IPv4 Interfaces'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
index 84bb9162..293a5c85 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_ip_local_port_range/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Set Kernel Parameter to Increase Local Port Range'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
index 3da863c6..07f01e52 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_invalid_ratelimit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,wrlinux1019
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle15,wrlinux1019
 
 title: 'Configure Kernel to Rate Limit Sending of Duplicate TCP Acknowledgments'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
index b70279f6..d07baa1e 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_rfc1337/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable Kernel Parameter to Use TCP RFC 1337 on IPv4 Interfaces'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
index 0c8dae78..a26df0c5 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
index b3d1d3c6..25af3587 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_and_router_parameters/sysctl_net_ipv4_tcp_syncookies/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Enable Kernel Parameter to Use TCP Syncookies on IPv4 Interfaces'
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
index ea1db12f..5d8b19f6 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
index 59f736c0..09c939c2 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_all_send_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces'
 
@@ -45,7 +45,7 @@ references:
     stigid@ol7: OL07-00-040660
     stigid@ol8: OL08-00-040220
     stigid@rhel7: RHEL-07-040660
-    stigid@rhel8: RHEL-08-040220
+    stigid@almalinux8: RHEL-08-040220
     stigid@sle12: SLES-12-030420
     stigid@sle15: SLES-15-040370
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
index b54e3d12..125464d7 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
index 0936f826..d3ac1743 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_conf_default_send_redirects/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Kernel Parameter for Sending ICMP Redirects on all IPv4 Interfaces by Default'
 
@@ -45,7 +45,7 @@ references:
     stigid@ol7: OL07-00-040650
     stigid@ol8: OL08-00-040270
     stigid@rhel7: RHEL-07-040650
-    stigid@rhel8: RHEL-08-040270
+    stigid@almalinux8: RHEL-08-040270
     stigid@sle12: SLES-12-030410
     stigid@sle15: SLES-15-040360
 
diff --git a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
index 0e696ec5..272b8bd2 100644
--- a/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
+++ b/linux_os/guide/system/network/network-kernel/network_host_parameters/sysctl_net_ipv4_ip_forward/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Kernel Parameter for IP Forwarding on IPv4 Interfaces'
 
@@ -43,7 +43,7 @@ references:
     stigid@ol7: OL07-00-040740
     stigid@ol8: OL08-00-040260
     stigid@rhel7: RHEL-07-040740
-    stigid@rhel8: RHEL-08-040260
+    stigid@almalinux8: RHEL-08-040260
     stigid@sle12: SLES-12-030430
     stigid@sle15: SLES-15-040380
 
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
index 7d08edf8..f83779e3 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
index 0fe216f1..8d32519c 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_atm_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable ATM Support'
 
@@ -28,7 +28,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040021
-    stigid@rhel8: RHEL-08-040021
+    stigid@almalinux8: RHEL-08-040021
 
 {{{ complete_ocil_entry_module_disable(module="atm") }}}
 
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
index 6f5805e5..0ca4ab3b 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
index 68a88a42..8b45a3fc 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_can_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable CAN Support'
 
@@ -28,7 +28,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040022
-    stigid@rhel8: RHEL-08-040022
+    stigid@almalinux8: RHEL-08-040022
 
 {{{ complete_ocil_entry_module_disable(module="can") }}}
 
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
index 8d4b21be..20522980 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_dccp_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable DCCP Support'
 
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
index 61aed859..03f41b72 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
index 3534ddc9..c9e7236f 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_firewire-core_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable IEEE 1394 (FireWire) Support'
 
@@ -27,7 +27,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040026
-    stigid@rhel8: RHEL-08-040026
+    stigid@almalinux8: RHEL-08-040026
 
 {{{ complete_ocil_entry_module_disable(module="firewire-core") }}}
 
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
index 28b8952d..6e3e064a 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
index 3dc9ce2b..316cbd9c 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_sctp_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Disable SCTP Support'
 
@@ -41,7 +41,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-3
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040023
-    stigid@rhel8: RHEL-08-040023
+    stigid@almalinux8: RHEL-08-040023
 
 {{{ complete_ocil_entry_module_disable(module="sctp") }}}
 
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
index 9761ea78..b98652b4 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
index 76bd1d52..36bd856f 100644
--- a/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-uncommon/kernel_module_tipc_disabled/rule.yml
@@ -42,7 +42,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040024
-    stigid@rhel8: RHEL-08-040024
+    stigid@almalinux8: RHEL-08-040024
 
 {{{ complete_ocil_entry_module_disable(module="tipc") }}}
 
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
index 5aaafd12..9d05d0c5 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
index e5efa8df..11a5b7f8 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/kernel_module_bluetooth_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable Bluetooth Kernel Module'
 
@@ -37,7 +37,7 @@ references:
     nist-csf: PR.AC-3,PR.IP-1,PR.PT-3,PR.PT-4
     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000300-GPOS-00118
     stigid@ol8: OL08-00-040111
-    stigid@rhel8: RHEL-08-040111
+    stigid@almalinux8: RHEL-08-040111
 
 {{{ complete_ocil_entry_module_disable(module="bluetooth") }}}
 
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
index fea6ec50..b90ede6f 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/service_bluetooth_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhv4
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Disable Bluetooth Service'
 
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
index 6a541594..8c47fed5 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_in_bios/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
 
 title: 'Disable WiFi or Bluetooth in BIOS'
 
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 2104d3ea..60f11694 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Deactivate Wireless Network Interfaces'
 
@@ -62,7 +62,7 @@ references:
     stigid@ol7: OL07-00-041010
     stigid@ol8: OL08-00-040110
     stigid@rhel7: RHEL-07-041010
-    stigid@rhel8: RHEL-08-040110
+    stigid@almalinux8: RHEL-08-040110
     stigid@sle12: SLES-12-030450
     stigid@sle15: SLES-15-010380
     stigid@ubuntu2004: UBTU-20-010455
diff --git a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
index 9a583e8d..3590b4a2 100644
--- a/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
+++ b/linux_os/guide/system/network/network_configure_name_resolution/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Configure Multiple DNS Servers in /etc/resolv.conf'
 
@@ -41,7 +41,7 @@ references:
     stigid@ol7: OL07-00-040600
     stigid@ol8: OL08-00-010680
     stigid@rhel7: RHEL-07-040600
-    stigid@rhel8: RHEL-08-010680
+    stigid@almalinux8: RHEL-08-010680
 
 ocil_clause: 'it does not exist or is not properly configured or less than 2 ''nameserver'' entries exist'
 
diff --git a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
index 06a84a9d..dba6f82c 100644
--- a/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network_disable_ddns_interfaces/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8
+prodtype: rhel7,rhel8,almalinux8
 
 title: 'Disable Client Dynamic DNS Updates'
 
diff --git a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
index 6f2e6fa2..ea9c566f 100644
--- a/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
+++ b/linux_os/guide/system/network/network_disable_zeroconf/bash/shared.sh
@@ -1,2 +1,2 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
 echo "NOZEROCONF=yes" >> /etc/sysconfig/network
diff --git a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
index 34f6e07e..202330a7 100644
--- a/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
+++ b/linux_os/guide/system/network/network_disable_zeroconf/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
 
 title: 'Disable Zeroconf Networking'
 
diff --git a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
index 3f497dc7..f85aac04 100644
--- a/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
+++ b/linux_os/guide/system/network/network_nmcli_permissions/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_rhv,multi_platform_fedora
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_rhv,multi_platform_fedora
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
index 63fa589f..587a266a 100644
--- a/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
+++ b/linux_os/guide/system/network/network_nmcli_permissions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Prevent non-Privileged Users from Modifying Network Interfaces using nmcli'
 
diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
index 66d67584..5a31e197 100644
--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Ensure System is Not Acting as a Network Sniffer'
 
@@ -47,7 +47,7 @@ references:
     stigid@ol7: OL07-00-040670
     stigid@ol8: OL08-00-040330
     stigid@rhel7: RHEL-07-040670
-    stigid@rhel8: RHEL-08-040330
+    stigid@almalinux8: RHEL-08-040330
     stigid@sle12: SLES-12-030440
     stigid@sle15: SLES-15-040390
 
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
index b49e8cd0..bbbdb90b 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019
+# platform = Red Hat Virtualization 4,Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Fedora,Oracle Linux 7,Oracle Linux 8,WRLinux 1019
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
index 33834759..efe72aa4 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Ensure All World-Writable Directories Are Owned by root user'
 
@@ -28,7 +28,7 @@ references:
     disa: CCI-000366
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010700
-    stigid@rhel8: RHEL-08-010700
+    stigid@almalinux8: RHEL-08-010700
 
 ocil_clause: 'there is output'
 
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
index e807cbfe..79482556 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
index b3395bea..56ff803b 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 df --local -P | awk '{if (NR!=1) print $6}' \
 | xargs -I '{}' find '{}' -xdev -type d \
 \( -perm -0002 -a ! -perm -1000 \) 2>/dev/null \
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
index e6a01c6b..a913ea9c 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_sticky_bits/rule.yml
@@ -57,7 +57,7 @@ references:
     nist-csf: PR.AC-4,PR.DS-5
     srg: SRG-OS-000138-GPOS-00069
     stigid@ol8: OL08-00-010190
-    stigid@rhel8: RHEL-08-010190
+    stigid@almalinux8: RHEL-08-010190
     stigid@sle12: SLES-12-010460
     stigid@sle15: SLES-15-010300
     stigid@ubuntu2004: UBTU-20-010411
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
index 62c58d80..66a531b3 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,wrlinux1019
 
 title: 'Ensure All World-Writable Directories Are Owned by a System Account'
 
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
index e16d3315..30f891a1 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_system_owned_group/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Ensure All World-Writable Directories Are Group Owned by a System Account'
 
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
index 18adf450..83a12d56 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_auditd/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Verify Permissions on /etc/audit/auditd.conf'
 
@@ -27,7 +27,7 @@ references:
     nist: AU-12(b)
     srg: SRG-OS-000063-GPOS-00032
     stigid@ol8: OL08-00-030610
-    stigid@rhel8: RHEL-08-030610
+    stigid@almalinux8: RHEL-08-030610
     stigid@ubuntu2004: UBTU-20-010133
 
 template:
diff --git a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
index 4fcc2f5a..decdeadc 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_etc_audit_rulesd/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Verify Permissions on /etc/audit/rules.d/*.rules'
 
@@ -27,7 +27,7 @@ references:
     nist: AU-12(b)
     srg: SRG-OS-000063-GPOS-00032
     stigid@ol8: OL08-00-030610
-    stigid@rhel8: RHEL-08-030610
+    stigid@almalinux8: RHEL-08-030610
     stigid@ubuntu2004: UBTU-20-010133
 
 template:
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
index b3609fce..e2e48e3a 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_sgid/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
 
 title: 'Ensure All SGID Executables Are Authorized'
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15,wrlinux1019,wrlinux8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15,wrlinux1019,wrlinux8
 
 description: |-
     The SGID (set group id) bit should be set only on files that were
diff --git a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
index 5e1b37ea..49191c31 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_unauthorized_suid/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
 
 title: 'Ensure All SUID Executables Are Authorized'
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15,wrlinux1019,wrlinux8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15,wrlinux1019,wrlinux8
 
 description: |-
     The SUID (set user id) bit should be set only on files that were
diff --git a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
index 2dab2757..ce9d67a3 100644
--- a/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
+++ b/linux_os/guide/system/permissions/files/file_permissions_ungroupowned/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Ensure All Files Are Owned by a Group'
 
@@ -50,7 +50,7 @@ references:
     stigid@ol7: OL07-00-020330
     stigid@ol8: OL08-00-010790
     stigid@rhel7: RHEL-07-020330
-    stigid@rhel8: RHEL-08-010790
+    stigid@almalinux8: RHEL-08-010790
     stigid@sle12: SLES-12-010700
     stigid@sle15: SLES-15-040410
 
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index 92351d16..a6b33200 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Ensure All Files Are Owned by a User'
 
@@ -51,7 +51,7 @@ references:
     stigid@ol7: OL07-00-020320
     stigid@ol8: OL08-00-010780
     stigid@rhel7: RHEL-07-020320
-    stigid@rhel8: RHEL-08-010780
+    stigid@almalinux8: RHEL-08-010780
     stigid@sle12: SLES-12-010690
     stigid@sle15: SLES-15-040400
 
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
index 927d08d0..ebc327b2 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log/rule.yml
@@ -26,7 +26,7 @@ references:
     disa: CCI-001314
     srg: SRG-OS-000206-GPOS-00084
     stigid@ol8: OL08-00-010260
-    stigid@rhel8: RHEL-08-010260
+    stigid@almalinux8: RHEL-08-010260
     stigid@ubuntu2004: UBTU-20-010417
 
 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log", group=gid) }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
index f561000e..1df9dd2e 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_groupowner_var_log_messages/rule.yml
@@ -18,7 +18,7 @@ references:
     disa: CCI-001314
     srg: SRG-OS-000206-GPOS-00084
     stigid@ol8: OL08-00-010230
-    stigid@rhel8: RHEL-08-010230
+    stigid@almalinux8: RHEL-08-010230
 
 ocil_clause: '{{{ ocil_clause_file_group_owner(file="/var/log/messages", group="root") }}}'
 
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
index 364ddd3c..51808f3d 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log/rule.yml
@@ -19,7 +19,7 @@ references:
     disa: CCI-001314
     srg: SRG-OS-000206-GPOS-00084
     stigid@ol8: OL08-00-010250
-    stigid@rhel8: RHEL-08-010250
+    stigid@almalinux8: RHEL-08-010250
     stigid@ubuntu2004: UBTU-20-010418
 
 ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log", owner="root") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
index 1face69c..f8d10128 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_owner_var_log_messages/rule.yml
@@ -18,7 +18,7 @@ references:
     disa: CCI-001314
     srg: SRG-OS-000206-GPOS-00084
     stigid@ol8: OL08-00-010220
-    stigid@rhel8: RHEL-08-010220
+    stigid@almalinux8: RHEL-08-010220
 
 ocil_clause: '{{{ ocil_clause_file_owner(file="/var/log/messages", owner="root") }}}'
 
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
index 5c826250..bb7ce6a4 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log/rule.yml
@@ -20,7 +20,7 @@ references:
     disa: CCI-001314
     srg: SRG-OS-000206-GPOS-00084
     stigid@ol8: OL08-00-010240
-    stigid@rhel8: RHEL-08-010240
+    stigid@almalinux8: RHEL-08-010240
     stigid@ubuntu2004: UBTU-20-010419
 
 ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log", perms="drwxr-xr-x") }}}'
diff --git a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
index a1faf8be..178d7f8b 100644
--- a/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_var_log_dir/file_permissions_var_log_messages/rule.yml
@@ -19,7 +19,7 @@ references:
     disa: CCI-001314
     srg: SRG-OS-000206-GPOS-00084
     stigid@ol8: OL08-00-010210
-    stigid@rhel8: RHEL-08-010210
+    stigid@almalinux8: RHEL-08-010210
 
 ocil_clause: '{{{ ocil_clause_file_permissions(file="/var/log/messages", perms="-rw-r-----") }}}'
 
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
index 3a6167a5..d8a687b5 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Verify that Shared Library Directories Have Root Group Ownership'
 
@@ -39,7 +39,7 @@ references:
     nist: CM-5(6),CM-5(6).1
     srg: SRG-OS-000259-GPOS-00100
     stigid@ol8: OL08-00-010350
-    stigid@rhel8: RHEL-08-010351
+    stigid@almalinux8: RHEL-08-010351
     stigid@sle12: SLES-12-010876
     stigid@sle15: SLES-15-010356
     stigid@ubuntu2004: UBTU-20-010431
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh
index 6a05a2b8..ba70bf50 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/all_dirs_ok.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/correct_groupowner.pass.sh
index 6a05a2b8..ba70bf50 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/correct_groupowner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/correct_groupowner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner.fail.sh
index 36461f5e..d3ab88b9 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner_2.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner_2.fail.sh
index 3f09e3dd..9d78a30e 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner_2.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/incorrect_groupowner_2.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh
index 36461f5e..d3ab88b9 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_group_ownership_library_dirs/tests/nobody_group_owned_dir_on_lib.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
index f0781b30..bee598ce 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/rule.yml
@@ -36,7 +36,7 @@ references:
     disa: CCI-001499
     nist: CM-5(6),CM-5(6).1
     srg: SRG-OS-000259-GPOS-00100
-    stigid@rhel8: RHEL-08-010341
+    stigid@almalinux8: RHEL-08-010341
     stigid@sle12: SLES-12-010874
     stigid@sle15: SLES-15-010354
     stigid@ubuntu2004: UBTU-20-010429
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
index a0d49905..396f228e 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/correct_owner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
 	find "$dirPath" -type d -exec chown root '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
index f366c2d7..e8291c26 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_ownership_library_dirs/tests/incorrect_owner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux
 groupadd nogroup
 DIRS="/lib /lib64"
 for dirPath in $DIRS; do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
index 6e62e8c6..f26b4350 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/rule.yml
@@ -43,7 +43,7 @@ references:
     nerc-cip: CIP-003-8 R6
     nist: CM-5,CM-5(6),CM-5(6).1
     srg: SRG-OS-000259-GPOS-00100
-    stigid@rhel8: RHEL-08-010331
+    stigid@almalinux8: RHEL-08-010331
     stigid@sle12: SLES-12-010872
     stigid@sle15: SLES-15-010352
     stigid@ubuntu2004: UBTU-20-010427
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
index 6e957c30..3743441b 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/all_dirs_ok.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
 	find "$dirPath" -perm /022 -type d -exec chmod go-w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
index 55ff9ceb..93e11a14 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/owner_only_writable_dir.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
 DIRS="/lib /lib64 /usr/lib /usr/lib64"
 for dirPath in $DIRS; do
     chmod -R 755 "$dirPath"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
index c2b5b6bf..c6d40fa0 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_lib.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
 DIRS="/lib /lib64"
 for dirPath in $DIRS; do
 	mkdir -p "$dirPath/testme" && chmod 777  "$dirPath/testme"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
index 40e6c42c..8634e33c 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/dir_permissions_library_dirs/tests/world_writable_dir_on_usr_lib.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ubuntu,multi_platform_rhel,multi_platform_almalinux
 DIRS="/usr/lib /usr/lib64"
 for dirPath in $DIRS; do
 	mkdir -p "$dirPath/testme" && chmod 777 "$dirPath/testme"
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
index eec7485f..698722f7 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 # reboot = false
 # strategy = restrict
 # complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
index e352dd34..dc8fa8b2 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,Oracle Linux 8,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
 
 for SYSCMDFILES in /bin /sbin /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin
 do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
index 8fc75390..e0f73c01 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_groupownership_system_commands_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Verify that system commands files are group owned by root '
 
@@ -43,7 +43,7 @@ references:
     nist: CM-5(6),CM-5(6).1
     srg: SRG-OS-000259-GPOS-00100
     stigid@ol8: OL08-00-010320
-    stigid@rhel8: RHEL-08-010320
+    stigid@almalinux8: RHEL-08-010320
     stigid@sle12: SLES-12-010882
     stigid@sle15: SLES-15-010361
     stigid@ubuntu2004: UBTU-20-010458
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
index 04178f48..ce116710 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
index 5471f360..1a2c2a9f 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
 find /bin/ \
 /usr/bin/ \
 /usr/local/bin/ \
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
index b0006b2c..cc3bad25 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_binary_dirs/rule.yml
@@ -43,7 +43,7 @@ references:
     nist-csf: PR.AC-4,PR.DS-5
     srg: SRG-OS-000259-GPOS-00100
     stigid@ol8: OL08-00-010310
-    stigid@rhel8: RHEL-08-010310
+    stigid@almalinux8: RHEL-08-010310
     stigid@sle12: SLES-15-010879
     stigid@sle15: SLES-15-010359
     stigid@ubuntu2004: UBTU-20-010457
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
index b6bc18e8..6630189c 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
     nist-csf: PR.AC-4,PR.DS-5
     srg: SRG-OS-000259-GPOS-00100
     stigid@ol8: OL08-00-010340
-    stigid@rhel8: RHEL-08-010340
+    stigid@almalinux8: RHEL-08-010340
     stigid@sle12: SLES-12-010873
     stigid@sle15: SLES-15-010353
     stigid@ubuntu2004: UBTU-20-010428
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
index 92c6a088..f5601ebd 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/correct_owner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
 
 for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
 do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
index 84da71f4..f52ddfbb 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_ownership_library_dirs/tests/incorrect_owner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
 
 useradd user_test
 for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
index 33196965..b0572f9d 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = medium
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
index ab89b277..f4a7c33a 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_sle,multi_platform_ubuntu
 DIRS="/bin /usr/bin /usr/local/bin /sbin /usr/sbin /usr/local/sbin /usr/libexec"
 for dirPath in $DIRS; do
 	find "$dirPath" -perm /022 -exec chmod go-w '{}' \;
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
index 43ba90a6..8ff566c5 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_binary_dirs/rule.yml
@@ -43,7 +43,7 @@ references:
     nist-csf: PR.AC-4,PR.DS-5
     srg: SRG-OS-000259-GPOS-00100
     stigid@ol8: OL08-00-010300
-    stigid@rhel8: RHEL-08-010300
+    stigid@almalinux8: RHEL-08-010300
     stigid@sle12: SLES-12-010878
     stigid@sle15: SLES-15-010358
     stigid@ubuntu2004: UBTU-20-010456
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
index 5a708cf7..0301d7b2 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/file_permissions_library_dirs/rule.yml
@@ -44,7 +44,7 @@ references:
     nist-csf: PR.AC-4,PR.DS-5
     srg: SRG-OS-000259-GPOS-00100
     stigid@ol8: OL08-00-010330
-    stigid@rhel8: RHEL-08-010330
+    stigid@almalinux8: RHEL-08-010330
     stigid@sle12: SLES-12-010871
     stigid@sle15: SLES-15-010351
     stigid@ubuntu2004: UBTU-20-010426
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
index ec135b52..1bd33e47 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: |-
     Verify the system-wide library files in directories
@@ -43,7 +43,7 @@ references:
     nist: CM-5(6),CM-5(6).1
     srg: SRG-OS-000259-GPOS-00100
     stigid@ol8: OL08-00-010350
-    stigid@rhel8: RHEL-08-010350
+    stigid@almalinux8: RHEL-08-010350
     stigid@sle12: SLES-12-010875
     stigid@sle15: SLES-15-010355
     stigid@ubuntu2004: UBTU-20-01430
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
index 5356d374..a85c8800 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/correct_groupowner.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
 
 for SYSLIBDIRS in /lib /lib64 /usr/lib /usr/lib64
 do
diff --git a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
index 7352b60a..fc84e065 100644
--- a/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
+++ b/linux_os/guide/system/permissions/files/permissions_within_important_dirs/root_permissions_syslibrary_files/tests/incorrect_groupowner.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_rhel,multi_platform_fedora,multi_platform_ubuntu
+# platform = multi_platform_sle,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ubuntu
 
 groupadd group_test
 for TESTFILE in /lib/test_me /lib64/test_me /usr/lib/test_me /usr/lib64/test_me
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
index b0d59400..4a71eccd 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
index 12c48f27..d184e3e7 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_hardlinks/rule.yml
@@ -25,7 +25,7 @@ references:
     nist: CM-6(a),AC-6(1)
     srg: SRG-OS-000324-GPOS-00125
     stigid@ol8: OL08-00-010374
-    stigid@rhel8: RHEL-08-010374
+    stigid@almalinux8: RHEL-08-010374
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_hardlinks", value="1") }}}
 
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
index 5ce0decb..b7a4243e 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
index 32ab388f..0273088d 100644
--- a/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
+++ b/linux_os/guide/system/permissions/files/sysctl_fs_protected_symlinks/rule.yml
@@ -27,7 +27,7 @@ references:
     nist: CM-6(a),AC-6(1)
     srg: SRG-OS-000324-GPOS-00125
     stigid@ol8: OL08-00-010373
-    stigid@rhel8: RHEL-08-010373
+    stigid@almalinux8: RHEL-08-010373
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="fs.protected_symlinks", value="1") }}}
 
diff --git a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
index 184a746f..0807776c 100644
--- a/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/bios_assign_password/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
 
 title: 'Assign Password to Prevent Changes to Boot Firmware Configuration'
 
diff --git a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
index 311ae83b..a11f1d66 100644
--- a/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/bios_disable_usb_boot/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
 
 title: 'Disable Booting from USB Devices in Boot Firmware'
 
diff --git a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
index 848e7338..8f7db86a 100644
--- a/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/grub2_nousb_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8
 
 title: 'Disable Kernel Support for USB via Bootloader Configuration'
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
index 44c5bffe..2eb544c7 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
index a6e1bec4..fe2889b5 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_cramfs_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
 
 title: 'Disable Mounting of cramfs'
 
@@ -44,7 +44,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-3
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040025
-    stigid@rhel8: RHEL-08-040025
+    stigid@almalinux8: RHEL-08-040025
 
 {{{ complete_ocil_entry_module_disable(module="cramfs") }}}
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
index f53ca7e3..7decd700 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
index cf38af75..b27990b7 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_freevxfs_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
 
 title: 'Disable Mounting of freevxfs'
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
index ef0e24a3..829121c2 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
index fd08e9fa..68318195 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfs_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
 
 title: 'Disable Mounting of hfs'
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
index a20bc997..8106f54c 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
index 74f69a23..ef0bdbc4 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_hfsplus_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
 
 title: 'Disable Mounting of hfsplus'
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
index 77723846..fd3ece4c 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
index b2203d3f..2c0bc01e 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_jffs2_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,ubuntu1804,ubuntu2004
 
 title: 'Disable Mounting of jffs2'
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
index be4526c5..febc07d2 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
index 3380c193..459c2f31 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_squashfs_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 title: 'Disable Mounting of squashfs'
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
index ba69e9bf..615e5db4 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
index ba9f91f4..0c2db132 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_udf_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
 
 title: 'Disable Mounting of udf'
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
index 32e39f20..a00da355 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
index bd560d77..47fb22d8 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_usb-storage_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Disable Modprobe Loading of USB Storage Driver'
 
@@ -45,7 +45,7 @@ references:
     stigid@ol7: OL07-00-020100
     stigid@ol8: OL08-00-040080
     stigid@rhel7: RHEL-07-020100
-    stigid@rhel8: RHEL-08-040080
+    stigid@almalinux8: RHEL-08-040080
     stigid@sle12: SLES-12-010580
     stigid@sle15: SLES-15-010480
 
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
index 2be4cc35..a50aa726 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
index 5af0cf51..34618357 100644
--- a/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/kernel_module_vfat_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Disable Mounting of vFAT filesystems'
 
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
index 41352695..8b69802a 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhv,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
index 2035b36d..bbcd052a 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804,ubuntu2004,wrlinux1019
 
 title: 'Disable the Automounter'
 
@@ -53,7 +53,7 @@ references:
     stigid@ol7: OL07-00-020110
     stigid@ol8: OL08-00-040070
     stigid@rhel7: RHEL-07-020110
-    stigid@rhel8: RHEL-08-040070
+    stigid@almalinux8: RHEL-08-040070
     stigid@sle12: SLES-12-010590
     stigid@sle15: SLES-15-010240
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
index da7833ee..47c3af4c 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noauto/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Add noauto Option to /boot'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
index da96d7e5..1c278823 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nodev Option to /boot'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
index e6f8d284..d35ad835 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Add noexec Option to /boot'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
index 8f8c2fd5..cb1400e1 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_boot_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nosuid Option to /boot'
 
@@ -31,7 +31,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010571
-    stigid@rhel8: RHEL-08-010571
+    stigid@almalinux8: RHEL-08-010571
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
index 304b2c32..b5b9afd6 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nodev/rule.yml
@@ -42,7 +42,7 @@ references:
     stigid@ol7: OL07-00-021022
     stigid@ol8: OL08-00-040120
     stigid@rhel7: RHEL-07-021022
-    stigid@rhel8: RHEL-08-040120
+    stigid@almalinux8: RHEL-08-040120
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
index d99aa5f8..85ce4e1e 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
 
 title: 'Add noexec Option to /dev/shm'
 
@@ -45,7 +45,7 @@ references:
     stigid@ol7: OL07-00-021024
     stigid@ol8: OL08-00-040122
     stigid@rhel7: RHEL-07-021024
-    stigid@rhel8: RHEL-08-040122
+    stigid@almalinux8: RHEL-08-040122
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
index 29d43609..8498dd16 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_dev_shm_nosuid/rule.yml
@@ -42,7 +42,7 @@ references:
     stigid@ol7: OL07-00-021023
     stigid@ol8: OL08-00-040121
     stigid@rhel7: RHEL-07-021023
-    stigid@rhel8: RHEL-08-040121
+    stigid@almalinux8: RHEL-08-040121
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
index ad7a6cb0..9ca0d640 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
 
 title: 'Add nodev Option to /home'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
index 17fd0250..c47cd692 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Add noexec Option to /home'
 
@@ -29,7 +29,7 @@ references:
     nist: CM-6(b)
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010590
-    stigid@rhel8: RHEL-08-010590
+    stigid@almalinux8: RHEL-08-010590
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
index efcf8b6b..3be724a5 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_home_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'Add nosuid Option to /home'
 
@@ -40,7 +40,7 @@ references:
     stigid@ol7: OL07-00-021000
     stigid@ol8: OL08-00-010570
     stigid@rhel7: RHEL-07-021000
-    stigid@rhel8: RHEL-08-010570
+    stigid@almalinux8: RHEL-08-010570
     stigid@sle12: SLES-12-010790
     stigid@sle15: SLES-15-040140
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
index 16d7fc54..c020eca2 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_nonroot_local_partitions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nodev Option to Non-Root Local Partitions'
 
@@ -45,6 +45,6 @@ references:
     nist-csf: PR.IP-1,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010580
-    stigid@rhel8: RHEL-08-010580
+    stigid@almalinux8: RHEL-08-010580
 
 platform: machine
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
index 01adc4dd..2c2a8634 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nodev_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804
 
 title: 'Add nodev Option to Removable Media Partitions'
 
@@ -43,7 +43,7 @@ references:
     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010600
-    stigid@rhel8: RHEL-08-010600
+    stigid@almalinux8: RHEL-08-010600
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
index cb8b510e..40ec8601 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_noexec_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804
 
 title: 'Add noexec Option to Removable Media Partitions'
 
@@ -40,7 +40,7 @@ references:
     nist-csf: PR.AC-3,PR.AC-6,PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010610
-    stigid@rhel8: RHEL-08-010610
+    stigid@almalinux8: RHEL-08-010610
 
 ocil_clause: 'removable media partitions are present'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
index aacc7fc8..a824cca5 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_nosuid_removable_partitions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1804,wrlinux1019
 
 title: 'Add nosuid Option to Removable Media Partitions'
 
@@ -46,7 +46,7 @@ references:
     stigid@ol7: OL07-00-021010
     stigid@ol8: OL08-00-010620
     stigid@rhel7: RHEL-07-021010
-    stigid@rhel8: RHEL-08-010620
+    stigid@almalinux8: RHEL-08-010620
     stigid@sle12: SLES-12-010800
     stigid@sle15: SLES-15-040150
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
index b67d96ba..c97be491 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_opt_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Add nosuid Option to /opt'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
index 022dee6d..50d8fc14 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_srv_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Add nosuid Option to /srv'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
index 91d2e4b1..445580c3 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
 
 title: 'Add nodev Option to /tmp'
 
@@ -41,7 +41,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040123
-    stigid@rhel8: RHEL-08-040123
+    stigid@almalinux8: RHEL-08-040123
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
index d256935d..aeae4648 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 title: 'Add noexec Option to /tmp'
 
@@ -40,7 +40,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040125
-    stigid@rhel8: RHEL-08-040125
+    stigid@almalinux8: RHEL-08-040125
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
index 20a28c3e..495398f3 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_tmp_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
 
 title: 'Add nosuid Option to /tmp'
 
@@ -41,7 +41,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040124
-    stigid@rhel8: RHEL-08-040124
+    stigid@almalinux8: RHEL-08-040124
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
index ed5fb24d..bbfcb20d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nodev Option to /var/log/audit'
 
@@ -32,7 +32,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040129
-    stigid@rhel8: RHEL-08-040129
+    stigid@almalinux8: RHEL-08-040129
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
index afbb7621..b68aaa18 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add noexec Option to /var/log/audit'
 
@@ -30,7 +30,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040131
-    stigid@rhel8: RHEL-08-040131
+    stigid@almalinux8: RHEL-08-040131
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
index 69cdfe29..51352833 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_audit_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nosuid Option to /var/log/audit'
 
@@ -31,7 +31,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040130
-    stigid@rhel8: RHEL-08-040130
+    stigid@almalinux8: RHEL-08-040130
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
index eacb16c9..1bbcda2d 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nodev Option to /var/log'
 
@@ -32,7 +32,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040126
-    stigid@rhel8: RHEL-08-040126
+    stigid@almalinux8: RHEL-08-040126
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
index 95af813f..35c4dd04 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add noexec Option to /var/log'
 
@@ -31,7 +31,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040128
-    stigid@rhel8: RHEL-08-040128
+    stigid@almalinux8: RHEL-08-040128
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
index cb3ea8a7..b3dfafe8 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_log_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nosuid Option to /var/log'
 
@@ -32,7 +32,7 @@ references:
     nist-csf: PR.IP-1,PR.PT-2,PR.PT-3
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040127
-    stigid@rhel8: RHEL-08-040127
+    stigid@almalinux8: RHEL-08-040127
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
index fc144ac6..df807e2b 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nodev Option to /var'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
index 7119419e..eb43ae82 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Add noexec Option to /var'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
index ca3e15f3..a16ad330 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Add nosuid Option to /var'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
index 59e39270..5c154d33 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 # Delete particular /etc/fstab's row if /var/tmp is already configured to
 # represent a mount point (for some device or filesystem other than /tmp)
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
index 133e7727..0ec19fa7 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_bind/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Bind Mount /var/tmp To /tmp'
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
index 4fc4e4ef..071873cb 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nodev/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
 
 title: 'Add nodev Option to /var/tmp'
 
@@ -34,7 +34,7 @@ references:
     disa: CCI-001764
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040132
-    stigid@rhel8: RHEL-08-040132
+    stigid@almalinux8: RHEL-08-040132
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
index b499ccb8..99d3ce64 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_noexec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
 
 title: 'Add noexec Option to /var/tmp'
 
@@ -34,7 +34,7 @@ references:
     disa: CCI-001764
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040134
-    stigid@rhel8: RHEL-08-040134
+    stigid@almalinux8: RHEL-08-040134
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
index e0f00b5f..50e848be 100644
--- a/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
+++ b/linux_os/guide/system/permissions/partitions/mount_option_var_tmp_nosuid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804
 
 title: 'Add nosuid Option to /var/tmp'
 
@@ -34,7 +34,7 @@ references:
     disa: CCI-001764
     srg: SRG-OS-000368-GPOS-00154
     stigid@ol8: OL08-00-040133
-    stigid@rhel8: RHEL-08-040133
+    stigid@almalinux8: RHEL-08-040133
 
 platform: machine
 
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
index d9480227..554e34e0 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
index cb2a8972..edef6641 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_backtraces/rule.yml
@@ -38,7 +38,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010675
-    stigid@rhel8: RHEL-08-010675
+    stigid@almalinux8: RHEL-08-010675
 
 ocil_clause: ProcessSizeMax is not set to zero
 
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
index d9480227..554e34e0 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
index ede0cc9e..9ad57977 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/coredump_disable_storage/rule.yml
@@ -34,7 +34,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010674
-    stigid@rhel8: RHEL-08-010674
+    stigid@almalinux8: RHEL-08-010674
 
 ocil_clause: Storage is not set to none
 
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
index 5d6b55f0..97f8f558 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
 SECURITY_LIMITS_FILE="/etc/security/limits.conf"
 
 if grep -qE '\*\s+hard\s+core' $SECURITY_LIMITS_FILE; then
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
index 41cbd119..481afa58 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index f61b48fc..3916b7cd 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Disable Core Dumps for All Users'
 
@@ -38,7 +38,7 @@ references:
     nist-csf: DE.CM-1,PR.DS-4
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010673
-    stigid@rhel8: RHEL-08-010673
+    stigid@almalinux8: RHEL-08-010673
 
 ocil_clause: 'it is not'
 
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
index 1dfdc3d2..00805dfe 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Disable acquiring, saving, and processing core dumps'
 
@@ -29,7 +29,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010672
-    stigid@rhel8: RHEL-08-010672
+    stigid@almalinux8: RHEL-08-010672
 
 ocil_clause: unit systemd-coredump.socket is not masked or running
 
diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
index a51038bb..13f289b8 100644
--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
+++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 {{{ bash_instantiate_variables("var_umask_for_daemons") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
index 6b2922e1..6cccb08a 100644
--- a/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/daemon_umask/umask_for_daemons/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,almalinux8
 
 title: 'Set Daemon Umask'
 
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
index 579b8641..4dc86daf 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_exec_shield/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable ExecShield via sysctl'
 
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
index 415b0486..02b1e991 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
index 0bc8511f..6f33bcaa 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_kptr_restrict/rule.yml
@@ -28,7 +28,7 @@ references:
     nist: SC-30,SC-30(2),SC-30(5),CM-6(a)
     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000433-GPOS-00192,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040283
-    stigid@rhel8: RHEL-08-040283
+    stigid@almalinux8: RHEL-08-040283
     stigid@sle12: SLES-12-030320
     stigid@sle15: SLES-15-010540
 
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
index 7a4c107b..22e20912 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
index 805bf34b..c7ebb832 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_execshield_settings/sysctl_kernel_randomize_va_space/rule.yml
@@ -37,7 +37,7 @@ references:
     stigid@ol7: OL07-00-040201
     stigid@ol8: OL08-00-010430
     stigid@rhel7: RHEL-07-040201
-    stigid@rhel8: RHEL-08-010430
+    stigid@almalinux8: RHEL-08-010430
     stigid@sle12: SLES-12-030330
     stigid@sle15: SLES-15-010550
     stigid@ubuntu2004: UBTU-20-010448
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
index fabf9f88..7834d0ea 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Enable NX or XD Support in the BIOS'
 
@@ -37,7 +37,7 @@ references:
     nist-csf: PR.IP-1
     srg: SRG-OS-000433-GPOS-00192
     stigid@ol8: OL08-00-010420
-    stigid@rhel8: RHEL-08-010420
+    stigid@almalinux8: RHEL-08-010420
     stigid@ubuntu2004: UBTU-20-010447
 
 platform: machine
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
index 2df5dfbe..bfb97daf 100755
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/correct_value.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 # remediation = none
 
 cp /proc/cpuinfo /tmp/cpuinfo
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
index 37f4870f..1d82fec3 100755
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/bios_enable_execution_restrictions/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 # remediation = none
 
 cp /proc/cpuinfo /tmp/cpuinfo
diff --git a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
index 88ffe875..e0f80820 100644
--- a/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/enable_nx/install_PAE_kernel_on_x86-32/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4,sle12,sle15
 
 title: 'Install PAE Kernel on Supported 32-bit x86 Systems'
 
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
index 1ad6c6b3..25b0ffd9 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable page allocator poisoning'
 
@@ -29,7 +29,7 @@ references:
     nist: CM-6(a)
     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000134-GPOS-00068
     stigid@ol8: OL08-00-010421
-    stigid@rhel8: RHEL-08-010421
+    stigid@almalinux8: RHEL-08-010421
 
 ocil_clause: 'page allocator poisoning is not enabled'
 
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
index e40f5377..9c93f7d0 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable SLUB/SLAB allocator poisoning'
 
@@ -29,7 +29,7 @@ references:
     nist: CM-6(a)
     srg: SRG-OS-000433-GPOS-00192,SRG-OS-000134-GPOS-00068
     stigid@ol8: OL08-00-010423
-    stigid@rhel8: RHEL-08-010423
+    stigid@almalinux8: RHEL-08-010423
 
 ocil_clause: 'SLUB/SLAB poisoning is not enabled'
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
index 88c68344..fa9b2020 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
index efbcaa13..f9ba918e 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_core_pattern/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Disable storing core dumps'
 
@@ -24,7 +24,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010671
-    stigid@rhel8: RHEL-08-010671
+    stigid@almalinux8: RHEL-08-010671
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.core_pattern", value="|/bin/false") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
index 36e025cc..e97acde1 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
index e21ace56..9305a888 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_dmesg_restrict/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Restrict Access to Kernel Message Buffer'
 
@@ -27,7 +27,7 @@ references:
     nist: SI-11(a),SI-11(b)
     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
     stigid@ol8: OL08-00-010375
-    stigid@rhel8: RHEL-08-010375
+    stigid@almalinux8: RHEL-08-010375
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.dmesg_restrict", value="1") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
index 505b3c12..cdf18e6d 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
index 1fb1ef38..cc928d9d 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_kexec_load_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable Kernel Image Loading'
 
@@ -23,7 +23,7 @@ references:
     nist: CM-6
     srg: SRG-OS-000480-GPOS-00227,SRG-OS-000366-GPOS-00153
     stigid@ol8: OL08-00-010372
-    stigid@rhel8: RHEL-08-010372
+    stigid@almalinux8: RHEL-08-010372
 
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.kexec_load_disabled", value="1") }}}
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
index 1722b937..03e919ac 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_modules_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable loading and unloading of kernel modules'
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
index 52456967..c4915c47 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_cpu_time_max_percent/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Limit CPU consumption of the Perf system'
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
index f78db1b0..53059efc 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_max_sample_rate/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Limit sampling frequency of the Perf system'
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
index 0541e59a..50020c28 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
index 136f3b39..a49ce809 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_perf_event_paranoid/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disallow kernel profiling by unprivileged users'
 
@@ -24,7 +24,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000138-GPOS-00069
     stigid@ol8: OL08-00-010376
-    stigid@rhel8: RHEL-08-010376
+    stigid@almalinux8: RHEL-08-010376
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.perf_event_paranoid", value="2") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
index 4299f35b..56bb333d 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_pid_max/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure maximum number of process identifiers'
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
index f17eeb7a..31e51854 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_sysrq/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disallow magic SysRq key'
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
index 2e24d921..7b706bb3 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
index e45cfd16..2958b708 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_unprivileged_bpf_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Disable Access to Network bpf() Syscall From Unprivileged Processes'
 
@@ -24,7 +24,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040281
-    stigid@rhel8: RHEL-08-040281
+    stigid@almalinux8: RHEL-08-040281
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.unprivileged_bpf_disabled", value="1") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
index ceafd483..7006e206 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
index 6b3f295e..d39a9e6f 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_kernel_yama_ptrace_scope/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Restrict usage of ptrace to descendant processes'
 
@@ -26,7 +26,7 @@ references:
     nist: SC-7(10)
     srg: SRG-OS-000132-GPOS-00067,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040282
-    stigid@rhel8: RHEL-08-040282
+    stigid@almalinux8: RHEL-08-040282
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="kernel.yama.ptrace_scope", value="1") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
index 7519b774..af6c30ab 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhcos,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
index 173e8678..25cfa284 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_net_core_bpf_jit_harden/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Harden the operation of the BPF just-in-time compiler'
 
@@ -24,7 +24,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040286
-    stigid@rhel8: RHEL-08-040286
+    stigid@almalinux8: RHEL-08-040286
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="net.core.bpf_jit_harden", value="2") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
index fdd4fb83..3274d5b3 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/kubernetes/shared.yml
@@ -1,5 +1,5 @@
 ---
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_rhcos
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_rhcos
 apiVersion: machineconfiguration.openshift.io/v1
 kind: MachineConfig
 spec:
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
index 7671cca5..bf75a83b 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_user_max_user_namespaces/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9
 
 title: 'Disable the use of user namespaces'
 
@@ -32,7 +32,7 @@ references:
     ospp: FMT_SMF_EXT.1
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040284
-    stigid@rhel8: RHEL-08-040284
+    stigid@almalinux8: RHEL-08-040284
 
 {{{ complete_ocil_entry_sysctl_option_value(sysctl="user.max_user_namespaces", value="0") }}}
 
diff --git a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
index 93a11ee5..61e87801 100644
--- a/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/sysctl_vm_mmap_min_addr/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Prevent applications from mapping low portion of virtual memory'
 
diff --git a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
index 352e1c4e..5b4baa10 100644
--- a/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
+++ b/linux_os/guide/system/selinux/coreos_enable_selinux_kernel_argument/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Ensure SELinux Not Disabled in the kernel arguments'
 
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
index e9ff094d..f0a8bcdb 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
index 735354a2..0c13b196 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_rhv,multi_platform_fedora,multi_platform_ol,SUSE Linux Enterprise 15
 
 sed -i --follow-symlinks "s/selinux=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
 sed -i --follow-symlinks "s/enforcing=0//gI" /etc/default/grub /etc/grub2.cfg /etc/grub.d/*
diff --git a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
index 27903c9e..0bb95ceb 100644
--- a/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
+++ b/linux_os/guide/system/selinux/grub2_enable_selinux/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Ensure SELinux Not Disabled in /etc/default/grub'
 
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
index d38f1829..c6e06cb7 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Install libselinux Package'
 
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-installed-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-installed-removed.fail.sh
index ea0437f5..8759a6ce 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-installed-removed.fail.sh
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-installed-removed.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 # Package libselinux cannot be uninstalled normally
 # as it would cause removal of sudo package which is
diff --git a/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-removed.fail.sh b/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-removed.fail.sh
index ea0437f5..8759a6ce 100644
--- a/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-removed.fail.sh
+++ b/linux_os/guide/system/selinux/package_libselinux_installed/tests/package-removed.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 # Package libselinux cannot be uninstalled normally
 # as it would cause removal of sudo package which is
diff --git a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
index 81f72105..f5fa640c 100644
--- a/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_mcstrans_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: 'Uninstall mcstrans Package'
 
diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
index 74c92194..4bf954c8 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
 
 title: 'Install policycoreutils-python-utils package'
 
diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
index f16a8ebe..e41c2c37 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Install policycoreutils Package'
 
@@ -32,7 +32,7 @@ references:
     disa: CCI-001084
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010171
-    stigid@rhel8: RHEL-08-010171
+    stigid@almalinux8: RHEL-08-010171
 
 ocil_clause: 'the package is not installed'
 
diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
index d20c1116..78446be3 100644
--- a/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_setroubleshoot-plugins_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall setroubleshoot-plugins Package'
 
diff --git a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
index c5fec06d..ff4e6b57 100644
--- a/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_setroubleshoot-server_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall setroubleshoot-server Package'
 
diff --git a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
index 8992283a..f6cabc95 100644
--- a/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
+++ b/linux_os/guide/system/selinux/package_setroubleshoot_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: 'Uninstall setroubleshoot Package'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
index 8cf0b59e..d09e423c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhv4
 
 title: 'Disable the abrt_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
index 96a33aa5..0446f71e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_handle_event/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhv4
 
 title: 'Disable the abrt_handle_event SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
index 8bb491c3..6bea1884 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_abrt_upload_watch_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhv4
 
 title: 'Disable the abrt_upload_watch_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
index 9059fdf0..2f1dd2ed 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_can_scan_system/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the antivirus_can_scan_system SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
index ebbce6ed..fec2f5d6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_antivirus_use_jit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the antivirus_use_jit SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
index f3be1c78..405ac2f7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_auditadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the auditadm_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
index 1de5f715..c45f45d5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_nsswitch_use_ldap/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the authlogin_nsswitch_use_ldap SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
index 57cb33c8..00e5d2e7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_radius/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the authlogin_radius SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
index fc7a5770..b937eb9a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_authlogin_yubikey/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the authlogin_yubikey SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
index e6c6bbe3..b3411ada 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_awstats_purge_apache_log_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the awstats_purge_apache_log_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
index 8cba7a6c..e6fe999d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_boinc_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the boinc_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
index 6d1ab1fb..b657ac12 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cdrecord_read_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cdrecord_read_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
index d38be936..09cc2e6e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cluster_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
index a6558b75..acb9fd61 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_manage_all_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cluster_manage_all_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
index 4dba59fc..8d2948e6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cluster_use_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cluster_use_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
index 9c405241..11375b94 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cobbler_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
index 96c0e256..08ea062a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cobbler_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
index 93bdc97c..3b2b401d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cobbler_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
index a7d6e9e7..02a7c4db 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cobbler_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cobbler_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
index d2c8b686..f9c7e326 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_collectd_tcp_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the collectd_tcp_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
index 1f560285..38809dd3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_condor_tcp_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the condor_tcp_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
index c880bf74..cc1d9b92 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_conman_can_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the conman_can_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
index e9051bb9..e4bd1074 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_container_connect_any/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the container_connect_any SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
index 8030890f..ebdcc1a5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_can_relabel/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the cron_can_relabel SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
index 1c0270c0..d605ca51 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_system_cronjob_use_shares/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the cron_system_cronjob_use_shares SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
index db921dc0..ba593d16 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cron_userdomain_transition/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the cron_userdomain_transition SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
index d1d7ded6..4fb4bf2c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cups_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cups_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
index af5727d6..6cae839d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_cvs_read_shadow/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the cvs_read_shadow SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
index 7ef9fda5..02fbacc4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_dump_core/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the daemons_dump_core SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
index 07ef4320..0a1a11d7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_enable_cluster_mode/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the daemons_enable_cluster_mode SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
index 64be1daf..c5e1f925 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tcp_wrapper/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the daemons_use_tcp_wrapper SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
index 9a92ccdd..dce9bc4b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_daemons_use_tty/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the daemons_use_tty SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
index c75cce8a..cb56c79e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the dbadm_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
index 2b9a11ba..3e1236fb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_manage_user_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the dbadm_manage_user_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
index 707d7113..82b8a228 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dbadm_read_user_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the dbadm_read_user_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
index 2a35a2db..d9aefa8c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the deny_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
index 1dd4eef6..1356b6fd 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_deny_ptrace/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the deny_ptrace SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
index 9b4bfe10..d648713f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpc_exec_iptables/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the dhcpc_exec_iptables SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
index 75f044c4..c2cec43e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_dhcpd_use_ldap/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the dhcpd_use_ldap SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
index a5acdd0f..b208f50b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_fd_use/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the domain_fd_use SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
index bbc2a154..84c0a25c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_domain_kernel_load_modules/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the domain_kernel_load_modules SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
index 2c75b117..a87eabb4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_entropyd_use_audio/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the entropyd_use_audio SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
index 12305e08..3d287f7c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_can_connect_db/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the exim_can_connect_db SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
index 2d54130d..3c3d3645 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_manage_user_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the exim_manage_user_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
index b240c116..93ecd94c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_exim_read_user_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the exim_read_user_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
index 9b3cf756..f8ea2f6c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fcron_crond/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the fcron_crond SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
index 1f71bedb..3316263f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the fenced_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
index cac41de7..96edf0ff 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fenced_can_ssh/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the fenced_can_ssh SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
index 5851293f..ec0a9345 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_fips_mode/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the fips_mode SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
index dbf31b53..2b2f5bc3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
index 579ac3f5..7ebfb8bd 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_all_unreserved/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_connect_all_unreserved SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
index f2d973ba..b473ef96 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_connect_db/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_connect_db SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
index cf9e7826..017cfec4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_full_access/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_full_access SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
index 14b1f752..73153bbf 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
index 6cb9d9df..896fb999 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_use_fusefs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
index 4035d4f8..e9e734e1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
index c1236064..f2276697 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ftpd_use_passive_mode/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ftpd_use_passive_mode SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
index 47e9b420..86d7f819 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_cgi_enable_homedirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
index ca5a2bcd..cc91e16f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_cgi_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
index f8b5c912..cee5cb7a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_cgi_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_cgi_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
index 8dffa1dd..855a231f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_session_bind_all_unreserved_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
index f4dca61a..7c8c3dd2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_session_users/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_session_users SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
index 170fcfdf..31ad34ce 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_system_enable_homedirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
index c46e622e..8935f832 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_system_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
index b149744b..4006fe66 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_git_system_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the git_system_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
index 2fa3db75..dba2c36f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gitosis_can_sendmail/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the gitosis_can_sendmail SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
index f8324918..790d5167 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_api_can_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the glance_api_can_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
index ee835d3e..24ee3fae 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the glance_use_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
index 70546358..3146c801 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_glance_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the glance_use_fusefs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
index 12cb7bdc..ec058a02 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_global_ssp/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the global_ssp SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
index 19903fc9..31bf578d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the gluster_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
index c586752c..3eac3ab0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the gluster_export_all_ro SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
index 953d6f51..445c6f2a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gluster_export_all_rw/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure the gluster_export_all_rw SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
index fc5c20b9..5e4d075c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gpg_web_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the gpg_web_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
index 9cf94d26..fe53e4a3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_gssd_read_tmp/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the gssd_read_tmp SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
index fb0b8f6e..6b64581a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_guest_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the guest_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
index f5e5a38e..f96727ff 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_haproxy_connect_any/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the haproxy_connect_any SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
index 7ac8bcac..8717ac94 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
index 9d1fbe43..e2eef2ad 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_builtin_scripting/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure the httpd_builtin_scripting SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
index f08b0711..4c2f3603 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_check_spam/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_check_spam SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
index 6511bfe2..6f07db4d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ftp/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_connect_ftp SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
index 9d088182..5f01b615 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_ldap/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_connect_ldap SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
index fe8400ee..c292070a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_mythtv/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_connect_mythtv SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
index d8282606..3d80037c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_connect_zabbix/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_connect_zabbix SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
index 51f2d075..ea465e8c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
index 04ffe7de..d45f0d7d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_cobbler/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_network_connect_cobbler SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
index 38b2cbfe..2b40a15c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_connect_db/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_network_connect_db SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
index d844dcdb..d45a0031 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_memcache/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_network_memcache SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
index bff3c8ce..8dad299f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_network_relay/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_network_relay SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
index 8d73dd26..3582c1a4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_can_sendmail/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_can_sendmail SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
index 3cfbca8a..de20f874 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_avahi/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_dbus_avahi SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
index da62291c..398bc8c7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dbus_sssd/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_dbus_sssd SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
index dc9651f9..2fec140e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_dontaudit_search_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_dontaudit_search_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
index 63eb6e1e..21df0707 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_cgi/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Configure the httpd_enable_cgi SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
index 677ed3ce..4f1a4791 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_ftp_server/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_enable_ftp_server SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
index a2b05231..c0d75670 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_enable_homedirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
index ee05eba7..bf3793e5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
index b5a42076..fd15c031 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_graceful_shutdown/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the httpd_graceful_shutdown SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
index d8453a7d..5fcb23b5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_manage_ipa/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_manage_ipa SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
index 0b2ad316..3347f027 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_ntlm_winbind/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_mod_auth_ntlm_winbind SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
index eaf8ea4d..2adfa1ac 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_mod_auth_pam/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_mod_auth_pam SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
index e258ff54..cf04e5bb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_read_user_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_read_user_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
index d8b3f4e6..c17c8a97 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_ipa/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_run_ipa SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
index 413472cb..f96365f8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_preupgrade/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_run_preupgrade SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
index 4cc54284..3c320028 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_run_stickshift/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_run_stickshift SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
index 27a979c8..6200f0a0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_serve_cobbler_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_serve_cobbler_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
index e09231f7..08f76037 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_setrlimit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_setrlimit SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
index 81ee3798..c00302d0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_ssi_exec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_ssi_exec SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
index 61140b8d..16585685 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_sys_script_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_sys_script_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
index ad6c2ea7..c8a12f68 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tmp_exec/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_tmp_exec SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
index 12b4dcc1..04841fb3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_tty_comm/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_tty_comm SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
index ffcda8a2..364640ad 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_unified/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_unified SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
index 4a5c7bdc..88d0bf75 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
index 79c4149f..3df100b7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_use_fusefs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
index d022811e..1e157cfa 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_gpg/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_use_gpg SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
index 4080ca05..b872c1a8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
index dbbb07cf..d0477e44 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_openstack/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_use_openstack SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
index fe0840e2..f88ad485 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_use_sasl/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_use_sasl SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
index 61def0aa..6bfb1a2c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_httpd_verify_dns/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the httpd_verify_dns SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
index 724cbbce..97bd40b0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_icecast_use_any_tcp_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the icecast_use_any_tcp_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
index a7da73c3..66621010 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irc_use_any_tcp_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the irc_use_any_tcp_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
index d82f9ff2..d14ca236 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_irssi_use_full_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the irssi_use_full_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
index fdb0a982..4573675c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kdumpgui_run_bootloader/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the kdumpgui_run_bootloader SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
index f154f106..e53861bb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_kerberos_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the kerberos_enabled SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
index eb32deaf..48b83090 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ksmtuned_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
index 86376cba..74e8dfb6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ksmtuned_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the ksmtuned_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
index ec2cec98..dfe4a75d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the logadm_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
index dad98e38..b45bdc4b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_can_sendmail/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the logging_syslogd_can_sendmail SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
index 3c520540..6acdf661 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_run_nagios_plugins/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the logging_syslogd_run_nagios_plugins SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
index b55c01f0..1b05386f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logging_syslogd_use_tty/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the logging_syslogd_use_tty SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
index 1e423f46..064a77ef 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_login_console_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the login_console_enabled SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
index 8e327772..e5b4122d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logrotate_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the logrotate_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
index d5e181b9..5da3e9c0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_logwatch_can_network_connect_mail/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the logwatch_can_network_connect_mail SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
index 4d3c7838..32b05be7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_lsmd_plugin_connect_any/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the lsmd_plugin_connect_any SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
index 6dfb2e01..5eb9727d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mailman_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mailman_use_fusefs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
index d235fe6f..95b28e43 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_client/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mcelog_client SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
index 46c9d61a..706520e3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_exec_scripts/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the mcelog_exec_scripts SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
index 80757940..86ada5a3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_foreground/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mcelog_foreground SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
index 48cc45cb..8a59bf4c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mcelog_server/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mcelog_server SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
index 040edc1f..068785b4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_minidlna_read_generic_user_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the minidlna_read_generic_user_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
index 134cb824..52a2a0cb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mmap_low_allowed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the mmap_low_allowed SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
index 7302201a..9a1666c2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mock_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the mock_enable_homedirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
index 8354e36e..c85174c8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mount_anyfile/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the mount_anyfile SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
index a461e301..5a57d162 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_bind_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mozilla_plugin_bind_unreserved_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
index b544dd12..17206906 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mozilla_plugin_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
index 878c10bd..69c810a9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_bluejeans/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mozilla_plugin_use_bluejeans SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
index eba60ff3..66ab4c43 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_gps/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mozilla_plugin_use_gps SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
index a5655a34..ba398fec 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_plugin_use_spice/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mozilla_plugin_use_spice SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
index 8d8407db..b56b3b40 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mozilla_read_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mozilla_read_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
index db538e06..7c6f98ea 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mpd_enable_homedirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
index 5bff3c99..d359d281 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mpd_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
index 97140465..a4af6e2d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mpd_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mpd_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
index bb5e5948..a412fc8b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mplayer_execstack/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mplayer_execstack SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
index 98a1ebcf..cce1c87e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_mysql_connect_any/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the mysql_connect_any SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
index 70347807..2d91a12f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_pnp4nagios/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the nagios_run_pnp4nagios SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
index 489a099a..7d208a85 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nagios_run_sudo/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the nagios_run_sudo SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
index a51fbbea..1f31780a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_tcp_bind_http_port/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the named_tcp_bind_http_port SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
index c9d54a98..b4bb8d07 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_named_write_master_zones/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the named_write_master_zones SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
index b543c733..3df85ab6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_neutron_can_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the neutron_can_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
index c0718a62..4ade28e7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the nfs_export_all_ro SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
index 0355bad7..7d4a3dfc 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfs_export_all_rw/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the nfs_export_all_rw SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
index 8d21a80b..0b0a2ee5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nfsd_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the nfsd_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
index 9ae527ee..b9324567 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nis_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the nis_enabled SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
index 2223ef84..abb41046 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_nscd_use_shm/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the nscd_use_shm SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
index 1c4fa8c1..9c06f296 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openshift_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the openshift_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
index affa929a..b0ba05f1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the openvpn_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
index 425be626..20e4922a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_enable_homedirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the openvpn_enable_homedirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
index 8ebfe542..04fcdf6d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_openvpn_run_unconfined/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the openvpn_run_unconfined SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
index c1a13523..fe23e776 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the pcp_bind_all_unreserved_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
index 9f902520..a76d4523 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pcp_read_generic_logs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the pcp_read_generic_logs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
index bf1ea51c..3c76e1fc 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_piranha_lvs_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the piranha_lvs_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
index 7e628966..82442a13 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_connect_all_unreserved/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the polipo_connect_all_unreserved SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
index fa974402..39da107d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the polipo_session_bind_all_unreserved_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
index f2f93ba3..2993b2f9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_session_users/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the polipo_session_users SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
index 0f0fe5d6..bd263df1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_cifs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the polipo_use_cifs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
index 1c1d302e..7353b3ab 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polipo_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the polipo_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
index 53f154e7..969390fd 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_polyinstantiation_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the polyinstantiation_enabled SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
index 1c061280..f607bdc2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postfix_local_write_mail_spool/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the postfix_local_write_mail_spool SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
index 2d4f2e59..dcfcc5b4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_can_rsync/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the postgresql_can_rsync SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
index f7fdf042..e2bde893 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_transmit_client_label/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the postgresql_selinux_transmit_client_label SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
index e4e888a8..0935fa0f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_unconfined_dbadm/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the postgresql_selinux_unconfined_dbadm SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
index 215daf93..c8f70c02 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_postgresql_selinux_users_ddl/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the postgresql_selinux_users_ddl SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
index 9ff99173..6e8c37d1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_can_insmod/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the pppd_can_insmod SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
index ef5d648f..a3f5a525 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_pppd_for_user/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the pppd_for_user SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
index b9f04990..320d69e0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_privoxy_connect_any/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the privoxy_connect_any SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
index ec8fa105..3f3d870e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_prosody_bind_http_port/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the prosody_bind_http_port SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
index ce7bc2f5..f1b87a1d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetagent_manage_all_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the puppetagent_manage_all_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
index 894fed16..7f85d5e0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_puppetmaster_use_db/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the puppetmaster_use_db SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
index 2cae0d28..4120691c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_racoon_read_shadow/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the racoon_read_shadow SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
index 8720c030..614c4e60 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the rsync_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
index 58878837..5ea8dc21 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_client/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the rsync_client SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
index 154646cf..4aec9d3e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the rsync_export_all_ro SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
index 832dfa25..2de80cb7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_rsync_full_access/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the rsync_full_access SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
index 85b65a88..207d77e8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_create_home_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_create_home_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
index c67f1f86..8cd0f5e0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_domain_controller/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_domain_controller SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
index 1698ed1d..90798fe7 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_enable_home_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_enable_home_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
index 9a21f5f6..b3efb3e9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_ro/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_export_all_ro SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
index fd52c836..49a8ec85 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_export_all_rw/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_export_all_rw SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
index 826beddf..5a08118e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_load_libgfapi/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_load_libgfapi SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
index d901e686..9073796e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_portmapper/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_portmapper SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
index c409c6bb..9729d7fa 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_run_unconfined/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_run_unconfined SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
index cc2efcfb..707659d6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_fusefs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_share_fusefs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
index 085f7118..0230e13e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_samba_share_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the samba_share_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
index 07428064..aa479f16 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the sanlock_use_fusefs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
index c1a64ba8..550a22a0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the sanlock_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
index c413f111..6b4110bf 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sanlock_use_samba/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the sanlock_use_samba SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
index f0d4bbc9..def16a42 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_saslauthd_read_shadow/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the saslauthd_read_shadow SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
index fe166c84..613e2054 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the secadm_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
index 8812aab5..58433655 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the secure_mode SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
index 428bb90b..5416bfa6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_insmod/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the secure_mode_insmod SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
index cf06eb5e..a156f971 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_secure_mode_policyload/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the secure_mode_policyload SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
index d9918450..702adbee 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_direct_dri_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Configure the selinuxuser_direct_dri_enabled SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
index dd87bfe5..313e4ef6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execheap/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Disable the selinuxuser_execheap SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
index 26617b23..85eef9d2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execmod/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Enable the selinuxuser_execmod SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
index 4a78c892..13b80855 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_execstack/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'disable the selinuxuser_execstack SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
index 273c5ac0..4a4a181c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_mysql_connect_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the selinuxuser_mysql_connect_enabled SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
index 0645deb5..36f1e961 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_ping/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the selinuxuser_ping SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
index b71a1ff7..17bb3478 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_postgresql_connect_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the selinuxuser_postgresql_connect_enabled SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
index cc3ae761..45665fea 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_rw_noexattrfile/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the selinuxuser_rw_noexattrfile SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
index 46b98953..118af784 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_share_music/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the selinuxuser_share_music SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
index 692df86c..cb301be6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_tcp_server/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the selinuxuser_tcp_server SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
index 016131f1..f8ed8c83 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_udp_server/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the selinuxuser_udp_server SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
index 5fcf435e..49176ecf 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_selinuxuser_use_ssh_chroot/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the selinuxuser_use_ssh_chroot SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
index 17054b75..da8b92c6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_domain_can_network_connect/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the sge_domain_can_network_connect SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
index df44870b..1ad1905a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sge_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the sge_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
index 03a20026..8496b412 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smartmon_3ware/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the smartmon_3ware SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
index a597045a..b9f168ca 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_smbd_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the smbd_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
index 04514bde..570b320f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamassassin_can_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the spamassassin_can_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
index 3f743cbf..32ec94a0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_spamd_enable_home_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the spamd_enable_home_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
index ec5c45e7..6345f86a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_connect_any/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the squid_connect_any SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
index dd156deb..e39be3fd 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_squid_use_tproxy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the squid_use_tproxy SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
index ef2338c1..57cd8389 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_chroot_rw_homedirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the ssh_chroot_rw_homedirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
index 5ab6b17e..ac0457bf 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_keysign/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the ssh_keysign SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
index d54bcf54..e44a05c6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_ssh_sysadm_login/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the ssh_sysadm_login SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
index 6afbfdf2..761f9f99 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the staff_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
index 4cb6582d..83c50aef 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_staff_use_svirt/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the staff_use_svirt SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
index 60ac4523..5bea5bed 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_swift_can_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the swift_can_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
index d3dfd51e..3ba9d15d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_sysadm_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the sysadm_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
index d4d469d2..4ecc3659 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_connect_all_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the telepathy_connect_all_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
index 1321809a..24257e70 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_telepathy_tcp_connect_generic_network_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the telepathy_tcp_connect_generic_network_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
index 7d8a2cc2..a9448683 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the tftp_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
index 9b553ff7..e3b67bd5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tftp_home_dir/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the tftp_home_dir SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
index 1d6ea593..fe961347 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the tmpreaper_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
index 0981d8bb..768670d4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tmpreaper_use_samba/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the tmpreaper_use_samba SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
index df86f451..8f307e56 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_bind_all_unreserved_ports/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the tor_bind_all_unreserved_ports SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
index 86e08e38..7e863ca9 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_tor_can_network_relay/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the tor_can_network_relay SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
index f0556d17..b6c44d72 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_chrome_sandbox_transition/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the unconfined_chrome_sandbox_transition SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
index 403ec891..b2db23d6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_login/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the unconfined_login SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
index d8f69ced..45d778d2 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unconfined_mozilla_plugin_transition/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the unconfined_mozilla_plugin_transition SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
index b9ea2bbe..cda7f281 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_unprivuser_use_svirt/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the unprivuser_use_svirt SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
index 7620ff49..224241b1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_ecryptfs_home_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the use_ecryptfs_home_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
index 0b74be73..fde9d57e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_fusefs_home_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the use_fusefs_home_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
index ec79d2ec..dd36abc1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_lpd_server/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the use_lpd_server SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
index fdfad24e..8708942e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_nfs_home_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the use_nfs_home_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
index 4da19ea4..32b01588 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_use_samba_home_dirs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the use_samba_home_dirs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
index ecb2e959..ea2e5df8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_user_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Enable the user_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
index 0b2097dc..0619143c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_varnishd_connect_any/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the varnishd_connect_any SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
index 7899bd3b..f7a88517 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_read_qemu_ga_data/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_read_qemu_ga_data SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
index 822b9894..8f57e4e5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_rw_qemu_ga_data/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_rw_qemu_ga_data SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
index df5c0c82..559cd12b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_all_caps/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_sandbox_use_all_caps SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
index f0009fe4..df761480 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_audit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the virt_sandbox_use_audit SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
index 03b024c0..7689f05a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_mknod/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_sandbox_use_mknod SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
index 1891511d..3b80c5e8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_netlink/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_sandbox_use_netlink SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
index b7fcd58a..a1577449 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_sandbox_use_sys_admin/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_sandbox_use_sys_admin SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
index 3a54abbb..25d71216 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_transition_userdomain/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_transition_userdomain SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
index bef0f9a8..901dc85e 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_comm/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_comm SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
index b4c890c4..baa86e1b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
index f92f814f..1ef74b8a 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_fusefs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_fusefs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
index 7db9e5b3..1e0cd0f5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
index ea059d54..23c6e632 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_rawip/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_rawip SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
index bd6cccac..b664f299 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_samba/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_samba SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
index 7db733fe..9707ac1c 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_sanlock/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_sanlock SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
index bc2e3350..cb103a38 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_usb/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_usb SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
index 8420fe49..ed9094f4 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_virt_use_xserver/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the virt_use_xserver SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
index 3d69f6b2..bf19fbb8 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_manage_user_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the webadm_manage_user_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
index c8859dd0..e0d5a9d1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_webadm_read_user_files/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the webadm_read_user_files SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
index 46ea5e90..f9940356 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_wine_mmap_zero_ignore/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the wine_mmap_zero_ignore SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
index d777db4e..18d4819d 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_bind_vnc_tcp_port/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xdm_bind_vnc_tcp_port SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
index 6200ed21..db68ab72 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_exec_bootloader/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xdm_exec_bootloader SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
index 2142a35e..6fb378c1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_sysadm_login/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xdm_sysadm_login SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
index 19c1b27d..79b1a8af 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xdm_write_home/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xdm_write_home SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
index 38ff90e0..c6fd91eb 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xen_use_nfs/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the xen_use_nfs SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
index 9bd43515..8971006b 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_blktap/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the xend_run_blktap SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
index 1faef3c8..42a5a4f6 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xend_run_qemu/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the xend_run_qemu SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
index c289bd43..f1b137f3 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_connect_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xguest_connect_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
index 0ddc2fe7..ed411cee 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_exec_content/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xguest_exec_content SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
index d58ed222..c0bee0ab 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_mount_media/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xguest_mount_media SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
index 3ecd6e32..51366088 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xguest_use_bluetooth/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xguest_use_bluetooth SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
index b1faac83..ca7e9e1f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_clients_write_xshm/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xserver_clients_write_xshm SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
index dc0ff0f6..220222b0 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_execmem/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xserver_execmem SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
index 1e83bdc4..3aa38819 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_xserver_object_manager/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Disable the xserver_object_manager SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
index f48eccf1..ce7b6cac 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zabbix_can_network/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the zabbix_can_network SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
index 4775f929..28113c1f 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zarafa_setrlimit/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the zarafa_setrlimit SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
index ede5e2a4..0159cace 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zebra_write_config/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the zebra_write_config SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
index f97013e6..ad916ea1 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_anon_write/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the zoneminder_anon_write SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
index dc7b1290..9596c2d5 100644
--- a/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
+++ b/linux_os/guide/system/selinux/selinux-booleans/sebool_zoneminder_run_sudo/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9
+prodtype: rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the zoneminder_run_sudo SELinux Boolean'
 
diff --git a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
index 50bd7f11..32b95cf4 100644
--- a/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_all_devicefiles_labeled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Ensure No Device Files are Unlabeled by SELinux'
 
diff --git a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
index e71e50c8..12868974 100644
--- a/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_confinement_of_daemons/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Ensure No Daemons are Unconfined by SELinux'
 
diff --git a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
index 73e6ec7c..def4c28a 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
index 3b546bd8..2daf4ad9 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
+++ b/linux_os/guide/system/selinux/selinux_policytype/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_policytype/rule.yml b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
index e3400c0b..87490406 100644
--- a/linux_os/guide/system/selinux/selinux_policytype/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_policytype/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15,wrlinux1019
 
 title: 'Configure SELinux Policy'
 
@@ -53,7 +53,7 @@ references:
     stigid@ol7: OL07-00-020220
     stigid@ol8: OL08-00-010450
     stigid@rhel7: RHEL-07-020220
-    stigid@rhel8: RHEL-08-010450
+    stigid@almalinux8: RHEL-08-010450
     vmmsrg: SRG-OS-000445-VMM-001780
 
 ocil_clause: 'it does not'
diff --git a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
index 1c1560a8..fc86b614 100644
--- a/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
+++ b/linux_os/guide/system/selinux/selinux_state/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
index 32baf94a..87ff017b 100644
--- a/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
+++ b/linux_os/guide/system/selinux/selinux_state/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/selinux/selinux_state/rule.yml b/linux_os/guide/system/selinux/selinux_state/rule.yml
index 5fada777..60201297 100644
--- a/linux_os/guide/system/selinux/selinux_state/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_state/rule.yml
@@ -45,7 +45,7 @@ references:
     stigid@ol7: OL07-00-020210
     stigid@ol8: OL08-00-010170
     stigid@rhel7: RHEL-07-020210
-    stigid@rhel8: RHEL-08-010170
+    stigid@almalinux8: RHEL-08-010170
     vsrg: SRG-OS-000445-VMM-001780
 
 ocil_clause: 'SELINUX is not set to enforcing'
diff --git a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
index 8cf3c25c..0e9cad5e 100644
--- a/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
+++ b/linux_os/guide/system/selinux/selinux_user_login_roles/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Map System Users To The Appropriate SELinux Role'
 
diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
index 13231dc2..1e424769 100644
--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Encrypt Partitions'
 
@@ -72,7 +72,7 @@ references:
     nist@sle15: SC-28,SC-28.1
     srg: SRG-OS-000405-GPOS-00184,SRG-OS-000185-GPOS-00079,SRG-OS-000404-GPOS-00183
     stigid@ol8: OL08-00-010030
-    stigid@rhel8: RHEL-08-010030
+    stigid@almalinux8: RHEL-08-010030
     stigid@sle12: SLES-12-010450
     stigid@sle15: SLES-15-010330
     stigid@ubuntu2004: UBTU-20-010414
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
index 92f8f073..aa67ffb9 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_boot/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Ensure /boot Located On Separate Partition'
 
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
index 24b86b58..0260413c 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_home/rule.yml
@@ -43,7 +43,7 @@ references:
     stigid@ol7: OL07-00-021310
     stigid@ol8: OL08-00-010800
     stigid@rhel7: RHEL-07-021310
-    stigid@rhel8: RHEL-08-010800
+    stigid@almalinux8: RHEL-08-010800
     stigid@sle12: SLES-12-010850
     stigid@sle15: SLES-15-040200
 
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
index 44c81100..975c95c1 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_opt/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Ensure /opt Located On Separate Partition'
 
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
index c4951c5a..b26d26ef 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_tmp/rule.yml
@@ -38,7 +38,7 @@ references:
     stigid@ol7: OL07-00-021340
     stigid@ol8: OL08-00-010543
     stigid@rhel7: RHEL-07-021340
-    stigid@rhel8: RHEL-08-010543
+    stigid@almalinux8: RHEL-08-010543
 
 {{{ complete_ocil_entry_separate_partition(part="/tmp") }}}
 
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
index 4620f4be..9d08de15 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_usr/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Ensure /usr Located On Separate Partition'
 
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
index 69928762..17f62056 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var/rule.yml
@@ -42,7 +42,7 @@ references:
     stigid@ol7: OL07-00-021320
     stigid@ol8: OL08-00-010540
     stigid@rhel7: RHEL-07-021320
-    stigid@rhel8: RHEL-08-010540
+    stigid@almalinux8: RHEL-08-010540
     stigid@sle12: SLES-12-010860
     stigid@sle15: SLES-15-040210
     vmmsrg: SRG-OS-000341-VMM-001220
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
index dcdacb63..06acac74 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log/rule.yml
@@ -38,7 +38,7 @@ references:
     nist-csf: PR.PT-1,PR.PT-4
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010541
-    stigid@rhel8: RHEL-08-010541
+    stigid@almalinux8: RHEL-08-010541
 
 {{{ complete_ocil_entry_separate_partition(part="/var/log") }}}
 
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
index 6f71a8b6..7d0b7b8d 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_log_audit/rule.yml
@@ -47,7 +47,7 @@ references:
     stigid@ol7: OL07-00-021330
     stigid@ol8: OL08-00-010542
     stigid@rhel7: RHEL-07-021330
-    stigid@rhel8: RHEL-08-010542
+    stigid@almalinux8: RHEL-08-010542
     stigid@sle12: SLES-12-010870
     stigid@sle15: SLES-15-030810
     vmmsrg: SRG-OS-000341-VMM-001220
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
index dbacf978..07d434ef 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu1804,ubuntu2004
 
 title: 'Ensure /var/tmp Located On Separate Partition'
 
@@ -32,7 +32,7 @@ references:
     cis@ubuntu2004: 1.1.11
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010544
-    stigid@rhel8: RHEL-08-010544
+    stigid@almalinux8: RHEL-08-010544
 
 {{{ complete_ocil_entry_separate_partition(part="/var/tmp") }}}
 
diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
index d24ad613..78e4f65c 100644
--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 
 dconf update
diff --git a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
index dae8d1ca..3f63eddb 100644
--- a/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/gnome/dconf_db_up_to_date/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 title: 'Make sure that the dconf databases are up-to-date with regards to respective keyfiles'
 
diff --git a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
index ffde0523..c56b91c0 100644
--- a/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
+++ b/linux_os/guide/system/software/gnome/enable_dconf_user_profile/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Configure GNOME3 DConf User Profile'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
index c3baa1b8..be83f158 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
index 3165c09f..f2135e0b 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_restart_shutdown/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable the GNOME3 Login Restart and Shutdown Buttons'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
index ca6beab0..8e18147d 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
index f1f73151..012662c3 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_disable_user_list/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Disable the GNOME3 Login User List'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
index f5d68f1c..91f02c0d 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
index ce44e98c..1f66017c 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_enable_smartcard_auth/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Enable the GNOME3 Login Smartcard Authentication'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
index 79e90887..921cfd53 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_lock_screen_on_smartcard_removal/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: 'Enable the GNOME3 Screen Locking On Smartcard Removal'
 
@@ -33,7 +33,7 @@ references:
     disa: CCI-000056
     srg: SRG-OS-000028-GPOS-00009,SRG-OS-000030-GPOS-00011
     stigid@ol8: OL08-00-020050
-    stigid@rhel8: RHEL-08-020050
+    stigid@almalinux8: RHEL-08-020050
 
 ocil_clause: 'removal-action has not been configured'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
index 45e6c24a..e06d9600 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
index baf8f8a1..6bede2b8 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/dconf_gnome_login_retries/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Set the GNOME3 Login Number of Failures'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
index 6b19c813..1f656f5a 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
index 3aa2491e..0dfb7988 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_automatic_login/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable GDM Automatic Login'
 
@@ -39,7 +39,7 @@ references:
     stigid@ol7: OL07-00-010440
     stigid@ol8: OL08-00-010820
     stigid@rhel7: RHEL-07-010440
-    stigid@rhel8: RHEL-08-010820
+    stigid@almalinux8: RHEL-08-010820
 
 ocil_clause: 'GDM allows users to automatically login'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
index ef2933c5..0d72f6f6 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
index 569fccfa..b89d4cc5 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,multi_platform_fedora,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,multi_platform_ol
 
 if rpm --quiet -q gdm
 then
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
index 2d7584c3..b260701c 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_guest_login/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Disable GDM Guest Login'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
index 0ca67c74..332a5018 100644
--- a/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_login_screen/gnome_gdm_disable_xdmcp/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
index 60417ff4..0af05e79 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
index a5271bc5..9e0dc115 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable GNOME3 Automounting'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
index ac168ef9..69ecfa6a 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
index 8283802e..0612d84c 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_automount_open/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable GNOME3 Automount Opening'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
index 51e4063c..3591b726 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
index efefee40..198fd42b 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_autorun/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable GNOME3 Automount running'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
index d9084479..bd866343 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
index cfaad53a..94454d77 100644
--- a/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_media_settings/dconf_gnome_disable_thumbnailers/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable All GNOME3 Thumbnailers'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
index d82d2741..d7eca57d 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
index 739ce837..82376091 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_create/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable WIFI Network Connection Creation in GNOME3'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
index 416732d6..dfd0a49e 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
index 0d8eb600..96d42b6b 100644
--- a/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_network_settings/dconf_gnome_disable_wifi_notification/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable WIFI Network Notification in GNOME3'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
index 09eed836..601191b4 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
index cdf4c645..d27c6c8e 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_credential_prompt/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: 'Require Credential Prompting for Remote Access in GNOME3'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
index bf1efbe6..efa5b96a 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
index fd5f0a6d..af0de315 100644
--- a/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_remote_access_settings/dconf_gnome_remote_access_encryption/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: 'Require Encryption for Remote Access in GNOME3'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
index f7c7b437..95781d5a 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
index 5c131548..9ea4dce0 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle15
 
 title: 'Enable GNOME3 Screensaver Idle Activation'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
index d3f144c8..ae170b80 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
index b94df803..aaa45d94 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_activation_locked/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Ensure Users Cannot Change GNOME3 Screensaver Idle Activation'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
index 962fff57..bf9af4c0 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
index 905c5680..1bc2c210 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_idle_delay/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 title: 'Set GNOME3 Screensaver Inactivity Timeout'
 
@@ -54,7 +54,7 @@ references:
     stigid@ol7: OL07-00-010070
     stigid@ol8: OL08-00-020060
     stigid@rhel7: RHEL-07-010070
-    stigid@rhel8: RHEL-08-020060
+    stigid@almalinux8: RHEL-08-020060
     stigid@sle12: SLES-12-010080
     stigid@sle15: SLES-15-010120
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
index ab219dc4..e303520d 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
index 46d19003..1b2e9db5 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_delay/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Set GNOME3 Screensaver Lock Delay After Activation Period'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
index 292bcf8f..bdba6192 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
index e84a95f7..c2048973 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Enable GNOME3 Screensaver Lock After Idle Period'
 
@@ -56,7 +56,7 @@ references:
     stigid@ol7: OL07-00-010060
     stigid@ol8: OL08-00-020030
     stigid@rhel7: RHEL-07-010060
-    stigid@rhel8: RHEL-08-020030
+    stigid@almalinux8: RHEL-08-020030
     stigid@sle12: SLES-12-010060
     stigid@sle15: SLES-15-010100
     stigid@ubuntu2004: UBTU-20-010004
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
index 34ff91ab..875abf68 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
index 4b9770e1..04dea645 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_lock_locked/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Ensure Users Cannot Change GNOME3 Screensaver Lock After Idle Period'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
index 4dbe2b3c..7313b6bc 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
index 4ac56470..d16064f2 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_mode_blank/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 title: 'Implement Blank Screensaver'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
index 606e00c5..792db4ca 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
index 9f86c7ed..556d1227 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_info/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable Full User Name on Splash Shield'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
index ed7d9884..a41cb715 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
index d0173ce6..66020289 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_screensaver_user_locks/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Ensure Users Cannot Change GNOME3 Screensaver Settings'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
index aae97c96..18c7ec75 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
index cbe3e082..5d4750c7 100644
--- a/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_screen_locking/dconf_gnome_session_idle_user_locks/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Ensure Users Cannot Change GNOME3 Session Idle Settings'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
index 76181547..eb340cb5 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
index 818e00cb..681d5e7d 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_ctrlaltdel_reboot/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Disable Ctrl-Alt-Del Reboot Key Sequence in GNOME3'
 
@@ -47,7 +47,7 @@ references:
     stigid@ol7: OL07-00-020231
     stigid@ol8: OL08-00-040171
     stigid@rhel7: RHEL-07-020231
-    stigid@rhel8: RHEL-08-040171
+    stigid@almalinux8: RHEL-08-040171
     stigid@ubuntu2004: UBTU-20-010459
 
 ocil_clause: 'GNOME3 is configured to reboot when Ctrl-Alt-Del is pressed'
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
index 71f1ed93..19e07ca5 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
index 051d4f13..b9def751 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_geolocation/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable Geolocation in GNOME3'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
index 7a2e35b8..8d2debf7 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_power_settings/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable Power Settings in GNOME3'
 
diff --git a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
index 592f8558..664c876c 100644
--- a/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
+++ b/linux_os/guide/system/software/gnome/gnome_system_settings/dconf_gnome_disable_user_admin/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Disable User Administration in GNOME3'
 
diff --git a/linux_os/guide/system/software/gnome/group.yml b/linux_os/guide/system/software/gnome/group.yml
index 27b2e8e2..b93c5bcf 100644
--- a/linux_os/guide/system/software/gnome/group.yml
+++ b/linux_os/guide/system/software/gnome/group.yml
@@ -12,7 +12,7 @@ description: |-
     {{% if product in ['ol7', 'ol8'] %}}
     Oracle Linux Graphical environment.
     {{% else %}}
-    Red Hat Graphical environment.
+    AlmaLinux Graphical environment.
     {{% endif %}}
     


     For more information on GNOME and the GNOME Project, see {{{ weblink(link="https://www.gnome.org") }}}.
diff --git a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
index 65a915de..e6a694e9 100644
--- a/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
+++ b/linux_os/guide/system/software/gnome/package_gdm_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9,rhv4,ubuntu2004
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9,rhv4,ubuntu2004
 
 title: 'Remove the GDM Package Group'
 
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
index d27f6bf0..2198a8a4 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019,wrlinux8
 
 title: 'The Installed Operating System Is FIPS 140-2 Certified'
 
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
index 931be7e8..17fe400d 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/oval/shared.xml
@@ -4,6 +4,7 @@
         The operating system installed on the system is supported by a vendor that provides security patches.
       ") }}}
     
+      
       
       
       
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
index 61ec677f..ae972fd5 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,wrlinux1019
 
 title: 'The Installed Operating System Is Vendor Supported'
 
@@ -12,6 +12,9 @@ description: |-
 {{% elif product in ["sle12", "sle15"] %}}
     SUSE Linux Enterprise is supported by SUSE. As the SUSE Linux Enterprise
     vendor, SUSE is responsible for providing security patches.
+{{% elif product == "almalinux8" %}}
+    AlmaLinux is supported by AlmaLinux. As the AlmaLinux
+    vendor, AlmaLinux is responsible for providing security patches.
 {{% else %}}
     Red Hat Enterprise Linux is supported by Red Hat, Inc. As the Red Hat Enterprise
     Linux vendor, Red Hat, Inc. is responsible for providing security patches.
@@ -49,7 +52,7 @@ references:
     stigid@ol7: OL07-00-020250
     stigid@ol8: OL08-00-010000
     stigid@rhel7: RHEL-07-020250
-    stigid@rhel8: RHEL-08-010000
+    stigid@almalinux8: RHEL-08-010000
     stigid@sle12: SLES-12-010000
     stigid@sle15: SLES-15-010000
 
@@ -62,6 +65,8 @@ ocil: |-
     
$ grep -i "red hat" /etc/redhat-release

 {{% elif product in ["ol7", "ol8"] %}}
     
$ grep -i "oracle" /etc/oracle-release

+{{% elif product in ["almalinux8"] %}}
+    
$ grep -i "almalinux" /etc/almalinux-release

 {{% elif product in ["sle12", "sle15"] %}}
     
$ grep -i "suse" /etc/os-release

 {{% endif %}}
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
index 0b5d756b..07225621 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Configure BIND to use System Crypto Policy'
 
@@ -31,7 +31,7 @@ references:
     nist: SC-13,SC-12(2),SC-12(3)
     srg: SRG-OS-000423-GPOS-00187,SRG-OS-000426-GPOS-00190
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
 
 ocil_clause: |-
     BIND is installed and the BIND config file doesn't contain the
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
index 2c9316c3..ff0480eb 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/absent.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = bind
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 
 BIND_CONF='/etc/named.conf'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
index eeee56ba..ef03fc9a 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/bind_not_installed.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 yum remove -y bind || true
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
index 98b91d69..b647f75c 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/no_config_file.fail.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 # packages = bind
 # 
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # We don't remediate anything if the config file is missing completely.
 # remediation = none
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
index 6218d35e..ea8f9062 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/ok.pass.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = bind
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 BIND_CONF='/etc/named.conf'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
index 1efeb70a..1be51e61 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_bind_crypto_policy/tests/overrides.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = bind
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 
 BIND_CONF='/etc/named.conf'
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
index 393e7210..195d74a8 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Configure System Cryptography Policy'
 
@@ -68,7 +68,7 @@ references:
     ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1
     srg: SRG-OS-000396-GPOS-00176,SRG-OS-000393-GPOS-00173,SRG-OS-000394-GPOS-00174
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
 
 ocil_clause: 'cryptographic policy is not configured or is configured incorrectly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
index efc1cab4..7e7ff6e1 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # packages = crypto-policies-scripts
 
 # IMPORTANT: This is a false negative scenario.
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
index 46d8e341..3e58358f 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/config_newer_than_current.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # packages = crypto-policies-scripts
 
 update-crypto-policies --set "DEFAULT"
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
index a18ad25b..c7a3c469 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_nss_config.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
index 04527eb2..7adf3b61 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
index 8864a8cd..6597c501 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/missing_policy_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
index 33719ca9..9de20e3c 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_file.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
index 6e53c39d..307cfba9 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
index 1cb6ea49..2a5dc207 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_cis_server_l1,xccdf_org.ssgproject.content_profile_cis_workstation_l1
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
index 51d35ff9..96db9dda 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_e8
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
index 053c5c1a..eafa80bc 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_default_set.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
index 07cbb3f6..ae916f02 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
index 99d975bc..125e4ce2 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
index fc7aeeae..3e831ed3 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_crypto_policy/tests/wrong_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
index a044c5e9..e94e13fe 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,almalinux8
 
 title: 'Configure GnuTLS library to use DoD-approved TLS Encryption'
 
@@ -30,7 +30,7 @@ references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093,SRG-OS-000423-GPOS-00187
     stigid@ol8: OL08-00-010295
-    stigid@rhel8: RHEL-08-010295
+    stigid@almalinux8: RHEL-08-010295
 
 ocil_clause: 'cryptographic policy for gnutls is not configured or is configured incorrectly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
index 3c964c53..52245efc 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/gnutls.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
index 5c006cec..dfde03fb 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/gnutls.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
index 7a82fe62..b51aacb7 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/gnutls.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
index ad39b47d..e4ca9f99 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_gnutls_tls_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/gnutls.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
index f1a839f1..b0ef8c66 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Configure Kerberos to use System Crypto Policy'
 
@@ -29,7 +29,7 @@ references:
     nist: SC-13,SC-12(2),SC-12(3)
     srg: SRG-OS-000120-GPOS-00061
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
 
 ocil_clause: 'the symlink does not exist or points to a different target'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
index 677aa91c..3bcda12d 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_correct_policy.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 rm -f /etc/krb5.conf.d/crypto-policies
 ln -s /etc/crypto-policies/back-ends/krb5.config /etc/krb5.conf.d/crypto-policies
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
index 2c0cb3be..f73e155e 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_missing_policy.fail.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 rm -f /etc/krb5.conf.d/crypto-policies
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
index 842fb7b4..99563741 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_kerberos_crypto_policy/tests/kerberos_wrong_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 rm -f /etc/krb5.conf.d/crypto-policies
 ln -s /etc/crypto-policies/back-ends/openssh.config /etc/krb5.conf.d/crypto-policies
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
index 783b2f84..f8fe132b 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Configure Libreswan to use System Crypto Policy'
 
@@ -34,7 +34,7 @@ references:
     ospp: FCS_IPSEC_EXT.1.4,FCS_IPSEC_EXT.1.6
     srg: SRG-OS-000033-GPOS-00014
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
 
 ocil_clause: |-
     Libreswan is installed and /etc/ipsec.conf does not contain include /etc/crypto-policies/back-ends/libreswan.config
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
index 32a820e0..c7a7793a 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/libreswan_not_installed.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 yum remove -y libreswan || true
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
index dda7430c..c45d1fa4 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_commented.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = libreswan
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 
 cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
index c74f70dc..a58740ee 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_is_there.pass.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = libreswan
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 
 cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
index a8f9df03..89803c89 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/line_not_there.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = libreswan
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 
 cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
index 1ef57ed1..804d7dd7 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_libreswan_crypto_policy/tests/wrong_value.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = libreswan
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 
 cp ipsec.conf /etc
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
index eee83810..1928dd4c 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Configure OpenSSL library to use System Crypto Policy'
 
@@ -31,7 +31,7 @@ references:
     nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13,SC-12(2),SC-12(3)
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol8: OL08-00-010293
-    stigid@rhel8: RHEL-08-010293
+    stigid@almalinux8: RHEL-08-010293
 
 ocil_clause: |-
     the OpenSSL config file doesn't contain the whole section,
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
index e424e796..abff84c2 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/nothing.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 . common.sh
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
index 2c1ad0db..00112ea7 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/ok.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 . common.sh
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
index d758cdb2..32d98127 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/section_not_include.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 . common.sh
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
index 7f0c394f..653de38d 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_crypto_policy/tests/wrong.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 . common.sh
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
index e6bc7fef..d1f09ce8 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
 
 title: 'Configure OpenSSL library to use TLS Encryption'
 
@@ -29,7 +29,7 @@ references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol8: OL08-00-010294
-    stigid@rhel8: RHEL-08-010294
+    stigid@almalinux8: RHEL-08-010294
 
 ocil_clause: 'cryptographic policy for openssl is not configured or is configured incorrectly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
index 13513cb4..60ddb8a9 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
index 96d8ce78..78e4ae08 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_commented.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
index 8be710e2..1b609a09 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
index 04409d51..76c29e61 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
index ae4f3c0c..a44d71a7 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
index fe410552..e1184893 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
index 7a3b7c32..0eddf01d 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
index 60b0ce0e..72ef3ef8 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Configure SSH to use System Crypto Policy'
 
@@ -30,7 +30,7 @@ references:
     nist: AC-17(a),AC-17(2),CM-6(a),MA-4(6),SC-13
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010287
+    stigid@almalinux8: RHEL-08-010287
 
 ocil_clause: 'the CRYPTO_POLICY variable is not set or is commented in the /etc/sysconfig/sshd'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
index 0076833e..98facaf0 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/absent.pass.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 SSH_CONF="/etc/sysconfig/sshd"
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
index da414e21..a95c2912 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/comment.pass.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 SSH_CONF="/etc/sysconfig/sshd"
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
index 1e8762ff..a05ff03d 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/no_config_file.pass.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 SSH_CONF="/etc/sysconfig/sshd"
 
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
index d3e1eb9e..e6900a3b 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/configure_ssh_crypto_policy/tests/overrides.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 SSH_CONF="/etc/sysconfig/sshd"
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
index d530f4b7..b5fdd0b2 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
index cd7c4fb6..1deb135a 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
 
 cp="Ciphersuites = TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256"
 file="/etc/crypto-policies/local.d/opensslcnf-ospp.config"
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml
index 067adc6a..eb5225df 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhcos4,rhel8
+prodtype: rhcos4,rhel8,almalinux8
 
 title: 'Harden OpenSSL Crypto Policy'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
index 0debb6c7..f7e5d921 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
index b1f745b6..2925fc55 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_commented.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
index a01e5d13..ecd34e6f 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
index d6fa6598..f33cb317 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
index 573375dc..52fe8501 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
index eecad423..cd8e604c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
index 7a3b7c32..0eddf01d 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_openssl_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensslcnf.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
index 17bf0e67..c633df0b 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_cipher.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
index 9b8e954f..8edf32e2 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_gssapi.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
index 63538daa..3e042aa8 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_kex.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
index 4460f191..bcab9c7f 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_macs.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
index 7c54b424..9e490182 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_match.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "#Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
index 9da3614e..3f045e64 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_pubkey.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
index 3c198dd3..d264cb91 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/commented_rekey.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
index 05bccf0f..2913e604 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/config_before_match_all.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Ciphers aes256-ctr,aes256-cbc,aes128-ctr,aes128-cbc\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
index 7a7b44aa..6c8973d3 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
index 352c0920..fe139103 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 rm -f "$file"
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
index 7e433ef0..bc80daa1 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_ciphers.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
index 5b9c44d1..e8e69c07 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_gssapi.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
index 40957c0f..5127c281 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_kex.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
index ec44ce92..0975f5fe 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_macs.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
index 1310f724..15133197 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_match.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "RekeyLimit 512M 1h\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
index d4ec1fe7..92a5a459 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_pubkey.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
index 91976a67..ca683377 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/missing_rekey.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
index 259cf23a..a20d9284 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
index c933ac99..c54c8242 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/redefined_gssapi.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
index 7ff44b61..156ce61c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_cipher.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
index 24e709ea..9689bc39 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_kex.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
index a25f9a30..ce8219f3 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_macs.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
index 269d73db..c1c74c14 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/supercompliant_pubkey.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
index 2f7ca269..2710f6ec 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_ciphers.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
index 77ea3eaa..c0c59c20 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_kex.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
index 3e1a9f78..e9a3d380 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_macs.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
index b6ff5881..5198a648 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_ssh_client_crypto_policy/tests/wrong_pubkey.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 file="/etc/ssh/ssh_config.d/02-ospp.conf"
 echo -e "Match final all\n\
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
index 0a74e07c..11263cbb 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
index 6db8f965..2f017299 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
index a58e0d83..12ab4eb6 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: 'Configure SSH Client to Use FIPS 140-2 Validated Ciphers: openssh.config'
 
@@ -32,7 +32,7 @@ references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
 
 ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
index 0a27a7e0..9d1613f3 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
index 5cadd95b..ef215bad 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
index 26220063..ccb19599 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
index 55ef3f58..b379631a 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
index 7105441a..ab012d8a 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
index 6ad1f4fd..6f73c2b6 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
index 92bd4ed9..df4b63d7 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 incorrect_sshd_approved_ciphers=aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes256-ctr,aes256-cbc
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
index 2138caad..50b1b349 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
index e83aeb89..f64e72e6 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
index 14d764ca..49e23f8c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_ciphers") }}}
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
index 92ac6468..cb6f28c6 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
 
 title: 'Configure SSH Server to Use FIPS 140-2 Validated Ciphers: opensshserver.config'
 
@@ -32,7 +32,7 @@ references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol8: OL08-00-010291
-    stigid@rhel8: RHEL-08-010291
+    stigid@almalinux8: RHEL-08-010291
 
 ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
index 1a8911d5..fff3b756 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_ciphers=aes256-ctr,aes192-ctr,aes128-ctr
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
index 3dde1479..3c0b9110 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
index f97f54db..a8d0ef50 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
index 11e596ce..b2301c45 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_ciphers_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
index 7a9a2a5e..25cf3fd3 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_fedora
 
 cp="CRYPTO_POLICY='-oCiphers=aes256-ctr,aes128-ctr,aes256-cbc,aes128-cbc -oMACs=hmac-sha2-512,hmac-sha2-256 -oGSSAPIKeyExchange=no -oKexAlgorithms=ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group14-sha1 -oHostKeyAlgorithms=ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256 -oPubkeyAcceptedKeyTypes=rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256'"
 file=/etc/crypto-policies/local.d/opensshserver-ospp.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
index 0c438c31..f5067892 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhv4,sle12,sle15
 
 title: 'Harden SSHD Crypto Policy'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
index d0541b7a..e3f47684 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
index 44434606..503b9d3c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_commented.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
index a9222766..60b7a02f 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/correct_followed_by_incorrect.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
index b1e285f9..c2bd5f7b 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
index 754195e4..37165976 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
index 8bf264dc..4a1bb0ce 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_followed_by_correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
index a7634669..a3d5a1af 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
index 1928d2cf..6914ed91 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_crypto_policy/tests/missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
index c1ea94ce..39eadbef 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
index 451da4db..5d373e6b 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_macs") }}}
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
index 193587a8..055d5b10 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: 'Configure SSH Client to Use FIPS 140-2 Validated MACs: openssh.config'
 
@@ -30,7 +30,7 @@ references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
 
 ocil_clause: 'Crypto Policy for OpenSSH client is not configured correctly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
index 5a4b6887..2211658c 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
index e713d254..2ee92db0 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_commented.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
index b8a63bec..1bed4c1e 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_correct_followed_by_incorrect_commented.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
index 55ef3f58..b379631a 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
index 9980a456..c46aa761 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
index d1303d60..7a90058d 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_followed_by_correct_commented.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
index 8b21af46..93a148d1 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
index 2138caad..50b1b349 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_openssh_conf_crypto_policy/tests/stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/openssh.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
index 6a0e4594..3ce06096 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
index a06ffc2d..6b4a4f76 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,multi_platform_fedora
+# platform = Oracle Linux 8,Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora
 
 {{{ bash_instantiate_variables("sshd_approved_macs") }}}
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
index a8a3e37b..f0a09be9 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
 
 title: 'Configure SSH Server to Use FIPS 140-2 Validated MACs: opensshserver.config'
 
@@ -30,7 +30,7 @@ references:
     nist: AC-17(2)
     srg: SRG-OS-000250-GPOS-00093
     stigid@ol8: OL08-00-010290
-    stigid@rhel8: RHEL-08-010290
+    stigid@almalinux8: RHEL-08-010290
 
 ocil_clause: 'Crypto Policy for OpenSSH Server is not configured correctly'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
index 14da9221..59606fb0 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 sshd_approved_macs=hmac-sha2-512,hmac-sha2-256
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
index 3dde1479..3c0b9110 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_empty_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
index a50a0fc0..027fcba0 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_incorrect_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
index 11e596ce..b2301c45 100644
--- a/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/harden_sshd_macs_opensshserver_conf_crypto_policy/tests/rhel8_stig_missing_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 # profiles = xccdf_org.ssgproject.content_profile_stig
 
 configfile=/etc/crypto-policies/back-ends/opensshserver.config
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
index beec02c9..878ed4ce 100644
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
 
 cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
 {{{ openssl_strong_entropy_config_file() }}}
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml
index ccd4752c..1e51025c 100644
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/rule.yml
@@ -1,7 +1,7 @@
 documentation_complete: true
 
 # TODO: The plan is not to need this for RHEL>=8.4
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,almalinux8
 
 title: 'OpenSSL uses strong entropy source'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
index 6becf987..3f1fd277 100644
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 cat > /etc/profile.d/openssl-rand.sh <<- 'EOM'
 # provide a default -rand /dev/random option to openssl commands that
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
index 72b7daab..f4236e6b 100644
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_missing.fail.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 rm -f /etc/profile.d/openssl-rand.sh
diff --git a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
index 7034224c..19393e1d 100644
--- a/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/openssl_use_strong_entropy/tests/file_modified.fail.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 echo "wrong data" > /etc/profile.d/openssl-rand.sh
diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
index 68ce3979..5460c879 100644
--- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8,rhel9
+prodtype: ol8,rhel8,almalinux8,rhel9
 
 title: 'Install crypto-policies package'
 
diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-installed-removed.fail.sh b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-installed-removed.fail.sh
index 025e7ef6..7fdf9b11 100644
--- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-installed-removed.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-installed-removed.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 # The crypto-policies package cannot be normally removed
 # from a system, therefore as a part of testing we only
diff --git a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-removed.fail.sh b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-removed.fail.sh
index c5a1d53d..618f0719 100644
--- a/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-removed.fail.sh
+++ b/linux_os/guide/system/software/integrity/crypto/package_crypto-policies_installed/tests/package-removed.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 #
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 # The crypto-policies package cannot be normally removed
 # from a system, therefore as a part of testing we only
diff --git a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
index 1ac4527f..563cc96b 100644
--- a/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/disable_prelink/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml
index 264d2f94..14cc99d5 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_antivirus/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Install Virus Scanning Software'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
index 7eed9c54..283a078e 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/install_hids/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle15
 
 title: 'Install Intrusion Detection Software'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
index 78b9bdee..9a60ee12 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_antivirus/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Install McAfee Virus Scanning Software'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml
index 6e9f3bcb..a89f3228 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/install_mcafee_cma_rt/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Install the McAfee Runtime Libraries and Linux Agent'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml
index dc856f8b..a5561435 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_antivirus_definitions_updated/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8
+prodtype: rhel7,rhel8,almalinux8
 
 title: 'Virus Scanning Software Definitions Are Updated'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
index 1dd1e524..5d3b15bd 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/agent_mfetpd_running/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Ensure McAfee Endpoint Security for Linux (ENSL) is running'
 
@@ -27,7 +27,7 @@ references:
     stigid@ol7: OL07-00-020019
     stigid@ol8: OL08-00-010001
     stigid@rhel7: RHEL-07-020019
-    stigid@rhel8: RHEL-08-010001
+    stigid@almalinux8: RHEL-08-010001
 
 ocil_clause: 'virus scanning software is not running'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
index b1da4909..aface146 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_endpoint_security_software/package_mcafeetp_installed/rule.yml
@@ -6,7 +6,7 @@
 
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,ubuntu2004
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,ubuntu2004
 
 title: 'Install McAfee Endpoint Security for Linux (ENSL)'
 
@@ -35,7 +35,7 @@ references:
     stigid@ol7: OL07-00-020019
     stigid@ol8: OL08-00-010001
     stigid@rhel7: RHEL-07-020019
-    stigid@rhel8: RHEL-08-010001
+    stigid@almalinux8: RHEL-08-010001
     stigid@ubuntu2004: UBTU-20-010415
 
 ocil_clause: 'the package is not installed'
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml
index 9223793b..2131c1d9 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_accm/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Install the Asset Configuration Compliance Module (ACCM)'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml
index 29469a9b..16a7d4f2 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/mcafee_hbss_software/install_mcafee_hbss_pa/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Install the Policy Auditor (PA) Module'
 
diff --git a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml
index 83ef73b9..3ff9ea78 100644
--- a/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml
+++ b/linux_os/guide/system/software/integrity/endpoint_security_software/mcafee_security_software/service_nails_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8
+prodtype: rhel7,rhel8,almalinux8
 
 title: 'Enable nails Service'
 
diff --git a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
index 3b7c3229..3ea794c5 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_dracut_fips_module/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
 
 title: "Enable Dracut FIPS Module"
 
@@ -32,7 +32,7 @@ references:
     ospp: FCS_RBG_EXT.1
     srg: SRG-OS-000478-GPOS-00223
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
 
 ocil_clause: 'the Dracut FIPS module is not enabled'
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
index 6977a704..e18dbd02 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,multi_platform_fedora,Oracle Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,multi_platform_fedora,Oracle Linux 8
 # reboot = true
 # strategy = restrict
 # complexity = medium
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
index 7627a67f..ed7a77bd 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,Oracle Linux 8,Red Hat Virtualization 4
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,Oracle Linux 8,Red Hat Virtualization 4
 {{{ bash_instantiate_variables("var_system_crypto_policy") }}}
 
 fips-mode-setup --enable
diff --git a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
index 30cbc939..6454b7e0 100644
--- a/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/enable_fips_mode/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
 
 title: Enable FIPS Mode
 
@@ -40,7 +40,7 @@ references:
     ospp: FCS_COP.1(1),FCS_COP.1(2),FCS_COP.1(3),FCS_COP.1(4),FCS_CKM.1,FCS_CKM.2,FCS_TLSC_EXT.1,FCS_RBG_EXT.1
     srg: SRG-OS-000478-GPOS-00223,SRG-OS-000396-GPOS-00176
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
 
 ocil_clause: 'FIPS mode is not enabled'
diff --git a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
index 64c78276..c5b4c036 100644
--- a/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/etc_system_fips_exists/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: Ensure '/etc/system-fips' exists
 
diff --git a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
index 4e2427ba..bbc7f8ff 100644
--- a/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/grub2_enable_fips_mode/rule.yml
@@ -18,7 +18,7 @@ description: |-
     
  • On BIOS-based machines, issue the following command as root:
     
    ~]# grub2-mkconfig -o {{{ grub2_boot_path }}}/grub.cfg
    • 
     
  • On UEFI-based machines, issue the following command as root:
-    
    ~]# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
    • 
+    
    ~]# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
    
     
 
 rationale: |-
diff --git a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
index bc0cf1bb..552eb7d4 100644
--- a/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
+++ b/linux_os/guide/system/software/integrity/fips/sysctl_crypto_fips_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
 
 title: "Set kernel parameter 'crypto.fips_enabled' to 1"
 
@@ -32,7 +32,7 @@ references:
     nist: SC-12(2),SC-12(3),IA-7,SC-13,CM-6(a),SC-12
     srg: SRG-OS-000033-GPOS-00014,SRG-OS-000125-GPOS-00065,SRG-OS-000396-GPOS-00176,SRG-OS-000423-GPOS-00187,SRG-OS-000478-GPOS-00223
     stigid@ol8: OL08-00-010020
-    stigid@rhel8: RHEL-08-010020
+    stigid@almalinux8: RHEL-08-010020
     vmmsrg: SRG-OS-000120-VMM-000600,SRG-OS-000478-VMM-001980,SRG-OS-000396-VMM-001590
 
 ocil_clause: 'crypto.fips_enabled is not 1'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
index 7c25aebf..19796558 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 
 {{{ bash_package_install("aide") }}}
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
index 5f16a4f1..29b56ac4 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: debian10,debian11,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Build and Test AIDE Database'
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
index 6adeeb08..4c6d6ce7 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel
+# platform = multi_platform_sle,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
index 0726807a..d7aa732b 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_ol,multi_platform_rhel,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_ubuntu,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
index b75e3e35..a20491ff 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9,sle12,sle15,ubuntu2004
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9,sle12,sle15,ubuntu2004
 
 title: 'Configure AIDE to Verify the Audit Tools'
 
@@ -41,7 +41,7 @@ references:
     nist: AU-9(3),AU-9(3).1
     srg: SRG-OS-000278-GPOS-00108
     stigid@ol8: OL08-00-030650
-    stigid@rhel8: RHEL-08-030650
+    stigid@almalinux8: RHEL-08-030650
     stigid@sle12: SLES-12-010540
     stigid@sle15: SLES-15-030630
     stigid@ubuntu2004: UBTU-20-010205
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
index 756b88d8..000925aa 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 
 yum -y install aide
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
index f3a2a126..6d175e17 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/correct_with_selinux.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 yum -y install aide
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
index 4315cef2..00ce6b2e 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_check_audit_tools/tests/not_config.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 
 yum -y install aide
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
index 34799aa6..a2d72d1c 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_wrlinux,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_wrlinux,multi_platform_sle
 
 {{{ bash_package_install("aide") }}}
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
index 343cd9e4..0497dd6f 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004,wrlinux1019
 
 title: 'Configure Periodic Execution of AIDE'
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
index 5c11fc17..e4efb9ca 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_wrlinux,multi_platform_ol,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
index 9c69dd1e..74c47f19 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,wrlinux1019
 
 title: 'Configure Notification of Post-AIDE Scan Details'
 
@@ -48,7 +48,7 @@ references:
     stigid@ol7: OL07-00-020040
     stigid@ol8: OL08-00-010360
     stigid@rhel7: RHEL-07-020040
-    stigid@rhel8: RHEL-08-010360
+    stigid@almalinux8: RHEL-08-010360
     stigid@sle12: SLES-12-010510
 
 ocil_clause: 'AIDE has not been configured or has not been configured to notify personnel of scan details'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
index 34a11452..b22a658d 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_ol
+# platform = Red Hat Virtualization 4,multi_platform_fedora,multi_platform_rhel,multi_platform_almalinux,multi_platform_ol
 
 {{{ bash_package_install("aide") }}}
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
index 51d6752a..d53ad860 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Configure AIDE to Use FIPS 140-2 for Validating Hashes'
 
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
index 9f9f96e4..e654ec2e 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/tests/correct_value.pass.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 # packages = aide
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Virtualization 4,multi_platform_ol
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Virtualization 4,multi_platform_ol
 
 
 cat >/etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf </etc/aide.conf <> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
index a812074a..e66bdc71 100644
--- a/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudo_add_umask/tests/0027_var_multiple_values.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
 # variables = var_sudo_umask=0027
 
 echo "Defaults use_pty,umask=0027,noexec" >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
index b3f766f8..80c783ff 100644
--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Ensure a dedicated group owns sudo'
 
diff --git a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
index 1c87c96c..265432ee 100644
--- a/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudo_dedicated_group/tests/root_default.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel
+# platform = multi_platform_rhel,multi_platform_almalinux
 # remediation = none
 
 # Make sure sudo is owned by root group
diff --git a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
index 545dbcbf..490bed29 100644
--- a/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_remove_no_authenticate/rule.yml
@@ -38,7 +38,7 @@ references:
     stigid@ol7: OL07-00-010350
     stigid@ol8: OL08-00-010381
     stigid@rhel7: RHEL-07-010350
-    stigid@rhel8: RHEL-08-010381
+    stigid@almalinux8: RHEL-08-010381
     stigid@sle12: SLES-12-010110
     stigid@sle15: SLES-15-010450
     vsrg: SRG-OS-000373-VMM-001470,SRG-OS-000373-VMM-001480,SRG-OS-000373-VMM-001490
diff --git a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
index 9bd661c7..0c95067d 100644
--- a/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_remove_nopasswd/rule.yml
@@ -39,7 +39,7 @@ references:
     stigid@ol7: OL07-00-010340
     stigid@ol8: OL08-00-010380
     stigid@rhel7: RHEL-07-010340
-    stigid@rhel8: RHEL-08-010380
+    stigid@almalinux8: RHEL-08-010380
     stigid@sle12: SLES-12-010110
     stigid@sle15: SLES-15-010450
     vsrg: SRG-OS-000373-VMM-001470,SRG-OS-000373-VMM-001480,SRG-OS-000373-VMM-001490
diff --git a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
index eebb9667..5cf7e8f4 100644
--- a/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_require_reauthentication/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 title: 'The operating system must require Re-Authentication when using the sudo command.
  Ensure sudo timestamp_timeout is appropriate - sudo timestamp_timeout'
@@ -38,7 +38,7 @@ references:
     stigid@ol7: OL07-00-010343
     stigid@ol8: OL08-00-010384
     stigid@rhel7: RHEL-07-010343
-    stigid@rhel8: RHEL-08-010384
+    stigid@almalinux8: RHEL-08-010384
     stigid@sle12: SLES-12-010113
     stigid@sle15: SLES-15-020102
 
diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml
index 174da919..ee73e10e 100644
--- a/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_restrict_others_executable_permission/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8
+prodtype: rhel7,rhel8,almalinux8
 
 title: 'Ensure only owner and members of group owner of /usr/bin/sudo can execute it'
 
diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
index 57cb763d..37d96fa5 100644
--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
 
 title: 'The operating system must restrict privilege elevation to authorized personnel'
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 description: |-
     The sudo command allows a user to execute programs with elevated
@@ -34,7 +34,7 @@ references:
     stigid@ol7: OL07-00-010341
     stigid@ol8: OL08-00-010382
     stigid@rhel7: RHEL-07-010341
-    stigid@rhel8: RHEL-08-010382
+    stigid@almalinux8: RHEL-08-010382
     stigid@sle12: SLES-12-010111
     stigid@sle15: SLES-15-020101
 
diff --git a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
index a97bd3ef..bd782d8a 100644
--- a/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudoers_default_includedir/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel7,rhel8,rhel9
+prodtype: fedora,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Ensure sudo only includes the default configuration directory'
 
@@ -28,7 +28,7 @@ identifiers:
 references:
     disa: CCI-000366
     srg: SRG-OS-000480-GPOS-00227
-    stigid@rhel8: RHEL-08-010379
+    stigid@almalinux8: RHEL-08-010379
 
 ocil_clause: "the /etc/sudoers doesn't include /etc/sudores.d or includes other directories?"
 
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
index 698021d8..869af9ba 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
 
 title: 'Ensure invoking users password for privilege escalation when using sudo'
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,sle12,sle15
 
 description: |-
     The sudoers security policy requires that users authenticate themselves before they can use sudo.
@@ -33,7 +33,7 @@ references:
     stigid@ol7: OL07-00-010342
     stigid@ol8: OL08-00-010383
     stigid@rhel7: RHEL-07-010342
-    stigid@rhel8: RHEL-08-010383
+    stigid@almalinux8: RHEL-08-010383
     stigid@sle12: SLES-12-010112
     stigid@sle15: SLES-15-020103
 
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh
index a258d108..904d4adb 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_d_duplicate.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
 # packages = sudo
 
 echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
index 9706b8bd..c543b1b3 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
 # packages = sudo
 
 if [ $(sudo egrep -i '(!rootpw|!targetpw|!runaspw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
index 093f9dd8..0cd6dbf4 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd.pass.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
 # packages = sudo
 
 echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
index 6247b523..bd82dc53 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_passwd_duplicates.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
 # packages = sudo
 
 echo 'Defaults !targetpw' >> /etc/sudoers
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
index b12d1f88..eebf2cd7 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_rootpw.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
 # packages = sudo
 
 if [ $(sudo egrep -i '(!rootpw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
index 93b3dfeb..5b180d91 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_runaspw.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
 # packages = sudo
 
 if [ $(sudo egrep -i '(!runaspw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
index 103cb466..e23bcce4 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/tests/sudoers_validate_targetpw.fail.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,SUSE Linux Enterprise 15
+# platform = multi_platform_fedora,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,SUSE Linux Enterprise 15
 # packages = sudo
 
 if [ $(sudo egrep -i '(!targetpw)' /etc/sudoers /etc/sudoers.d/* | grep -v '#' | wc -l) -ne 0 ]
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
index 909924de..1e5f94f9 100644
--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-ccpp_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Uninstall abrt-addon-ccpp Package'
 
@@ -22,7 +22,7 @@ references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040001
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="abrt-addon-ccpp") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
index f74bfa3f..ad77aadf 100644
--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-kerneloops_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Uninstall abrt-addon-kerneloops Package'
 
@@ -22,7 +22,7 @@ references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040001
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="abrt-addon-kerneloops") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
index 3233cc50..62040ee9 100644
--- a/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-addon-python_removed/rule.yml
@@ -20,7 +20,7 @@ references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040001
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="abrt-addon-python") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
index 43f8d7fb..ab43bb7a 100644
--- a/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-cli_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Uninstall abrt-cli Package'
 
@@ -22,7 +22,7 @@ references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040001
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="abrt-cli") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml
index 30da7dca..15d81cfd 100644
--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-logger_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Uninstall abrt-plugin-logger Package'
 
@@ -22,7 +22,7 @@ references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040001
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="abrt-plugin-logger") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml
index 0ef883b1..2c988f19 100644
--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-rhtsupport_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Uninstall abrt-plugin-rhtsupport Package'
 
@@ -22,7 +22,7 @@ references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040001
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="abrt-plugin-rhtsupport") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
index 5d142cb3..20f8cfea 100644
--- a/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_abrt-plugin-sosreport_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Uninstall abrt-plugin-sosreport Package'
 
@@ -21,7 +21,7 @@ references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
     stigid@ol8: OL08-00-040001
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="abrt-plugin-sosreport") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml
index ec4f690a..c432c0cb 100644
--- a/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_binutils_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Install binutils Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml
index 8b657722..42471018 100644
--- a/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_dnf-plugin-subscription-manager_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel8
+prodtype: rhel8,almalinux8
 
 title: 'Install dnf-plugin-subscription-manager Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml
index e9863fa8..dbe2a912 100644
--- a/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_geolite2-city_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall geolite2-city Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml
index 1210a1e8..58d95cc6 100644
--- a/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_geolite2-country_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall geolite2-country Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
index d1a9c101..41250a96 100644
--- a/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_gssproxy_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall gssproxy Package'
 
@@ -21,7 +21,7 @@ references:
     disa: CCI-000381,CCI-000366
     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040370
-    stigid@rhel8: RHEL-08-040370
+    stigid@almalinux8: RHEL-08-040370
 
 {{{ complete_ocil_entry_package(package="gssproxy") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
index 80057708..d1285a9c 100644
--- a/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_iprutils_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall iprutils Package'
 
@@ -22,7 +22,7 @@ references:
     disa: CCI-000366
     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040380
-    stigid@rhel8: RHEL-08-040380
+    stigid@almalinux8: RHEL-08-040380
 
 {{{ complete_ocil_entry_package(package="iprutils") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
index 81347484..2306a7d7 100644
--- a/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_krb5-workstation_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall krb5-workstation Package'
 
@@ -25,7 +25,7 @@ references:
     disa: CCI-000803
     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000120-GPOS-00061
     stigid@ol8: OL08-00-010162
-    stigid@rhel8: RHEL-08-010162
+    stigid@almalinux8: RHEL-08-010162
 
 platforms:
 {{{ rule_notapplicable_when_ovirt_installed() | indent(4)}}}
diff --git a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml
index 6696d589..a0122c7c 100644
--- a/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_libcap-ng-utils_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Install libcap-ng-utils Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml
index c2c8a19a..28ab5955 100644
--- a/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_openscap-scanner_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Install openscap-scanner Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml
index 80a273bf..74169dbe 100644
--- a/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_pigz_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,almalinux8
 
 title: 'Uninstall pigz Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
index 2b34390f..b9e583ed 100644
--- a/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_python3-abrt-addon_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,rhel8
+prodtype: fedora,rhel8,almalinux8
 
 title: 'Uninstall python3-abrt-addon Package'
 
@@ -19,7 +19,7 @@ identifiers:
 references:
     disa: CCI-000381
     srg: SRG-OS-000095-GPOS-00049
-    stigid@rhel8: RHEL-08-040001
+    stigid@almalinux8: RHEL-08-040001
 
 {{{ complete_ocil_entry_package(package="python3-abrt-addon") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
index efb59165..ae4176f6 100644
--- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Install rear Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
index e0fd861e..12dc53fa 100644
--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Install rng-tools Package'
 
@@ -22,7 +22,7 @@ references:
     disa: CCI-000366
     srg: SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-010472
-    stigid@rhel8: RHEL-08-010472
+    stigid@almalinux8: RHEL-08-010472
 
 ocil_clause: 'the package is not installed'
 
diff --git a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml
index a7f9dfd8..d5d24a55 100644
--- a/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_scap-security-guide_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Install scap-security-guide Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
index 32e5ce9a..fd1fd250 100644
--- a/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_subscription-manager_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: rhel7,rhel8,rhel9,rhv4
+prodtype: rhel7,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Install subscription-manager Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml
index e5b9a440..e3c2435f 100644
--- a/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_tar_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Install tar Package'
 
diff --git a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
index a30fa893..c083f1ff 100644
--- a/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_tuned_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall tuned Package'
 
@@ -24,7 +24,7 @@ references:
     disa: CCI-000366
     srg: SRG-OS-000095-GPOS-00049,SRG-OS-000480-GPOS-00227
     stigid@ol8: OL08-00-040390
-    stigid@rhel8: RHEL-08-040390
+    stigid@almalinux8: RHEL-08-040390
 
 {{{ complete_ocil_entry_package(package="tuned") }}}
 
diff --git a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml
index 0eb7a8dd..34344f55 100644
--- a/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_vim_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhv4
 
 title: 'Install vim Package'
 
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
index 051e89da..895effa2 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
index 41fcf825..db90731d 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 
 if grep --silent ^clean_requirements_on_remove /etc/yum.conf ; then
         sed -i "s/^clean_requirements_on_remove.*/clean_requirements_on_remove=1/g" /etc/yum.conf
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
index 7a906355..1a73068e 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu2004
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu2004
 
 title: 'Ensure {{{ pkg_manager }}} Removes Previous Package Versions'
 
@@ -47,7 +47,7 @@ references:
     stigid@ol7: OL07-00-020200
     stigid@ol8: OL08-00-010440
     stigid@rhel7: RHEL-07-020200
-    stigid@rhel8: RHEL-08-010440
+    stigid@almalinux8: RHEL-08-010440
     stigid@sle12: SLES-12-010570
     stigid@sle15: SLES-15-010560
     stigid@ubuntu2004: UBTU-20-010449
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
index 779189d9..209aee84 100644
--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
index 5467302f..b55188aa 100644
--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: Configure dnf-automatic to Install Available Updates Automatically
 
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
index ecf8379a..dab9e3f4 100644
--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Oracle Linux 8
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Oracle Linux 8
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml
index 351c9d43..6797fd60 100644
--- a/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_security_updates_only/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: Configure dnf-automatic to Install Only Security Updates
 
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
new file mode 100644
index 00000000..7912da04
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/ansible/shared.yml
@@ -0,0 +1,39 @@
+# platform=multi_platform_almalinux
+# reboot = false
+# strategy = restrict
+# complexity = medium
+# disruption = medium
+- name: "Read permission of GPG key directory"
+  stat:
+    path: /etc/pki/rpm-gpg/
+  register: gpg_key_directory_permission
+  check_mode: no
+
+# It should fail if it doesn't find any fingerprints in file - maybe file was not parsed well.
+
+- name: Read signatures in GPG key
+  # According to /usr/share/doc/gnupg2/DETAILS fingerprints are in "fpr" record in field 10
+  command: gpg --show-keys --with-fingerprint --with-colons "/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
+  args:
+    warn: False
+  changed_when: False
+  register: gpg_fingerprints
+  check_mode: no
+
+- name: Set Fact - Installed GPG Fingerprints
+  set_fact:
+    gpg_installed_fingerprints: "{{ gpg_fingerprints.stdout | regex_findall('^pub.*\n(?:^fpr[:]*)([0-9A-Fa-f]*)', '\\1') | list }}"
+
+- name: Set Fact - Valid fingerprints
+  set_fact:
+    gpg_valid_fingerprints: ("{{{ release_key_fingerprint }}}" "{{{ auxiliary_key_fingerprint }}}")
+
+- name: Import AlmaLinux GPG key
+  rpm_key:
+    state: present
+    key: /etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux
+  when:
+   - gpg_key_directory_permission.stat.mode <= '0755'
+   - (gpg_installed_fingerprints | difference(gpg_valid_fingerprints)) | length == 0
+   - gpg_installed_fingerprints | length > 0
+   - ansible_distribution == "AlmaLinux"
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
new file mode 100644
index 00000000..dee95716
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/bash/shared.sh
@@ -0,0 +1,26 @@
+# platform = multi_platform_almalinux
+readonly ALMALINUX_FINGERPRINT="5E9B8F5617B5066CE92057C3488FCF7C3ABB34F8"
+
+# Location of the key we would like to import (once it's integrity verified)
+readonly ALMALINUX_RELEASE_KEY="/etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux"
+
+RPM_GPG_DIR_PERMS=$(stat -c %a "$(dirname "$ALMALINUX_RELEASE_KEY")")
+
+# Verify /etc/pki/rpm-gpg directory permissions are safe
+if [ "${RPM_GPG_DIR_PERMS}" -le "755" ]
+then
+  # If they are safe, try to obtain fingerprints from the key file
+  # (to ensure there won't be e.g. CRC error)
+  readarray -t GPG_OUT < <(gpg --with-fingerprint --with-colons "$ALMALINUX_RELEASE_KEY" | grep "^fpr" | cut -d ":" -f 10)
+  GPG_RESULT=$?
+  # No CRC error, safe to proceed
+  if [ "${GPG_RESULT}" -eq "0" ]
+  then
+    # Filter just hexadecimal fingerprints from gpg's output from
+    # processing of a key file
+    echo "${GPG_OUT[*]}" | grep -vE "${ALMALINUX_FINGERPRINT}" || {
+      # If $ ALMALINUX_RELEASE_KEY file doesn't contain any keys with unknown fingerprint, import it
+      rpm --import "${ALMALINUX_RELEASE_KEY}"
+    }
+  fi
+fi
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
new file mode 100644
index 00000000..fb92fdb8
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/oval/shared.xml
@@ -0,0 +1,42 @@
+
+  
+    
+      AlmaLinux gpg-pubkey Package Installed
+      
+        multi_platform_almalinux
+      
+      The AlmaLinux key packages are required to be installed.
+    
+    
+      
+        
+          
+        
+        
+            
+
+        
+      
+    
+  
+
+  
+  
+    gpg-pubkey
+  
+
+  
+  
+    
+    
+  
+
+  
+    {{{ pkg_release }}}
+    {{{ pkg_version }}}
+  
+
+
diff --git a/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
new file mode 100644
index 00000000..3e4fe227
--- /dev/null
+++ b/linux_os/guide/system/software/updating/ensure_almalinux_gpgkey_installed/rule.yml
@@ -0,0 +1,46 @@
+documentation_complete: true
+
+prodtype: almalinux8
+
+title: 'Ensure AlmaLinux GPG Key Installed'
+
+description: |-
+    To ensure the system can cryptographically verify base software
+    packages come from AlmaLinux, the AlmaLinux GPG key must properly be installed.
+    To install the AlmaLinux GPG key, run:
+    
    $ sudo rpm --import https://repo.almalinux.org/almalinux/RPM-GPG-KEY-AlmaLinux
    
+    If the system is not connected to the Internet,
+    then install the AlmaLinux GPG key from trusted media such as
+    the AlmaLinux installation CD-ROM or DVD. Assuming the disc is mounted
+    in /media/cdrom, use the following command as the root user to import
+    it into the keyring:
+    
    $ sudo rpm --import /media/cdrom/RPM-GPG-KEY
    
+
+rationale: |-
+    Changes to software components can have significant effects on the
+    overall security of the operating system. This requirement ensures
+    the software has not been tampered with and that it has been provided
+    by a trusted vendor. The AlmaLinux GPG key is necessary to
+    cryptographically verify packages are from AlmaLinux.
+
+severity: high
+
+references:
+    cis: 1.2.2
+    disa: CCI-001749
+    nist: CM-5(3),SI-7,SC-12,SC-12(3),CM-6(a),CM-11(a),CM-11(b)
+    nist-csf: PR.DS-6,PR.DS-8,PR.IP-1
+    pcidss: Req-6.2
+    isa-62443-2013: 'SR 3.1,SR 3.3,SR 3.4,SR 3.8,SR 7.6'
+    isa-62443-2009: 4.3.4.3.2,4.3.4.3.3,4.3.4.4.4
+    cobit5: APO01.06,BAI03.05,BAI06.01,BAI10.01,BAI10.02,BAI10.03,BAI10.05,DSS06.02
+    iso27001-2013: A.11.2.4,A.12.1.2,A.12.2.1,A.12.5.1,A.12.6.2,A.14.1.2,A.14.1.3,A.14.2.2,A.14.2.3,A.14.2.4
+    cis-csc: 11,2,3,9
+
+ocil_clause: 'the AlmaLinux GPG Key is not installed'
+
+ocil: |-
+    To ensure that the GPG key is installed, run:
+    
    $ rpm -q --queryformat "%{SUMMARY}\n" gpg-pubkey
    
+    The command should return the string below:
+    
    gpg(AlmaLinux <packager@almalinux.org>
    
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
index 2bf91c8c..b5f52073 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/bash/shared.sh
@@ -1,3 +1,3 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
 
 {{{ bash_replace_or_append( pkg_manager_config_file , '^gpgcheck', '1') }}}
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
index edb7748b..c0481718 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_globally_activated/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
 
 title: 'Ensure gpgcheck Enabled In Main {{{ pkg_manager }}} Configuration'
 
@@ -60,7 +60,7 @@ references:
     stigid@ol7: OL07-00-020050
     stigid@ol8: OL08-00-010370
     stigid@rhel7: RHEL-07-020050
-    stigid@rhel8: RHEL-08-010370
+    stigid@almalinux8: RHEL-08-010370
     stigid@sle12: SLES-12-010550
     stigid@sle15: SLES-15-010430
     vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml
index 3cab4a16..e3cabb82 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = unknown
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
index 67da27c0..96a9e11d 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_local_packages/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,wrlinux1019
 
 title: 'Ensure gpgcheck Enabled for Local Packages'
 
@@ -41,7 +41,7 @@ references:
     stigid@ol7: OL07-00-020060
     stigid@ol8: OL08-00-010371
     stigid@rhel7: RHEL-07-020060
-    stigid@rhel8: RHEL-08-010371
+    stigid@almalinux8: RHEL-08-010371
     vmmsrg: SRG-OS-000366-VMM-001430,SRG-OS-000370-VMM-001460,SRG-OS-000404-VMM-001650
 
 ocil_clause: 'gpgcheck is not enabled or configured correctly to verify local packages'
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
index c658f901..939ce9c2 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv,multi_platform_sle
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
index a9b33d87..b1c33b4b 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/bash/shared.sh
@@ -1,2 +1,2 @@
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
 sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
index 2c5501c7..c07a6357 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15
 
 title: 'Ensure gpgcheck Enabled for All {{{ pkg_manager }}} Package Repositories'
 
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
index 37e47e4d..a852e856 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_disabled.fail.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
 
 sed -i 's/gpgcheck\s*=.*/gpgcheck=0/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
index 04ff6e57..b97d7546 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_never_disabled/tests/gpgcheck_enabled.pass.sh
@@ -1,4 +1,4 @@
 #!/bin/bash
-# platform = multi_platform_rhel,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_ol,multi_platform_fedora,multi_platform_rhv
 
 sed -i 's/gpgcheck\s*=.*/gpgcheck=1/g' /etc/yum.repos.d/*
diff --git a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
index be2c7aa1..40ff5875 100644
--- a/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_gpgcheck_repo_metadata/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,almalinux8
 
 title: 'Ensure gpgcheck Enabled for Repository Metadata'
 
diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
index dd52ba7e..18365b4b 100644
--- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: 'Install dnf-automatic Package'
 
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
index fd844d2a..2932351f 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_sle
+# platform = Red Hat Virtualization 4,multi_platform_ol,multi_platform_rhel,multi_platform_almalinux,multi_platform_sle
 # reboot = true
 # strategy = patch
 # complexity = low
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
index 9e67a875..d73ecd56 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804
 
 title: 'Ensure Software Patches Installed'
 
@@ -17,6 +17,11 @@ description: |-
     
    $ sudo yum update
    
     If the system is not configured to use one of these sources, updates (in the form of RPM packages)
     can be manually downloaded from the ULN and installed using rpm.
+{{% elif product in ["almalinux8"] %}}
+    Run the following command to install updates:
+    
    $ sudo yum update
    
+    If the system is not configured to use repos, updates (in the form of RPM packages)
+    can be manually downloaded from the repos and installed using rpm.
 {{% elif product in ["sle12", "sle15"] %}}
     If the system is configured for online updates, invoking the following command will list available
     security updates:
@@ -63,7 +68,7 @@ references:
     stigid@ol7: OL07-00-020260
     stigid@ol8: OL08-00-010010
     stigid@rhel7: RHEL-07-020260
-    stigid@rhel8: RHEL-08-010010
+    stigid@almalinux8: RHEL-08-010010
     stigid@sle12: SLES-12-010010
     stigid@sle15: SLES-15-010010
     vmmsrg: SRG-OS-000480-VMM-002000
diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
index f0ae5076..8936b05c 100644
--- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
+++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhel8,rhel9
+prodtype: fedora,ol8,rhel8,almalinux8,rhel9
 
 title: Enable dnf-automatic Timer
 
diff --git a/products/almalinux8/CMakeLists.txt b/products/almalinux8/CMakeLists.txt
new file mode 100644
index 00000000..6f48e657
--- /dev/null
+++ b/products/almalinux8/CMakeLists.txt
@@ -0,0 +1,29 @@
+# Sometimes our users will try to do: "cd almalinux8; cmake ." That needs to error in a nice way.
+if ("${CMAKE_SOURCE_DIR}" STREQUAL "${CMAKE_CURRENT_SOURCE_DIR}")
+    message(FATAL_ERROR "cmake has to be used on the root CMakeLists.txt, see the Building ComplianceAsCode section in the Developer Guide!")
+endif()
+
+set(PRODUCT "almalinux8")
+set(DISA_SRG_TYPE "os")
+
+ssg_build_product(${PRODUCT})
+
+ssg_build_html_ref_tables("${PRODUCT}" "table-${PRODUCT}-{ref_id}refs" "anssi;cis;cui;nist;pcidss")
+
+ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-ospp" "${PRODUCT}" "ospp" "nist")
+ssg_build_html_profile_table("table-${PRODUCT}-nistrefs-stig" "${PRODUCT}" "stig" "nist")
+
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_minimal" "${PRODUCT}" "anssi_bp28_minimal" "anssi")
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_enhanced" "${PRODUCT}" "anssi_bp28_enhanced" "anssi")
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_intermediary" "${PRODUCT}" "anssi_bp28_intermediary" "anssi")
+ssg_build_html_profile_table("table-${PRODUCT}-anssirefs-bp28_high" "${PRODUCT}" "anssi_bp28_high" "anssi")
+
+ssg_build_html_cce_table(${PRODUCT})
+
+ssg_build_html_srgmap_tables(${PRODUCT} "stig" ${DISA_SRG_TYPE})
+
+ssg_build_html_stig_tables(${PRODUCT})
+ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig")
+ssg_build_html_stig_tables_per_profile( ${PRODUCT} "stig_gui")
+
+#ssg_build_html_stig_tables(${PRODUCT} "ospp")
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
new file mode 100644
index 00000000..995a0d8e
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_enhanced-ks.cfg
@@ -0,0 +1,169 @@
+# SCAP Security Guide ANSSI BP-028 (enhanced) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-01-28
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
+# Ensure /usr Located On Separate Partition
+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev"
+# Ensure /opt Located On Separate Partition
+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
+# Ensure /srv Located On Separate Partition
+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media:
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_enhanced
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
new file mode 100644
index 00000000..603835c3
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_high-ks.cfg
@@ -0,0 +1,173 @@
+# SCAP Security Guide ANSSI BP-028 (high) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2020-12-10
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
+# Ensure /usr Located On Separate Partition
+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev"
+# Ensure /opt Located On Separate Partition
+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
+# Ensure /srv Located On Separate Partition
+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_high
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
new file mode 100644
index 00000000..16b3faa0
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_intermediary-ks.cfg
@@ -0,0 +1,169 @@
+# SCAP Security Guide ANSSI BP-028 (intermediary) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-01-28
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=3192 --grow
+# Ensure /usr Located On Separate Partition
+logvol /usr --fstype=xfs --name=LogVol08 --vgname=VolGroup --size=6536 --fsoptions="nodev"
+# Ensure /opt Located On Separate Partition
+logvol /opt --fstype=xfs --name=LogVol09 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
+# Ensure /srv Located On Separate Partition
+logvol /srv --fstype=xfs --name=LogVol10 --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid"
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=512 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_intermediary
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
new file mode 100644
index 00000000..ba9b2eb4
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-anssi_bp28_minimal-ks.cfg
@@ -0,0 +1,133 @@
+# SCAP Security Guide ANSSI BP-028 (minimal) profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-01-28
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_anssi_bp28_minimal
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
new file mode 100644
index 00000000..b5d9a693
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis-ks.cfg
@@ -0,0 +1,143 @@
+# SCAP Security Guide CIS profile (Level 2 - Server) kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_cis
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
new file mode 100644
index 00000000..55e94b1c
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_server_l1-ks.cfg
@@ -0,0 +1,133 @@
+# SCAP Security Guide CIS profile (Level 1 - Server) kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_cis_server_l1
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
new file mode 100644
index 00000000..c4a9001f
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l1-ks.cfg
@@ -0,0 +1,133 @@
+# SCAP Security Guide CIS profile (Level 1 - Workstation) kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=16896 --grow
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_cis_workstation_l1
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
new file mode 100644
index 00000000..1b766f5e
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cis_workstation_l2-ks.cfg
@@ -0,0 +1,143 @@
+# SCAP Security Guide CIS profile (Level 2 - Workstation) kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-08-12
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+#
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=LogVol7 --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512
+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
+
+
+# Harden installation with CIS profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_cis_workstation_l2
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
new file mode 100644
index 00000000..0255ad13
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-cui-ks.cfg
@@ -0,0 +1,164 @@
+# SCAP Security Guide CUI profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_cui
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
new file mode 100644
index 00000000..410bb4ab
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-e8-ks.cfg
@@ -0,0 +1,122 @@
+# SCAP Security Guide Essential Eight profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2019-11-13
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# Harden installation with Essential Eight profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_e8
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
new file mode 100644
index 00000000..90ba7a55
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-hipaa-ks.cfg
@@ -0,0 +1,122 @@
+# SCAP Security Guide HIPAA profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2020-05-25
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+bootloader --location=mbr --append="crashkernel=auto rhgb quiet" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# Harden installation with HIPAA profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_hipaa
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
new file mode 100644
index 00000000..2dc58251
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-ism_o-ks.cfg
@@ -0,0 +1,116 @@
+# SCAP Security Guide ISM Official profile kickstart for AlmaLinux 8
+# Version: 0.0.1
+# Date: 2021-08-16
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#performing_an_automated_installation_using_kickstart
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+#
+network --onboot yes --device eth0 --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g. https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw to see how to create
+# encrypted password form for different plaintext password
+rootpw --iscrypted $6$/0RYeeRdK70ynvYz$jH2ZN/80HM6DjndHMxfUF9KIibwipitvizzXDH1zW.fTjyD3RD3tkNdNUaND18B/XqfAUW3vy1uebkBybCuIm0
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+bootloader --location=mbr --append="crashkernel=auto rhgb quiet"
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+autopart
+
+# Harden installation with Essential Eight profile
+# For more details and configuration options see
+# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/performing_an_advanced_rhel_installation/index#addon-org_fedora_oscap_kickstart-commands-for-addons-supplied-with-the-rhel-installation-program
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_ism_o
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
new file mode 100644
index 00000000..d36a3a9d
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-ospp-ks.cfg
@@ -0,0 +1,164 @@
+# SCAP Security Guide OSPP profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=512 --fsoptions="nodev,nosuid,noexec"
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_ospp
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
new file mode 100644
index 00000000..219ee0fc
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-pci-dss-ks.cfg
@@ -0,0 +1,154 @@
+# SCAP Security Guide PCI-DSS profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url	        the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+network --onboot yes --bootproto dhcp --noipv6
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+#
+# PASSWORD TEMPORARILY DISABLED
+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none"
+#bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=LogVol06 --vgname=VolGroup --size=11264 --grow
+# CCE-26557-9: Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=LogVol02 --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# CCE-26435-8: Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=LogVol01 --vgname=VolGroup --size=1024 --fsoptions="nodev,noexec,nosuid"
+# CCE-26639-5: Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=LogVol03 --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# CCE-26215-4: Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=LogVol04 --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# CCE-26436-6: Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=LogVol05 --vgname=VolGroup --size=512 --fsoptions="nodev"
+logvol swap --name=lv_swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+        content-type = scap-security-guide
+        profile = xccdf_org.ssgproject.content_profile_pci-dss
+%end
+
+# Packages selection (%packages section is required)
+%packages
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
new file mode 100644
index 00000000..866e49af
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-stig-ks.cfg
@@ -0,0 +1,165 @@
+# SCAP Security Guide STIG profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_stig
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
new file mode 100644
index 00000000..699b5018
--- /dev/null
+++ b/products/almalinux8/kickstart/ssg-almalinux8-stig_gui-ks.cfg
@@ -0,0 +1,165 @@
+# SCAP Security Guide STIG with GUI profile kickstart for AlmaLinux 8
+#
+# Based on:
+# https://pykickstart.readthedocs.io/en/latest/
+# http://usgcb.nist.gov/usgcb/content/configuration/workstation-ks.cfg
+
+# Specify installation method to use for installation
+# To use a different one comment out the 'url' one below, update
+# the selected choice with proper options & un-comment it
+#
+# Install from an installation tree on a remote server via FTP or HTTP:
+# --url		the URL to install from
+#
+# Example:
+#
+# url --url=http://192.168.122.1/image
+#
+# Modify concrete URL in the above example appropriately to reflect the actual
+# environment machine is to be installed in
+#
+# Other possible / supported installation methods:
+# * install from the first CD-ROM/DVD drive on the system:
+#
+# cdrom
+#
+# * install from a directory of ISO images on a local drive:
+#
+# harddrive --partition=hdb2 --dir=/tmp/install-tree
+#
+# * install from provided NFS server:
+#
+# nfs --server= --dir= [--opts=]
+#
+# Set language to use during installation and the default language to use on the installed system (required)
+lang en_US.UTF-8
+
+# Set system keyboard type / layout (required)
+keyboard us
+
+# Configure network information for target system and activate network devices in the installer environment (optional)
+# --onboot	enable device at a boot time
+# --device	device to be activated and / or configured with the network command
+# --bootproto	method to obtain networking configuration for device (default dhcp)
+# --noipv6	disable IPv6 on this device
+#
+# NOTE: Usage of DHCP will fail CCE-27021-5 (DISA FSO RHEL-06-000292). To use static IP configuration,
+#       "--bootproto=static" must be used. For example:
+# network --bootproto=static --ip=10.0.2.15 --netmask=255.255.255.0 --gateway=10.0.2.254 --nameserver 192.168.2.1,192.168.3.1
+#
+network --onboot yes --bootproto dhcp
+
+# Set the system's root password (required)
+# Plaintext password is: server
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+rootpw --iscrypted $6$0WWGZ1e6icT$1KiHZK.Nzp3HQerfiy8Ic3pOeCWeIzA.zkQ7mkvYT3bNC5UeGK2ceE5b6TkSg4D/kiSudkT04QlSKknsrNE220
+
+# The selected profile will restrict root login
+# Add a user that can login and escalate privileges
+# Plaintext password is: admin123
+user --name=admin --groups=wheel --password=$6$Ga6ZnIlytrWpuCzO$q0LqT1USHpahzUafQM9jyHCY9BiE5/ahXLNWUMiVQnFGblu0WWGZ1e6icTaCGO4GNgZNtspp1Let/qpM7FMVB0 --iscrypted
+
+# Configure firewall settings for the system (optional)
+# --enabled	reject incoming connections that are not in response to outbound requests
+# --ssh		allow sshd service through the firewall
+firewall --enabled --ssh
+
+# Set up the authentication options for the system (required)
+# sssd profile sets sha512 to hash passwords
+# passwords are shadowed by default
+# See the manual page for authselect-profile for a complete list of possible options.
+authselect select sssd
+
+# State of SELinux on the installed system (optional)
+# Defaults to enforcing
+selinux --enforcing
+
+# Set the system time zone (required)
+timezone --utc America/New_York
+
+# Specify how the bootloader should be installed (required)
+# Plaintext password is: password
+# Refer to e.g.
+#   https://pykickstart.readthedocs.io/en/latest/commands.html#rootpw
+# to see how to create encrypted password form for different plaintext password
+bootloader --location=mbr --append="audit=1 audit_backlog_limit=8192 slub_debug=P page_poison=1 vsyscall=none" --password=$6$zCPaBARiNlBYUAS7$40phthWpqvaPVz3QUeIK6n5qoazJDJD5Nlc9OKy5SyYoX9Rt4jFaLjzqJCwpgR4RVAEFSADsqQot0WKs5qNto0
+
+# Initialize (format) all disks (optional)
+zerombr
+
+# The following partition layout scheme assumes disk of size 20GB or larger
+# Modify size of partitions appropriately to reflect actual machine's hardware
+# 
+# Remove Linux partitions from the system prior to creating new ones (optional)
+# --linux	erase all Linux partitions
+# --initlabel	initialize the disk label to the default based on the underlying architecture
+clearpart --linux --initlabel
+
+# Create primary system partitions (required for installs)
+part /boot --fstype=xfs --size=512 --fsoptions="nodev,nosuid,noexec"
+part pv.01 --grow --size=1
+
+# Create a Logical Volume Management (LVM) group (optional)
+volgroup VolGroup --pesize=4096 pv.01
+
+# Create particular logical volumes (optional)
+logvol / --fstype=xfs --name=root --vgname=VolGroup --size=10240 --grow
+# Ensure /home Located On Separate Partition
+logvol /home --fstype=xfs --name=home --vgname=VolGroup --size=1024 --fsoptions="nodev"
+# Ensure /tmp Located On Separate Partition
+logvol /tmp --fstype=xfs --name=tmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/tmp Located On Separate Partition
+logvol /var/tmp --fstype=xfs --name=vartmp --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var Located On Separate Partition
+logvol /var --fstype=xfs --name=var --vgname=VolGroup --size=3072 --fsoptions="nodev"
+# Ensure /var/log Located On Separate Partition
+logvol /var/log --fstype=xfs --name=log --vgname=VolGroup --size=1024 --fsoptions="nodev,nosuid,noexec"
+# Ensure /var/log/audit Located On Separate Partition
+logvol /var/log/audit --fstype=xfs --name=audit --vgname=VolGroup --size=10240 --fsoptions="nodev,nosuid,noexec"
+logvol swap --name=swap --vgname=VolGroup --size=2016
+
+# The OpenSCAP installer add-on is used to apply SCAP (Security Content Automation Protocol)
+# content - security policies - on the installed system.This add-on has been enabled by default
+# since Red Hat Enterprise Linux 7.2. When enabled, the packages necessary to provide this 
+# functionality will automatically be installed. However, by default, no policies are enforced,
+# meaning that no checks are performed during or after installation unless specifically configured.
+#  
+#  Important
+#   Applying a security policy is not necessary on all systems. This screen should only be used
+#   when a specific policy is mandated by your organization rules or government regulations.
+#   Unlike most other commands, this add-on does not accept regular options, but uses key-value
+#   pairs in the body of the %addon definition instead. These pairs are whitespace-agnostic.
+#   Values can be optionally enclosed in single quotes (') or double quotes (").
+#   
+#  The following keys are recognized by the add-on:
+#    content-type - Type of the security content. Possible values are datastream, archive, rpm, and scap-security-guide.
+#      - If the content-type is scap-security-guide, the add-on will use content provided by the
+#        scap-security-guide package, which is present on the boot media. This means that all other keys except profile will have no effect.
+#    content-url - Location of the security content. The content must be accessible using HTTP, HTTPS, or FTP; local storage is currently not supported. A network connection must be available to reach content definitions in a remote location.
+#    datastream-id - ID of the data stream referenced in the content-url value. Used only if content-type is datastream.
+#    xccdf-id - ID of the benchmark you want to use.
+#    xccdf-path - Path to the XCCDF file which should be used; given as a relative path in the archive.
+#    profile - ID of the profile to be applied. Use default to apply the default profile.
+#    fingerprint - A MD5, SHA1 or SHA2 checksum of the content referenced by content-url.
+#    tailoring-path - Path to a tailoring file which should be used, given as a relative path in the archive.
+#
+#  The following is an example %addon org_fedora_oscap section which uses content from the
+#  scap-security-guide on the installation media: 
+%addon org_fedora_oscap
+	content-type = scap-security-guide
+	profile = xccdf_org.ssgproject.content_profile_stig_gui
+%end
+
+# Packages selection (%packages section is required)
+%packages
+
+# Require @Base
+@Base
+
+%end # End of %packages section
+
+# Reboot after the installation is complete (optional)
+# --eject	attempt to eject CD or DVD media before rebooting
+reboot --eject
diff --git a/products/almalinux8/overlays/srg_support.xml b/products/almalinux8/overlays/srg_support.xml
new file mode 100644
index 00000000..153b22a8
--- /dev/null
+++ b/products/almalinux8/overlays/srg_support.xml
@@ -0,0 +1,173 @@
+
diff --git a/products/almalinux8/product.yml b/products/almalinux8/product.yml
new file mode 100644
index 00000000..a3b26ef7
--- /dev/null
+++ b/products/almalinux8/product.yml
@@ -0,0 +1,34 @@
+product: almalinux8
+full_name: AlmaLinux 8
+type: platform
+
+benchmark_id: ALMALINUX-8
+benchmark_root: "../../linux_os/guide"
+
+profiles_root: "./profiles"
+
+pkg_manager: "yum"
+
+init_system: "systemd"
+
+pkg_release: "5ffd890e"
+pkg_version: "3abb34f8"
+
+oval_feed_url: "https://security.almalinux.org/oval/org.almalinux.alsa-8.xml"
+
+grub2_boot_path: "/boot/grub2"
+grub2_uefi_boot_path: "/boot/efi/EFI/almalinux"
+
+cpes_root: "../../shared/applicability"
+cpes:
+  - almalinux8:
+      name: "cpe:/o:almalinux:almalinux:8"
+      title: "AlmaLinux 8"
+      check_id: installed_OS_is_almalinux8
+
+# Mapping of CPE platform to package
+platform_package_overrides:
+  login_defs: "shadow-utils"
+
+reference_uris:
+  cis: 'https://www.cisecurity.org/benchmark/almalinuxos_linux/'
diff --git a/products/almalinux8/profiles/anssi_bp28_enhanced.profile b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
new file mode 100644
index 00000000..8f2ee314
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_enhanced.profile
@@ -0,0 +1,19 @@
+documentation_complete: true
+
+metadata:
+    SMEs:
+        - yuumasato
+
+title: 'ANSSI-BP-028 (enhanced)'
+
+description: |-
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the enhanced hardening level.
+
+    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
+selections:
+    - anssi:all:enhanced
diff --git a/products/almalinux8/profiles/anssi_bp28_high.profile b/products/almalinux8/profiles/anssi_bp28_high.profile
new file mode 100644
index 00000000..0cd4b67f
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_high.profile
@@ -0,0 +1,19 @@
+documentation_complete: true
+
+metadata:
+    SMEs:
+        - yuumasato
+
+title: 'ANSSI-BP-028 (high)'
+
+description: |-
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the high hardening level.
+
+    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
+selections:
+    - anssi:all:high
diff --git a/products/almalinux8/profiles/anssi_bp28_intermediary.profile b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
new file mode 100644
index 00000000..9c9e4cc6
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_intermediary.profile
@@ -0,0 +1,19 @@
+documentation_complete: true
+
+metadata:
+    SMEs:
+        - yuumasato
+
+title: 'ANSSI-BP-028 (intermediary)'
+
+description: |-
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the intermediary hardening level.
+
+    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
+selections:
+  - anssi:all:intermediary
diff --git a/products/almalinux8/profiles/anssi_bp28_minimal.profile b/products/almalinux8/profiles/anssi_bp28_minimal.profile
new file mode 100644
index 00000000..19a95efb
--- /dev/null
+++ b/products/almalinux8/profiles/anssi_bp28_minimal.profile
@@ -0,0 +1,20 @@
+documentation_complete: true
+
+metadata:
+    SMEs:
+        - yuumasato
+
+title: 'ANSSI-BP-028 (minimal)'
+
+description: |-
+    This profile contains configurations that align to ANSSI-BP-028 v1.2 at the minimal hardening level.
+
+    ANSSI is the French National Information Security Agency, and stands for Agence nationale de la sécurité des systèmes d'information.
+    ANSSI-BP-028 is a configuration recommendation for GNU/Linux systems.
+
+    A copy of the ANSSI-BP-028 can be found at the ANSSI website:
+    https://www.ssi.gouv.fr/administration/guide/recommandations-de-securite-relatives-a-un-systeme-gnulinux/
+
+selections:
+  - anssi:all:minimal
+
diff --git a/products/almalinux8/profiles/cis.profile b/products/almalinux8/profiles/cis.profile
new file mode 100644
index 00000000..8a76db5d
--- /dev/null
+++ b/products/almalinux8/profiles/cis.profile
@@ -0,0 +1,22 @@
+documentation_complete: true
+
+metadata:
+    version: 1.0.1
+    SMEs:
+        - vojtapolasek
+        - yuumasato
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Server'
+
+description: |-
+    This profile defines a baseline that aligns to the "Level 2 - Server"
+    configuration from the Center for Internet Security®
+    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
+
+    This profile includes Center for Internet Security®
+    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
+
+selections:
+    - cis_rhel8:all:l2_server
diff --git a/products/almalinux8/profiles/cis_server_l1.profile b/products/almalinux8/profiles/cis_server_l1.profile
new file mode 100644
index 00000000..2da081cd
--- /dev/null
+++ b/products/almalinux8/profiles/cis_server_l1.profile
@@ -0,0 +1,22 @@
+documentation_complete: true
+
+metadata:
+    version: 1.0.1
+    SMEs:
+        - vojtapolasek
+        - yuumasato
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Server'
+
+description: |-
+    This profile defines a baseline that aligns to the "Level 1 - Server"
+    configuration from the Center for Internet Security®
+    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
+
+    This profile includes Center for Internet Security®
+    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
+
+selections:
+    - cis_rhel8:all:l1_server
diff --git a/products/almalinux8/profiles/cis_workstation_l1.profile b/products/almalinux8/profiles/cis_workstation_l1.profile
new file mode 100644
index 00000000..2ee3bf7c
--- /dev/null
+++ b/products/almalinux8/profiles/cis_workstation_l1.profile
@@ -0,0 +1,22 @@
+documentation_complete: true
+
+metadata:
+    version: 1.0.1
+    SMEs:
+        - vojtapolasek
+        - yuumasato
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 1 - Workstation'
+
+description: |-
+    This profile defines a baseline that aligns to the "Level 1 - Workstation"
+    configuration from the Center for Internet Security®
+    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
+
+    This profile includes Center for Internet Security®
+    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
+
+selections:
+    - cis_rhel8:all:l1_workstation
diff --git a/products/almalinux8/profiles/cis_workstation_l2.profile b/products/almalinux8/profiles/cis_workstation_l2.profile
new file mode 100644
index 00000000..8af16bfe
--- /dev/null
+++ b/products/almalinux8/profiles/cis_workstation_l2.profile
@@ -0,0 +1,22 @@
+documentation_complete: true
+
+metadata:
+    version: 1.0.1
+    SMEs:
+        - vojtapolasek
+        - yuumasato
+
+reference: https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
+title: 'CIS AlmaLinux OS 8 Benchmark for Level 2 - Workstation'
+
+description: |-
+    This profile defines a baseline that aligns to the "Level 2 - Workstation"
+    configuration from the Center for Internet Security®
+    AlmaLinux OS 8 Benchmarkâ„¢, v1.0.0, released 10-22-2021.
+
+    This profile includes Center for Internet Security®
+    AlmaLinux OS 8 CIS Benchmarksâ„¢ content.
+
+selections:
+    - cis_rhel8:all:l2_workstation
diff --git a/products/almalinux8/profiles/cjis.profile b/products/almalinux8/profiles/cjis.profile
new file mode 100644
index 00000000..f3f28bda
--- /dev/null
+++ b/products/almalinux8/profiles/cjis.profile
@@ -0,0 +1,141 @@
+documentation_complete: false
+
+metadata:
+    version: 5.4
+    SMEs:
+        - ggbecker
+
+reference: https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
+
+title: 'Criminal Justice Information Services (CJIS) Security Policy'
+
+description: |-
+    This profile is derived from FBI's CJIS v5.4
+    Security Policy. A copy of this policy can be found at the CJIS Security
+    Policy Resource Center:
+
+    https://www.fbi.gov/services/cjis/cjis-security-policy-resource-center
+
+selections:
+    - service_auditd_enabled
+    - grub2_audit_argument
+    - auditd_data_retention_num_logs
+    - auditd_data_retention_max_log_file
+    - auditd_data_retention_max_log_file_action
+    - auditd_data_retention_space_left_action
+    - auditd_data_retention_admin_space_left_action
+    - auditd_data_retention_action_mail_acct
+    - auditd_audispd_syslog_plugin_activated
+    - audit_rules_time_adjtimex
+    - audit_rules_time_settimeofday
+    - audit_rules_time_stime
+    - audit_rules_time_clock_settime
+    - audit_rules_time_watch_localtime
+    - audit_rules_usergroup_modification
+    - audit_rules_networkconfig_modification
+    - file_permissions_var_log_audit
+    - file_ownership_var_log_audit
+    - audit_rules_mac_modification
+    - audit_rules_dac_modification_chmod
+    - audit_rules_dac_modification_chown
+    - audit_rules_dac_modification_fchmod
+    - audit_rules_dac_modification_fchmodat
+    - audit_rules_dac_modification_fchown
+    - audit_rules_dac_modification_fchownat
+    - audit_rules_dac_modification_fremovexattr
+    - audit_rules_dac_modification_fsetxattr
+    - audit_rules_dac_modification_lchown
+    - audit_rules_dac_modification_lremovexattr
+    - audit_rules_dac_modification_lsetxattr
+    - audit_rules_dac_modification_removexattr
+    - audit_rules_dac_modification_setxattr
+    - audit_rules_login_events
+    - audit_rules_session_events
+    - audit_rules_unsuccessful_file_modification
+    - audit_rules_privileged_commands
+    - audit_rules_media_export
+    - audit_rules_file_deletion_events
+    - audit_rules_sysadmin_actions
+    - audit_rules_kernel_module_loading
+    - audit_rules_immutable
+    - account_unique_name
+    - gid_passwd_group_same
+    - accounts_password_all_shadowed
+    - no_empty_passwords
+    - display_login_attempts
+    - var_accounts_password_minlen_login_defs=12
+    - var_accounts_maximum_age_login_defs=90
+    - var_password_pam_unix_remember=10
+    - var_account_disable_post_pw_expiration=0
+    - var_password_pam_minlen=12
+    - var_accounts_minimum_age_login_defs=1
+    - var_password_pam_difok=6
+    - var_accounts_max_concurrent_login_sessions=3
+    - account_disable_post_pw_expiration
+    - accounts_password_pam_minlen
+    - accounts_minimum_age_login_defs
+    - accounts_password_pam_difok
+    - accounts_max_concurrent_login_sessions
+    - set_password_hashing_algorithm_systemauth
+    - set_password_hashing_algorithm_passwordauth
+    - set_password_hashing_algorithm_logindefs
+    - set_password_hashing_algorithm_libuserconf
+    - file_owner_etc_shadow
+    - file_groupowner_etc_shadow
+    - file_permissions_etc_shadow
+    - file_owner_etc_group
+    - file_groupowner_etc_group
+    - file_permissions_etc_group
+    - file_owner_etc_passwd
+    - file_groupowner_etc_passwd
+    - file_permissions_etc_passwd
+    - file_owner_grub2_cfg
+    - file_groupowner_grub2_cfg
+    - var_password_pam_retry=5
+    - var_accounts_passwords_pam_faillock_deny=5
+    - var_accounts_passwords_pam_faillock_unlock_time=600
+    - dconf_db_up_to_date
+    - dconf_gnome_screensaver_idle_delay
+    - dconf_gnome_screensaver_idle_activation_enabled
+    - dconf_gnome_screensaver_lock_enabled
+    - dconf_gnome_screensaver_mode_blank
+    - sshd_allow_only_protocol2
+    - sshd_set_idle_timeout
+    - var_sshd_set_keepalive=0
+    - sshd_set_keepalive_0
+    - disable_host_auth
+    - sshd_disable_root_login
+    - sshd_disable_empty_passwords
+    - sshd_enable_warning_banner
+    - sshd_do_not_permit_user_env
+    - var_system_crypto_policy=fips
+    - configure_crypto_policy
+    - configure_ssh_crypto_policy
+    - kernel_module_dccp_disabled
+    - kernel_module_sctp_disabled
+    - service_firewalld_enabled
+    - set_firewalld_default_zone
+    - firewalld_sshd_port_enabled
+    - sshd_idle_timeout_value=30_minutes
+    - inactivity_timeout_value=30_minutes
+    - sysctl_net_ipv4_conf_default_accept_source_route
+    - sysctl_net_ipv4_tcp_syncookies
+    - sysctl_net_ipv4_conf_all_send_redirects
+    - sysctl_net_ipv4_conf_default_send_redirects
+    - sysctl_net_ipv4_conf_all_accept_redirects
+    - sysctl_net_ipv4_conf_default_accept_redirects
+    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+    - var_password_pam_ocredit=1
+    - var_password_pam_dcredit=1
+    - var_password_pam_ucredit=1
+    - var_password_pam_lcredit=1
+    - package_aide_installed
+    - aide_build_database
+    - aide_periodic_cron_checking
+    - rpm_verify_permissions
+    - rpm_verify_hashes
+    - ensure_almalinux_gpgkey_installed
+    - ensure_gpgcheck_globally_activated
+    - ensure_gpgcheck_never_disabled
+    - security_patches_up_to_date
+    - kernel_module_bluetooth_disabled
diff --git a/products/almalinux8/profiles/cui.profile b/products/almalinux8/profiles/cui.profile
new file mode 100644
index 00000000..b772740c
--- /dev/null
+++ b/products/almalinux8/profiles/cui.profile
@@ -0,0 +1,32 @@
+documentation_complete: true
+
+metadata:
+    version: TBD
+    SMEs:
+        - ggbecker
+
+title: 'Unclassified Information in Non-federal Information Systems and Organizations (NIST 800-171)'
+
+description: |-
+    From NIST 800-171, Section 2.2:
+    Security requirements for protecting the confidentiality of CUI in nonfederal
+    information systems and organizations have a well-defined structure that
+    consists of:
+
+    (i) a basic security requirements section;
+    (ii) a derived security requirements section.
+
+    The basic security requirements are obtained from FIPS Publication 200, which
+    provides the high-level and fundamental security requirements for federal
+    information and information systems. The derived security requirements, which
+    supplement the basic security requirements, are taken from the security controls
+    in NIST Special Publication 800-53.
+
+    This profile configures AlmaLinux OS 8 to the NIST Special
+    Publication 800-53 controls identified for securing Controlled Unclassified
+    Information (CUI)."
+
+extends: ospp
+
+selections:
+    - inactivity_timeout_value=10_minutes
diff --git a/products/almalinux8/profiles/e8.profile b/products/almalinux8/profiles/e8.profile
new file mode 100644
index 00000000..65004519
--- /dev/null
+++ b/products/almalinux8/profiles/e8.profile
@@ -0,0 +1,149 @@
+documentation_complete: true
+
+metadata:
+    SMEs:
+        - shaneboulden
+
+reference: https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
+
+title: 'Australian Cyber Security Centre (ACSC) Essential Eight'
+
+description: |-
+  This profile contains configuration checks for AlmaLinux OS 8
+  that align to the Australian Cyber Security Centre (ACSC) Essential Eight.
+
+  A copy of the Essential Eight in Linux Environments guide can be found at the
+  ACSC website:
+
+  https://www.cyber.gov.au/acsc/view-all-content/publications/hardening-linux-workstations-and-servers
+
+selections:
+
+  ### Remove obsolete packages
+  - package_talk_removed
+  - package_talk-server_removed
+  - package_xinetd_removed
+  - service_xinetd_disabled
+  - package_ypbind_removed
+  - package_telnet_removed
+  - service_telnet_disabled
+  - package_telnet-server_removed
+  - package_rsh_removed
+  - package_rsh-server_removed
+  - service_zebra_disabled
+  - package_quagga_removed
+  - service_avahi-daemon_disabled
+  - package_squid_removed
+  - service_squid_disabled
+
+  ### Software update
+  - ensure_almalinux_gpgkey_installed
+  - ensure_gpgcheck_never_disabled
+  - ensure_gpgcheck_local_packages
+  - ensure_gpgcheck_globally_activated
+  - security_patches_up_to_date
+  - dnf-automatic_security_updates_only
+
+  ### System security settings
+  - sysctl_kernel_randomize_va_space
+  - sysctl_kernel_exec_shield
+  - sysctl_kernel_kptr_restrict
+  - sysctl_kernel_dmesg_restrict
+  - sysctl_kernel_kexec_load_disabled
+  - sysctl_kernel_yama_ptrace_scope
+  - sysctl_kernel_unprivileged_bpf_disabled
+  - sysctl_net_core_bpf_jit_harden
+
+  ### SELinux
+  - var_selinux_state=enforcing
+  - selinux_state
+  - var_selinux_policy_name=targeted
+  - selinux_policytype
+
+  ### Filesystem integrity
+  - rpm_verify_hashes
+  - rpm_verify_permissions
+  - rpm_verify_ownership
+  - file_permissions_unauthorized_sgid
+  - file_permissions_unauthorized_suid
+  - file_permissions_unauthorized_world_writable
+  - dir_perms_world_writable_sticky_bits
+  - file_permissions_library_dirs
+  - file_ownership_binary_dirs
+  - file_permissions_binary_dirs
+  - file_ownership_library_dirs
+
+  ### Passwords
+  - no_empty_passwords
+
+  ### Partitioning
+  - mount_option_dev_shm_nodev
+  - mount_option_dev_shm_nosuid
+  - mount_option_dev_shm_noexec
+
+  ### Network
+  - package_firewalld_installed
+  - service_firewalld_enabled
+  - network_sniffer_disabled
+
+  ### Admin privileges
+  - accounts_no_uid_except_zero
+  - sudo_remove_nopasswd
+  - sudo_remove_no_authenticate
+  - sudo_require_authentication
+
+  ### Audit
+  - package_rsyslog_installed
+  - service_rsyslog_enabled
+  - service_auditd_enabled
+  - var_auditd_flush=incremental_async
+  - auditd_data_retention_flush
+  - auditd_local_events
+  - auditd_write_logs
+  - auditd_log_format
+  - auditd_freq
+  - auditd_name_format
+  - audit_rules_login_events_tallylog
+  - audit_rules_login_events_faillock
+  - audit_rules_login_events_lastlog
+  - audit_rules_login_events
+  - audit_rules_time_adjtimex
+  - audit_rules_time_clock_settime
+  - audit_rules_time_watch_localtime
+  - audit_rules_time_settimeofday
+  - audit_rules_time_stime
+  - audit_rules_execution_restorecon
+  - audit_rules_execution_chcon
+  - audit_rules_execution_semanage
+  - audit_rules_execution_setsebool
+  - audit_rules_execution_setfiles
+  - audit_rules_execution_seunshare
+  - audit_rules_sysadmin_actions
+  - audit_rules_networkconfig_modification
+  - audit_rules_usergroup_modification
+  - audit_rules_dac_modification_chmod
+  - audit_rules_dac_modification_chown
+  - audit_rules_kernel_module_loading
+
+  ### Secure access
+  - sshd_disable_root_login
+  - sshd_disable_gssapi_auth
+  - sshd_print_last_log
+  - sshd_do_not_permit_user_env
+  - sshd_disable_rhosts
+  - sshd_set_loglevel_info
+  - sshd_disable_empty_passwords
+  - sshd_disable_user_known_hosts
+  - sshd_enable_strictmodes
+
+  # See also: https://www.cyber.gov.au/acsc/view-all-content/guidance/asd-approved-cryptographic-algorithms
+  - var_system_crypto_policy=default_nosha1
+  - configure_crypto_policy
+  - configure_ssh_crypto_policy
+
+  ### Application whitelisting
+  - package_fapolicyd_installed
+  - service_fapolicyd_enabled
+
+  ### Backup
+  - package_rear_installed
diff --git a/products/almalinux8/profiles/hipaa.profile b/products/almalinux8/profiles/hipaa.profile
new file mode 100644
index 00000000..2e8a33d3
--- /dev/null
+++ b/products/almalinux8/profiles/hipaa.profile
@@ -0,0 +1,164 @@
+documentation_complete: True
+
+metadata:
+    SMEs:
+        - jjaswanson4
+
+reference: https://www.hhs.gov/hipaa/for-professionals/index.html
+
+title: 'Health Insurance Portability and Accountability Act (HIPAA)'
+
+description: |-
+    The HIPAA Security Rule establishes U.S. national standards to protect individuals’
+    electronic personal health information that is created, received, used, or
+    maintained by a covered entity. The Security Rule requires appropriate
+    administrative, physical and technical safeguards to ensure the
+    confidentiality, integrity, and security of electronic protected health
+    information.
+
+    This profile configures AlmaLinux 8 to the HIPAA Security
+    Rule identified for securing of electronic protected health information.
+    Use of this profile in no way guarantees or makes claims against legal compliance against the HIPAA Security Rule(s).
+
+selections:
+    - grub2_password
+    - grub2_uefi_password
+    - file_groupowner_grub2_cfg
+    - file_permissions_grub2_cfg
+    - file_owner_grub2_cfg
+    - grub2_disable_interactive_boot
+    - no_direct_root_logins
+    - no_empty_passwords
+    - require_singleuser_auth
+    - restrict_serial_port_logins
+    - securetty_root_login_console_only
+    - service_debug-shell_disabled
+    - disable_ctrlaltdel_reboot
+    - disable_ctrlaltdel_burstaction
+    - dconf_db_up_to_date
+    - dconf_gnome_remote_access_credential_prompt
+    - dconf_gnome_remote_access_encryption
+    - sshd_disable_empty_passwords
+    - sshd_disable_root_login
+    - libreswan_approved_tunnels
+    - no_rsh_trust_files
+    - package_rsh-server_removed
+    - package_talk_removed
+    - package_talk-server_removed
+    - package_telnet_removed
+    - package_telnet-server_removed
+    - package_xinetd_removed
+    - service_crond_enabled
+    - service_rexec_disabled
+    - service_rlogin_disabled
+    - service_telnet_disabled
+    - service_xinetd_disabled
+    - service_zebra_disabled
+    - use_kerberos_security_all_exports
+    - disable_host_auth
+    - sshd_allow_only_protocol2
+    - sshd_disable_compression
+    - sshd_disable_gssapi_auth
+    - sshd_disable_kerb_auth
+    - sshd_do_not_permit_user_env
+    - sshd_enable_strictmodes
+    - sshd_enable_warning_banner
+    - var_sshd_set_keepalive=0
+    - sshd_set_keepalive_0
+    - encrypt_partitions
+    - var_system_crypto_policy=fips
+    - configure_crypto_policy
+    - configure_ssh_crypto_policy
+    - var_selinux_policy_name=targeted
+    - var_selinux_state=enforcing
+    - grub2_enable_selinux
+    - sebool_selinuxuser_execheap
+    - sebool_selinuxuser_execmod
+    - sebool_selinuxuser_execstack
+    - selinux_confinement_of_daemons
+    - selinux_policytype
+    - selinux_state
+    - service_kdump_disabled
+    - sysctl_fs_suid_dumpable
+    - sysctl_kernel_dmesg_restrict
+    - sysctl_kernel_exec_shield
+    - sysctl_kernel_randomize_va_space
+    - rpm_verify_hashes
+    - rpm_verify_permissions
+    - ensure_almalinux_gpgkey_installed
+    - ensure_gpgcheck_globally_activated
+    - ensure_gpgcheck_never_disabled
+    - ensure_gpgcheck_local_packages
+    - grub2_audit_argument
+    - service_auditd_enabled
+    - audit_rules_privileged_commands_sudo
+    - audit_rules_privileged_commands_su
+    - audit_rules_immutable
+    - kernel_module_usb-storage_disabled
+    - service_autofs_disabled
+    - auditd_audispd_syslog_plugin_activated
+    - rsyslog_remote_loghost
+    - auditd_data_retention_flush
+    - audit_rules_dac_modification_chmod
+    - audit_rules_dac_modification_chown
+    - audit_rules_dac_modification_fchmodat
+    - audit_rules_dac_modification_fchmod
+    - audit_rules_dac_modification_fchownat
+    - audit_rules_dac_modification_fchown
+    - audit_rules_dac_modification_fremovexattr
+    - audit_rules_dac_modification_fsetxattr
+    - audit_rules_dac_modification_lchown
+    - audit_rules_dac_modification_lremovexattr
+    - audit_rules_dac_modification_lsetxattr
+    - audit_rules_dac_modification_removexattr
+    - audit_rules_dac_modification_setxattr
+    - audit_rules_execution_chcon
+    - audit_rules_execution_restorecon
+    - audit_rules_execution_semanage
+    - audit_rules_execution_setsebool
+    - audit_rules_file_deletion_events_renameat
+    - audit_rules_file_deletion_events_rename
+    - audit_rules_file_deletion_events_rmdir
+    - audit_rules_file_deletion_events_unlinkat
+    - audit_rules_file_deletion_events_unlink
+    - audit_rules_kernel_module_loading_delete
+    - audit_rules_kernel_module_loading_init
+    - audit_rules_login_events_faillock
+    - audit_rules_login_events_lastlog
+    - audit_rules_login_events_tallylog
+    - audit_rules_mac_modification
+    - audit_rules_media_export
+    - audit_rules_networkconfig_modification
+    - audit_rules_privileged_commands_chage
+    - audit_rules_privileged_commands_chsh
+    - audit_rules_privileged_commands_crontab
+    - audit_rules_privileged_commands_gpasswd
+    - audit_rules_privileged_commands_newgrp
+    - audit_rules_privileged_commands_pam_timestamp_check
+    - audit_rules_privileged_commands_passwd
+    - audit_rules_privileged_commands_postdrop
+    - audit_rules_privileged_commands_postqueue
+    - audit_rules_privileged_commands_ssh_keysign
+    - audit_rules_privileged_commands_sudoedit
+    - audit_rules_privileged_commands_umount
+    - audit_rules_privileged_commands_unix_chkpwd
+    - audit_rules_privileged_commands_userhelper
+    - audit_rules_session_events
+    - audit_rules_sysadmin_actions
+    - audit_rules_system_shutdown
+    - audit_rules_time_adjtimex
+    - audit_rules_time_clock_settime
+    - audit_rules_time_settimeofday
+    - audit_rules_time_stime
+    - audit_rules_time_watch_localtime
+    - audit_rules_unsuccessful_file_modification_creat
+    - audit_rules_unsuccessful_file_modification_ftruncate
+    - audit_rules_unsuccessful_file_modification_openat
+    - audit_rules_unsuccessful_file_modification_open_by_handle_at
+    - audit_rules_unsuccessful_file_modification_open
+    - audit_rules_unsuccessful_file_modification_truncate
+    - audit_rules_usergroup_modification_group
+    - audit_rules_usergroup_modification_gshadow
+    - audit_rules_usergroup_modification_opasswd
+    - audit_rules_usergroup_modification_passwd
+    - audit_rules_usergroup_modification_shadow
diff --git a/products/almalinux8/profiles/ism_o.profile b/products/almalinux8/profiles/ism_o.profile
new file mode 100644
index 00000000..2a281cdc
--- /dev/null
+++ b/products/almalinux8/profiles/ism_o.profile
@@ -0,0 +1,135 @@
+documentation_complete: true
+
+metadata:
+    SMEs:
+        - shaneboulden
+        - wcushen
+        - ahamilto156
+
+reference: https://www.cyber.gov.au/ism
+
+title: 'Australian Cyber Security Centre (ACSC) ISM Official'
+
+description: |-
+  This profile contains configuration checks for AlmaLinux 8
+  that align to the Australian Cyber Security Centre (ACSC) Information Security Manual (ISM)
+  with the applicability marking of OFFICIAL.
+
+  The ISM uses a risk-based approach to cyber security. This profile provides a guide to aligning
+  Red Hat Enterprise Linux security controls with the ISM, which can be used to select controls
+  specific to an organisation's security posture and risk profile.
+
+  A copy of the ISM can be found at the ACSC website:
+
+  https://www.cyber.gov.au/ism
+
+extends: e8
+
+selections:
+
+  ## Operating system configuration
+  ## Identifiers 1491
+  - no_shelllogin_for_systemaccounts
+
+  ## Local administrator accounts
+  ## Identifiers 1382 / 1410
+  - accounts_password_all_shadowed
+  - package_sudo_installed
+
+  ## Content filtering & Anti virus
+  ## Identifiers  0576 / 1341 / 1034 / 1417 / 1288
+  - package_aide_installed
+
+  ## Software firewall
+  ## Identifiers 1416
+  - configure_firewalld_ports
+  ## Removing due to build error
+  ## - configure_firewalld_rate_limiting
+  - firewalld_sshd_port_enabled
+  - set_firewalld_default_zone
+
+  ## Endpoint device control software
+  ## Identifiers 1418
+  - package_usbguard_installed
+  - service_usbguard_enabled
+  - usbguard_allow_hid_and_hub
+
+  ## Authentication hardening
+  ## Identifiers 1546 / 0974 / 1173 / 1504 / 1505 / 1401 / 1559 / 1560
+  ## 1561 / 1546 / 0421 / 1557 / 0422 / 1558 / 1403 / 0431
+  - sshd_max_auth_tries_value=5
+  - disable_host_auth
+  - require_emergency_target_auth
+  - require_singleuser_auth
+  - sshd_disable_kerb_auth
+  - sshd_set_max_auth_tries
+
+  ## Password authentication & Protecting credentials
+  ## Identifiers 0421 / 0431 / 0418 / 1402
+  - var_password_pam_minlen=14
+  - var_accounts_password_warn_age_login_defs=7
+  - var_accounts_minimum_age_login_defs=1
+  - var_accounts_maximum_age_login_defs=60
+  - accounts_password_warn_age_login_defs
+  - accounts_maximum_age_login_defs
+  - accounts_minimum_age_login_defs
+  - accounts_passwords_pam_faillock_interval
+  - accounts_passwords_pam_faillock_unlock_time
+  - accounts_passwords_pam_faillock_deny
+  - accounts_passwords_pam_faillock_deny_root
+  - accounts_password_pam_minlen
+
+  ## Centralised logging facility
+  ## Identifiers 1405 / 0988
+  - rsyslog_cron_logging
+  - rsyslog_files_groupownership
+  - rsyslog_files_ownership
+  - rsyslog_files_permissions
+  - rsyslog_nolisten
+  - rsyslog_remote_loghost
+  - rsyslog_remote_tls
+  - rsyslog_remote_tls_cacert
+  - package_chrony_installed
+  - service_chronyd_enabled
+  - chronyd_or_ntpd_specify_multiple_servers
+  - chronyd_specify_remote_server
+  - service_chronyd_or_ntpd_enabled
+
+  ## Events to be logged
+  ## Identifiers 0580 / 0584 / 0582 / 0585 / 0586 / 0846 / 0957
+  - display_login_attempts
+  - sebool_auditadm_exec_content
+  - audit_rules_privileged_commands
+  - audit_rules_session_events
+  - audit_rules_unsuccessful_file_modification
+  - audit_access_failed
+  - audit_access_success
+
+  ## Web application & Database servers
+  ## Identifiers 1552 / 1277
+  - openssl_use_strong_entropy
+
+  ## Network design and configuration
+  ## Identifiers 1055 / 1311
+  - network_nmcli_permissions
+  - service_snmpd_disabled
+  - snmpd_use_newer_protocol
+
+  ## Wireless networks
+  ## Identifiers 1315
+  - wireless_disable_interfaces
+
+  ## ASD Approved Cryptographic Algorithms
+  ## Identifiers 0471 / 0472 / 0473 / 0474 / 0475 / 0476 / 0477 /
+  ## 0479 / 0480 / 0481 / 0489 / 0497 / 0994 / 0998 / 1001 /  1139 /
+  ## 1372 / 1373 / 1374 / 1375
+  - enable_fips_mode
+  - var_system_crypto_policy=fips
+  - configure_crypto_policy
+
+  ## Secure Shell access
+  ## Identifiers 0484 / 1506 / 1449 / 0487
+  - sshd_allow_only_protocol2
+  - sshd_enable_warning_banner
+  - sshd_disable_x11_forwarding
+  - file_permissions_sshd_private_key
diff --git a/products/almalinux8/profiles/ospp-mls.profile b/products/almalinux8/profiles/ospp-mls.profile
new file mode 100644
index 00000000..d1d1b8af
--- /dev/null
+++ b/products/almalinux8/profiles/ospp-mls.profile
@@ -0,0 +1,25 @@
+documentation_complete: false
+
+title: 'Protection Profile for General Purpose Operating Systems - MLS Mode'
+
+description: |-
+    Placeholder to put MLS specific rules
+
+extends: ospp
+
+selections:
+
+    ################################################
+    ## MUST INSTALL PACKAGES IN MLS MODE
+    #cups
+    #foomatic
+    #ghostscript
+    #ghostscript-fonts
+    #checkpolicy
+    #mcstrans
+    #policycoreutils-newrole
+    #selinux-policy-devel
+    ##xinetd
+    #iproute
+    #iputils
+    #netlabel_tools
diff --git a/products/almalinux8/profiles/ospp.profile b/products/almalinux8/profiles/ospp.profile
new file mode 100644
index 00000000..9d06f9a9
--- /dev/null
+++ b/products/almalinux8/profiles/ospp.profile
@@ -0,0 +1,445 @@
+documentation_complete: true
+
+metadata:
+    version: 4.2.1
+    SMEs:
+        - comps
+        - stevegrubb
+
+reference: https://www.niap-ccevs.org/Profile/PP.cfm
+
+title: 'Protection Profile for General Purpose Operating Systems'
+
+description: |-
+    This profile reflects mandatory configuration controls identified in the
+    NIAP Configuration Annex to the Protection Profile for General Purpose
+    Operating Systems (Protection Profile Version 4.2.1).
+
+    This configuration profile is consistent with CNSSI-1253, which requires
+    U.S. National Security Systems to adhere to certain configuration
+    parameters. Accordingly, this configuration profile is suitable for
+    use in U.S. National Security Systems.
+
+selections:
+
+    #######################################################
+    ### GENERAL REQUIREMENTS
+    ### Things needed to meet OSPP functional requirements.
+    #######################################################
+
+    ### Partitioning
+    - mount_option_home_nodev
+    - mount_option_home_nosuid
+    - mount_option_tmp_nodev
+    - mount_option_tmp_noexec
+    - mount_option_tmp_nosuid
+    - partition_for_var_tmp
+    - mount_option_var_tmp_nodev
+    - mount_option_var_tmp_noexec
+    - mount_option_var_tmp_nosuid
+    - mount_option_dev_shm_nodev
+    - mount_option_dev_shm_noexec
+    - mount_option_dev_shm_nosuid
+    - mount_option_nodev_nonroot_local_partitions
+    - mount_option_boot_nodev
+    - mount_option_boot_nosuid
+    - partition_for_home
+    - partition_for_var
+    - mount_option_var_nodev
+    - partition_for_var_log
+    - mount_option_var_log_nodev
+    - mount_option_var_log_nosuid
+    - mount_option_var_log_noexec
+    - partition_for_var_log_audit
+    - mount_option_var_log_audit_nodev
+    - mount_option_var_log_audit_nosuid
+    - mount_option_var_log_audit_noexec
+
+    ### Services
+    # sshd
+    - sshd_disable_root_login
+    - sshd_enable_strictmodes
+    - disable_host_auth
+    - sshd_disable_empty_passwords
+    - sshd_disable_kerb_auth
+    - sshd_disable_gssapi_auth
+    - var_sshd_set_keepalive=0
+    - sshd_set_keepalive_0
+    - sshd_enable_warning_banner
+    - sshd_rekey_limit
+    - var_rekey_limit_size=1G
+    - var_rekey_limit_time=1hour
+    - sshd_use_strong_rng
+    - openssl_use_strong_entropy
+
+    # Time Server
+    - chronyd_client_only
+    - chronyd_no_chronyc_network
+
+    ### Network Settings
+    - sysctl_net_ipv6_conf_all_accept_ra
+    - sysctl_net_ipv6_conf_default_accept_ra
+    - sysctl_net_ipv4_conf_all_accept_redirects
+    - sysctl_net_ipv4_conf_default_accept_redirects
+    - sysctl_net_ipv6_conf_all_accept_redirects
+    - sysctl_net_ipv6_conf_default_accept_redirects
+    - sysctl_net_ipv4_conf_all_accept_source_route
+    - sysctl_net_ipv4_conf_default_accept_source_route
+    - sysctl_net_ipv6_conf_all_accept_source_route
+    - sysctl_net_ipv6_conf_default_accept_source_route
+    - sysctl_net_ipv4_conf_all_secure_redirects
+    - sysctl_net_ipv4_conf_default_secure_redirects
+    - sysctl_net_ipv4_conf_all_send_redirects
+    - sysctl_net_ipv4_conf_default_send_redirects
+    - sysctl_net_ipv4_conf_all_log_martians
+    - sysctl_net_ipv4_conf_default_log_martians
+    - sysctl_net_ipv4_conf_all_rp_filter
+    - sysctl_net_ipv4_conf_default_rp_filter
+    - sysctl_net_ipv4_icmp_ignore_bogus_error_responses
+    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+    - sysctl_net_ipv4_ip_forward
+    - sysctl_net_ipv4_tcp_syncookies
+
+    ### systemd
+    - disable_ctrlaltdel_reboot
+    - disable_ctrlaltdel_burstaction
+    - service_debug-shell_disabled
+
+    ### umask
+    - var_accounts_user_umask=027
+    - accounts_umask_etc_profile
+    - accounts_umask_etc_bashrc
+    - accounts_umask_etc_csh_cshrc
+
+    ### Software update
+    - ensure_almalinux_gpgkey_installed
+    - ensure_gpgcheck_globally_activated
+    - ensure_gpgcheck_local_packages
+    - ensure_gpgcheck_never_disabled
+
+    ### Passwords
+    - var_password_pam_difok=4
+    - accounts_password_pam_difok
+    - var_password_pam_maxrepeat=3
+    - accounts_password_pam_maxrepeat
+    - var_password_pam_maxclassrepeat=4
+    - accounts_password_pam_maxclassrepeat
+
+    ### Kernel Config
+    ## Boot prompt
+    - grub2_audit_argument
+    - grub2_audit_backlog_limit_argument
+    - grub2_slub_debug_argument
+    - grub2_page_poison_argument
+    - grub2_vsyscall_argument
+    - grub2_vsyscall_argument.role=unscored
+    - grub2_vsyscall_argument.severity=info
+    - grub2_pti_argument
+    - grub2_kernel_trust_cpu_rng
+
+    ## Security Settings
+    - sysctl_kernel_kptr_restrict
+    - sysctl_kernel_dmesg_restrict
+    - sysctl_kernel_kexec_load_disabled
+    - sysctl_kernel_yama_ptrace_scope
+    - sysctl_kernel_perf_event_paranoid
+    - sysctl_user_max_user_namespaces
+    - sysctl_user_max_user_namespaces.role=unscored
+    - sysctl_user_max_user_namespaces.severity=info
+    - sysctl_kernel_unprivileged_bpf_disabled
+    - sysctl_net_core_bpf_jit_harden
+    - service_kdump_disabled
+
+    ## File System Settings
+    - sysctl_fs_protected_hardlinks
+    - sysctl_fs_protected_symlinks
+
+    ### Audit
+    - service_auditd_enabled
+    - var_auditd_flush=incremental_async
+    - auditd_data_retention_flush
+    - auditd_local_events
+    - auditd_write_logs
+    - auditd_log_format
+    - auditd_freq
+    - auditd_name_format
+    - auditd_audispd_syslog_plugin_activated
+
+    ### Module Blacklist
+    - kernel_module_cramfs_disabled
+    - kernel_module_bluetooth_disabled
+    - kernel_module_sctp_disabled
+    - kernel_module_firewire-core_disabled
+    - kernel_module_atm_disabled
+    - kernel_module_can_disabled
+    - kernel_module_tipc_disabled
+
+    ### rpcbind
+
+    ### Install Required Packages
+    - package_aide_installed
+    - package_dnf-automatic_installed
+    - package_subscription-manager_installed
+    - package_dnf-plugin-subscription-manager_installed
+    - package_firewalld_installed
+    - package_openscap-scanner_installed
+    - package_policycoreutils_installed
+    - package_sudo_installed
+    - package_usbguard_installed
+    - package_scap-security-guide_installed
+    - package_audit_installed
+    - package_crypto-policies_installed
+    - package_openssh-server_installed
+    - package_openssh-clients_installed
+    - package_policycoreutils-python-utils_installed
+    - package_rsyslog_installed
+    - package_rsyslog-gnutls_installed
+    - package_audispd-plugins_installed
+    - package_chrony_installed
+    - package_gnutls-utils_installed
+
+    ### Remove Prohibited Packages
+    - package_sendmail_removed
+    - package_iprutils_removed
+    - package_gssproxy_removed
+    - package_nfs-utils_removed
+    - package_krb5-workstation_removed
+    - package_abrt-addon-kerneloops_removed
+    - package_python3-abrt-addon_removed
+    - package_abrt-addon-ccpp_removed
+    - package_abrt-plugin-rhtsupport_removed
+    - package_abrt-plugin-logger_removed
+    - package_abrt-plugin-sosreport_removed
+    - package_abrt-cli_removed
+    - package_abrt_removed
+
+    ### Login
+    - disable_users_coredumps
+    - sysctl_kernel_core_pattern
+    - coredump_disable_storage
+    - coredump_disable_backtraces
+    - service_systemd-coredump_disabled
+    - var_accounts_max_concurrent_login_sessions=10
+    - accounts_max_concurrent_login_sessions
+    - securetty_root_login_console_only
+    - var_password_pam_unix_remember=5
+    - accounts_password_pam_unix_remember
+    - use_pam_wheel_for_su
+
+    ### SELinux Configuration
+    - var_selinux_state=enforcing
+    - selinux_state
+    - var_selinux_policy_name=targeted
+    - selinux_policytype
+
+    ### Application Whitelisting (RHEL 8)
+    - package_fapolicyd_installed
+    - service_fapolicyd_enabled
+
+    ### Configure USBGuard
+    - service_usbguard_enabled
+    - configure_usbguard_auditbackend
+    - usbguard_allow_hid_and_hub
+
+
+    ### Enable / Configure FIPS
+    - enable_fips_mode
+    - var_system_crypto_policy=fips_ospp
+    - configure_crypto_policy
+    - configure_ssh_crypto_policy
+    - configure_bind_crypto_policy
+    - configure_openssl_crypto_policy
+    - configure_libreswan_crypto_policy
+    - configure_kerberos_crypto_policy
+    - enable_dracut_fips_module
+
+    #######################################################
+    ### CONFIGURATION ANNEX TO THE PROTECTION PROFILE
+    ### FOR GENERAL PURPOSE OPERATING SYSTEMS
+    ### ANNEX RELEASE 1
+    ### FOR PROTECTION PROFILE VERSIONS 4.2
+    ###
+    ### https://www.niap-ccevs.org/MMO/PP/-442ConfigAnnex-/
+    #######################################################
+
+    ## Configure Minimum Password Length to 12 Characters
+    ## IA-5 (1)(a) / FMT_MOF_EXT.1
+    - var_accounts_password_minlen_login_defs=12
+    - accounts_password_minlen_login_defs
+    - var_password_pam_minlen=12
+    - accounts_password_pam_minlen
+
+    ## Require at Least 1 Special Character in Password
+    ## IA-5(1)(a) / FMT_MOF_EXT.1
+    - var_password_pam_ocredit=1
+    - accounts_password_pam_ocredit
+
+    ## Require at Least 1 Numeric Character in Password
+    ## IA-5(1)(a) / FMT_MOF_EXT.1
+    - var_password_pam_dcredit=1
+    - accounts_password_pam_dcredit
+
+    ## Require at Least 1 Uppercase Character in Password
+    ## IA-5(1)(a) / FMT_MOF_EXT.1
+    - var_password_pam_ucredit=1
+    - accounts_password_pam_ucredit
+
+    ## Require at Least 1 Lowercase Character in Password
+    ## IA-5(1)(a) / FMT_MOF_EXT.1
+    - var_password_pam_lcredit=1
+    - accounts_password_pam_lcredit
+
+    ## Enable Screen Lock
+    ## FMT_MOF_EXT.1
+    - package_tmux_installed
+    - configure_bashrc_exec_tmux
+    - no_tmux_in_shells
+    - configure_tmux_lock_command
+    - configure_tmux_lock_after_time
+
+    ## Set Screen Lock Timeout Period to 30 Minutes or Less
+    ## AC-11(a) / FMT_MOF_EXT.1
+    ## We deliberately set sshd timeout to 1 minute before tmux lock timeout
+    - sshd_idle_timeout_value=14_minutes
+    - sshd_set_idle_timeout
+
+    ## Disable Unauthenticated Login (such as Guest Accounts)
+    ## FIA_UAU.1
+    - require_singleuser_auth
+    - grub2_disable_interactive_boot
+    - grub2_uefi_password
+    - no_empty_passwords
+
+    ## Set Maximum Number of Authentication Failures to 3 Within 15 Minutes
+    ## AC-7 / FIA_AFL.1
+    - var_accounts_passwords_pam_faillock_deny=3
+    - accounts_passwords_pam_faillock_deny
+    - var_accounts_passwords_pam_faillock_fail_interval=900
+    - accounts_passwords_pam_faillock_interval
+    - var_accounts_passwords_pam_faillock_unlock_time=never
+    - accounts_passwords_pam_faillock_unlock_time
+
+    ## Enable Host-Based Firewall
+    ## SC-7(12) / FMT_MOF_EXT.1
+    - service_firewalld_enabled
+
+    ## Configure Name/Addres of Remote Management Server
+    ##  From Which to Receive Config Settings
+    ## CM-3(3) / FMT_MOF_EXT.1
+
+    ## Configure the System to Offload Audit Records to a Log
+    ##  Server
+    ## AU-4(1) / FAU_GEN.1.1.c
+    # temporarily dropped
+
+    ## Set Logon Warning Banner
+    ## AC-8(a) / FMT_MOF_EXT.1
+
+    ## Audit All Logons (Success/Failure) and Logoffs (Success)
+    ##  CNSSI 1253 Value or DoD-Specific Values:
+    ##      (1) Logons (Success/Failure)
+    ##      (2) Logoffs (Success)
+    ## AU-2(a) / FAU_GEN.1.1.c
+
+    ## Audit File and Object Events (Unsuccessful)
+    ##  CNSSI 1253 Value or DoD-specific Values:
+    ##      (1) Create (Success/Failure)
+    ##      (2) Access (Success/Failure)
+    ##      (3) Delete (Sucess/Failure)
+    ##      (4) Modify (Success/Failure)
+    ##      (5) Permission Modification (Sucess/Failure)
+    ##      (6) Ownership Modification (Success/Failure)
+    ## AU-2(a) / FAU_GEN.1.1.c
+    ##
+    ##
+    ## (1) Create (Success/Failure)
+    ##      (open with O_CREAT)
+    ## (2) Access (Success/Failure)
+    ## (3) Delete (Success/Failure)
+    ## (4) Modify (Success/Failure)
+    ## (5) Permission Modification (Success/Failure)
+    ## (6) Ownership Modification (Success/Failure)
+
+    ## Audit User and Group Management Events (Success/Failure)
+    ##  CNSSI 1253 Value or DoD-specific Values:
+    ##      (1) User add, delete, modify, disable, enable (Success/Failure)
+    ##      (2) Group/Role add, delete, modify (Success/Failure)
+    ## AU-2(a) / FAU_GEN.1.1.c
+    ##
+    ## Generic User and Group Management Events (Success/Failure)
+    ## Selection of setuid programs that relate to
+    ## user accounts.
+    ##
+    ## CNSSI 1253: (1) User add, delete, modify, disable, enable (Success/Failure)
+    ##
+    ## CNSSI 1252: (2) Group/Role add, delete, modify (Success/Failure)
+    ##
+    ## Audit Privilege or Role Escalation Events (Success/Failure)
+    ##  CNSSI 1253 Value or DoD-specific Values:
+    ##      - Privilege/Role escalation (Success/Failure)
+    ## AU-2(a) / FAU_GEN.1.1.c
+    ## Audit All Audit and Log Data Accesses (Success/Failure)
+    ##  CNSSI 1253 Value or DoD-specific Values:
+    ##      - Audit and log data access (Success/Failure)
+    ## AU-2(a) / FAU_GEN.1.1.c
+    ## Audit Cryptographic Verification of Software (Success/Failure)
+    ##  CNSSI 1253 Value or DoD-specific Values:
+    ##      - Applications (e.g. Firefox, Internet Explorer, MS Office Suite,
+    ##        etc) initialization (Success/Failure)
+    ## AU-2(a) / FAU_GEN.1.1.c
+    ## Audit Kernel Module Loading and Unloading Events (Success/Failure)
+    ## AU-2(a) / FAU_GEN.1.1.c
+    - audit_basic_configuration
+    - audit_immutable_login_uids
+    - audit_create_failed
+    - audit_create_success
+    - audit_modify_failed
+    - audit_modify_success
+    - audit_access_failed
+    - audit_access_success
+    - audit_delete_failed
+    - audit_delete_success
+    - audit_perm_change_failed
+    - audit_perm_change_success
+    - audit_owner_change_failed
+    - audit_owner_change_success
+    - audit_ospp_general
+    - audit_module_load
+
+    ## Enable Automatic Software Updates
+    ## SI-2 / FMT_MOF_EXT.1
+    # Configure dnf-automatic to Install Only Security Updates
+    - dnf-automatic_security_updates_only
+
+    # Configure dnf-automatic to Install Available Updates Automatically
+    - dnf-automatic_apply_updates
+
+    # Enable dnf-automatic Timer
+    - timer_dnf-automatic_enabled
+
+    # Configure TLS for remote logging
+    - rsyslog_remote_tls
+    - rsyslog_remote_tls_cacert
+
+    # Prevent Kerberos use by system daemons
+    - kerberos_disable_no_keytab
+
+    # set ssh client rekey limit
+    - ssh_client_rekey_limit
+    - var_ssh_client_rekey_limit_size=1G
+    - var_ssh_client_rekey_limit_time=1hour
+
+# configure ssh client to use strong entropy
+    - ssh_client_use_strong_rng_sh
+    - ssh_client_use_strong_rng_csh
+
+    # zIPl specific rules
+    - zipl_bls_entries_only
+    - zipl_bootmap_is_up_to_date
+    - zipl_audit_argument
+    - zipl_audit_backlog_limit_argument
+    - zipl_slub_debug_argument
+    - zipl_page_poison_argument
+    - zipl_vsyscall_argument
+    - zipl_vsyscall_argument.role=unscored
+    - zipl_vsyscall_argument.severity=info
diff --git a/products/almalinux8/profiles/pci-dss.profile b/products/almalinux8/profiles/pci-dss.profile
new file mode 100644
index 00000000..7b64de5e
--- /dev/null
+++ b/products/almalinux8/profiles/pci-dss.profile
@@ -0,0 +1,149 @@
+documentation_complete: true
+
+metadata:
+    SMEs:
+        - yuumasato
+
+reference: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2-1.pdf
+
+title: 'PCI-DSS v3.2.1 Control Baseline for Red Hat Enterprise Linux 8'
+
+description: |-
+    Ensures PCI-DSS v3.2.1 security configuration settings are applied.
+
+selections:
+    - var_password_pam_unix_remember=4
+    - var_account_disable_post_pw_expiration=90
+    - var_accounts_passwords_pam_faillock_deny=6
+    - var_accounts_passwords_pam_faillock_unlock_time=1800
+    - sshd_idle_timeout_value=15_minutes
+    - var_password_pam_minlen=7
+    - var_password_pam_minclass=2
+    - var_accounts_maximum_age_login_defs=90
+    - var_auditd_num_logs=5
+    - service_auditd_enabled
+    - grub2_audit_argument
+    - auditd_data_retention_num_logs
+    - auditd_data_retention_max_log_file
+    - auditd_data_retention_max_log_file_action
+    - auditd_data_retention_space_left_action
+    - auditd_data_retention_admin_space_left_action
+    - auditd_data_retention_action_mail_acct
+    - package_audispd-plugins_installed
+    - auditd_audispd_syslog_plugin_activated
+    - audit_rules_time_adjtimex
+    - audit_rules_time_settimeofday
+    - audit_rules_time_stime
+    - audit_rules_time_clock_settime
+    - audit_rules_time_watch_localtime
+    - audit_rules_usergroup_modification_group
+    - audit_rules_usergroup_modification_gshadow
+    - audit_rules_usergroup_modification_opasswd
+    - audit_rules_usergroup_modification_passwd
+    - audit_rules_usergroup_modification_shadow
+    - audit_rules_networkconfig_modification
+    - file_permissions_var_log_audit
+    - file_ownership_var_log_audit
+    - audit_rules_mac_modification
+    - audit_rules_dac_modification_chmod
+    - audit_rules_dac_modification_chown
+    - audit_rules_dac_modification_fchmod
+    - audit_rules_dac_modification_fchmodat
+    - audit_rules_dac_modification_fchown
+    - audit_rules_dac_modification_fchownat
+    - audit_rules_dac_modification_fremovexattr
+    - audit_rules_dac_modification_fsetxattr
+    - audit_rules_dac_modification_lchown
+    - audit_rules_dac_modification_lremovexattr
+    - audit_rules_dac_modification_lsetxattr
+    - audit_rules_dac_modification_removexattr
+    - audit_rules_dac_modification_setxattr
+    - audit_rules_login_events
+    - audit_rules_session_events
+    - audit_rules_unsuccessful_file_modification_creat
+    - audit_rules_unsuccessful_file_modification_ftruncate
+    - audit_rules_unsuccessful_file_modification_open
+    - audit_rules_unsuccessful_file_modification_open_by_handle_at
+    - audit_rules_unsuccessful_file_modification_openat
+    - audit_rules_unsuccessful_file_modification_truncate
+    - audit_rules_privileged_commands
+    - audit_rules_media_export
+    - audit_rules_file_deletion_events_rename
+    - audit_rules_file_deletion_events_renameat
+    - audit_rules_file_deletion_events_rmdir
+    - audit_rules_file_deletion_events_unlink
+    - audit_rules_file_deletion_events_unlinkat
+    - audit_rules_sysadmin_actions
+    - audit_rules_kernel_module_loading_delete
+    - audit_rules_kernel_module_loading_finit
+    - audit_rules_kernel_module_loading_init
+    - audit_rules_immutable
+    - var_multiple_time_servers=rhel
+    - service_chronyd_or_ntpd_enabled
+    - chronyd_or_ntpd_specify_remote_server
+    - chronyd_or_ntpd_specify_multiple_servers
+    - rpm_verify_permissions
+    - rpm_verify_hashes
+    - install_hids
+    - rsyslog_files_permissions
+    - rsyslog_files_ownership
+    - rsyslog_files_groupownership
+    - ensure_logrotate_activated
+    - package_aide_installed
+    - aide_build_database
+    - aide_periodic_cron_checking
+    - account_unique_name
+    - gid_passwd_group_same
+    - accounts_password_all_shadowed
+    - no_empty_passwords
+    - display_login_attempts
+    - account_disable_post_pw_expiration
+    - accounts_passwords_pam_faillock_deny
+    - accounts_passwords_pam_faillock_unlock_time
+    - dconf_db_up_to_date
+    - dconf_gnome_screensaver_idle_delay
+    - dconf_gnome_screensaver_idle_activation_enabled
+    - dconf_gnome_screensaver_lock_enabled
+    - dconf_gnome_screensaver_mode_blank
+    - sshd_set_idle_timeout
+    - var_sshd_set_keepalive=0
+    - sshd_set_keepalive_0
+    - accounts_password_pam_minlen
+    - accounts_password_pam_dcredit
+    - accounts_password_pam_ucredit
+    - accounts_password_pam_lcredit
+    - accounts_password_pam_unix_remember
+    - accounts_maximum_age_login_defs
+    - ensure_almalinux_gpgkey_installed
+    - ensure_gpgcheck_globally_activated
+    - ensure_gpgcheck_never_disabled
+    - security_patches_up_to_date
+    - package_opensc_installed
+    - var_smartcard_drivers=cac
+    - configure_opensc_card_drivers
+    - force_opensc_card_drivers
+    - package_pcsc-lite_installed
+    - service_pcscd_enabled
+    - sssd_enable_smartcards
+    - set_password_hashing_algorithm_systemauth
+    - set_password_hashing_algorithm_passwordauth
+    - set_password_hashing_algorithm_logindefs
+    - set_password_hashing_algorithm_libuserconf
+    - file_owner_etc_shadow
+    - file_groupowner_etc_shadow
+    - file_permissions_etc_shadow
+    - file_owner_etc_group
+    - file_groupowner_etc_group
+    - file_permissions_etc_group
+    - file_owner_etc_passwd
+    - file_groupowner_etc_passwd
+    - file_permissions_etc_passwd
+    - file_owner_grub2_cfg
+    - file_groupowner_grub2_cfg
+    - package_libreswan_installed
+    - configure_crypto_policy
+    - configure_bind_crypto_policy
+    - configure_openssl_crypto_policy
+    - configure_libreswan_crypto_policy
+    - configure_ssh_crypto_policy
+    - configure_kerberos_crypto_policy
diff --git a/products/almalinux8/profiles/rht-ccp.profile b/products/almalinux8/profiles/rht-ccp.profile
new file mode 100644
index 00000000..2ac2f5e4
--- /dev/null
+++ b/products/almalinux8/profiles/rht-ccp.profile
@@ -0,0 +1,102 @@
+documentation_complete: false
+
+title: 'Red Hat Corporate Profile for Certified Cloud Providers (RH CCP)'
+
+description: |-
+    This profile contains the minimum security relevant
+    configuration settings recommended by Red Hat, Inc for
+    Red Hat Enterprise Linux 8 instances deployed by Red Hat Certified
+    Cloud Providers.
+
+selections:
+    - var_selinux_state=enforcing
+    - var_selinux_policy_name=targeted
+    - file_owner_logfiles_value=root
+    - file_groupowner_logfiles_value=root
+    - sshd_idle_timeout_value=5_minutes
+    - var_accounts_password_minlen_login_defs=6
+    - var_accounts_minimum_age_login_defs=7
+    - var_accounts_passwords_pam_faillock_deny=5
+    - var_accounts_password_warn_age_login_defs=7
+    - var_password_pam_retry=3
+    - var_password_pam_dcredit=1
+    - var_password_pam_ucredit=2
+    - var_password_pam_ocredit=2
+    - var_password_pam_lcredit=2
+    - var_password_pam_difok=3
+    - var_password_pam_unix_remember=5
+    - var_accounts_user_umask=077
+    - login_banner_text=usgcb_default
+    - partition_for_tmp
+    - partition_for_var
+    - partition_for_var_log
+    - partition_for_var_log_audit
+    - selinux_state
+    - selinux_policytype
+    - ensure_almalinux_gpgkey_installed
+    - security_patches_up_to_date
+    - ensure_gpgcheck_globally_activated
+    - ensure_gpgcheck_never_disabled
+    - package_aide_installed
+    - accounts_password_pam_unix_remember
+    - no_shelllogin_for_systemaccounts
+    - no_empty_passwords
+    - accounts_password_all_shadowed
+    - accounts_no_uid_except_zero
+    - accounts_password_minlen_login_defs
+    - accounts_minimum_age_login_defs
+    - accounts_password_warn_age_login_defs
+    - accounts_password_pam_retry
+    - accounts_password_pam_dcredit
+    - accounts_password_pam_ucredit
+    - accounts_password_pam_ocredit
+    - accounts_password_pam_lcredit
+    - accounts_password_pam_difok
+    - accounts_passwords_pam_faillock_deny
+    - set_password_hashing_algorithm_systemauth
+    - set_password_hashing_algorithm_passwordauth
+    - set_password_hashing_algorithm_logindefs
+    - set_password_hashing_algorithm_libuserconf
+    - require_singleuser_auth
+    - file_owner_etc_shadow
+    - file_groupowner_etc_shadow
+    - file_permissions_etc_shadow
+    - file_owner_etc_gshadow
+    - file_groupowner_etc_gshadow
+    - file_permissions_etc_gshadow
+    - file_owner_etc_passwd
+    - file_groupowner_etc_passwd
+    - file_permissions_etc_passwd
+    - file_owner_etc_group
+    - file_groupowner_etc_group
+    - file_permissions_etc_group
+    - file_permissions_library_dirs
+    - file_ownership_library_dirs
+    - file_permissions_binary_dirs
+    - file_ownership_binary_dirs
+    - file_permissions_var_log_audit
+    - file_owner_grub2_cfg
+    - file_groupowner_grub2_cfg
+    - file_permissions_grub2_cfg
+    - grub2_password
+    - kernel_module_dccp_disabled
+    - kernel_module_sctp_disabled
+    - service_firewalld_enabled
+    - set_firewalld_default_zone
+    - firewalld_sshd_port_enabled
+    - service_abrtd_disabled
+    - service_telnet_disabled
+    - package_telnet-server_removed
+    - package_telnet_removed
+    - sshd_allow_only_protocol2
+    - sshd_set_idle_timeout
+    - var_sshd_set_keepalive=0
+    - sshd_set_keepalive_0
+    - disable_host_auth
+    - sshd_disable_root_login
+    - sshd_disable_empty_passwords
+    - sshd_enable_warning_banner
+    - sshd_do_not_permit_user_env
+    - var_system_crypto_policy=fips
+    - configure_crypto_policy
+    - configure_ssh_crypto_policy
diff --git a/products/almalinux8/profiles/standard.profile b/products/almalinux8/profiles/standard.profile
new file mode 100644
index 00000000..da736594
--- /dev/null
+++ b/products/almalinux8/profiles/standard.profile
@@ -0,0 +1,67 @@
+documentation_complete: false
+
+title: 'Standard System Security Profile for AlmaLinux OS 8'
+
+description: |-
+    This profile contains rules to ensure standard security baseline
+    of a AlmaLinux OS 8 system. Regardless of your system's workload
+    all of these checks should pass.
+
+selections:
+    - ensure_almalinux_gpgkey_installed
+    - ensure_gpgcheck_globally_activated
+    - rpm_verify_permissions
+    - rpm_verify_hashes
+    - security_patches_up_to_date
+    - no_empty_passwords
+    - file_permissions_unauthorized_sgid
+    - file_permissions_unauthorized_suid
+    - file_permissions_unauthorized_world_writable
+    - accounts_root_path_dirs_no_write
+    - dir_perms_world_writable_sticky_bits
+    - mount_option_dev_shm_nodev
+    - mount_option_dev_shm_nosuid
+    - partition_for_var_log
+    - partition_for_var_log_audit
+    - package_rsyslog_installed
+    - service_rsyslog_enabled
+    - audit_rules_time_adjtimex
+    - audit_rules_time_settimeofday
+    - audit_rules_time_stime
+    - audit_rules_time_clock_settime
+    - audit_rules_time_watch_localtime
+    - audit_rules_usergroup_modification
+    - audit_rules_networkconfig_modification
+    - audit_rules_mac_modification
+    - audit_rules_dac_modification_chmod
+    - audit_rules_dac_modification_chown
+    - audit_rules_dac_modification_fchmod
+    - audit_rules_dac_modification_fchmodat
+    - audit_rules_dac_modification_fchown
+    - audit_rules_dac_modification_fchownat
+    - audit_rules_dac_modification_fremovexattr
+    - audit_rules_dac_modification_fsetxattr
+    - audit_rules_dac_modification_lchown
+    - audit_rules_dac_modification_lremovexattr
+    - audit_rules_dac_modification_lsetxattr
+    - audit_rules_dac_modification_removexattr
+    - audit_rules_dac_modification_setxattr
+    - audit_rules_unsuccessful_file_modification
+    - audit_rules_privileged_commands
+    - audit_rules_media_export
+    - audit_rules_file_deletion_events
+    - audit_rules_sysadmin_actions
+    - audit_rules_kernel_module_loading
+    - service_abrtd_disabled
+    - service_atd_disabled
+    - service_autofs_disabled
+    - service_ntpdate_disabled
+    - service_oddjobd_disabled
+    - service_qpidd_disabled
+    - service_rdisc_disabled
+    - configure_crypto_policy
+    - configure_bind_crypto_policy
+    - configure_openssl_crypto_policy
+    - configure_libreswan_crypto_policy
+    - configure_ssh_crypto_policy
+    - configure_kerberos_crypto_policy
diff --git a/products/almalinux8/profiles/stig.profile b/products/almalinux8/profiles/stig.profile
new file mode 100644
index 00000000..c76af959
--- /dev/null
+++ b/products/almalinux8/profiles/stig.profile
@@ -0,0 +1,1180 @@
+documentation_complete: true
+
+metadata:
+    version: V1R5
+    SMEs:
+        - mab879
+        - ggbecker
+
+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+
+title: 'DISA STIG for Red Hat Enterprise Linux 8'
+
+description: |-
+    This profile contains configuration checks that align to the
+    DISA STIG for Red Hat Enterprise Linux 8 V1R5.
+
+    In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
+    configuration baseline as applicable to the operating system tier of
+    Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:
+
+    - Red Hat Enterprise Linux Server
+    - Red Hat Enterprise Linux Workstation and Desktop
+    - Red Hat Enterprise Linux for HPC
+    - Red Hat Storage
+    - Red Hat Containers with a Red Hat Enterprise Linux 8 image
+
+selections:
+    ### Variables
+    - var_rekey_limit_size=1G
+    - var_rekey_limit_time=1hour
+    - var_accounts_user_umask=077
+    - var_password_pam_difok=8
+    - var_password_pam_maxrepeat=3
+    - var_sshd_disable_compression=no
+    - var_password_hashing_algorithm=SHA512
+    - var_password_pam_maxclassrepeat=4
+    - var_password_pam_minclass=4
+    - var_accounts_minimum_age_login_defs=1
+    - var_accounts_max_concurrent_login_sessions=10
+    - var_password_pam_remember=5
+    - var_password_pam_remember_control_flag=required
+    - var_selinux_state=enforcing
+    - var_selinux_policy_name=targeted
+    - var_accounts_password_minlen_login_defs=15
+    - var_password_pam_unix_rounds=5000
+    - var_password_pam_minlen=15
+    - var_password_pam_ocredit=1
+    - var_password_pam_dcredit=1
+    - var_password_pam_dictcheck=1
+    - var_password_pam_ucredit=1
+    - var_password_pam_lcredit=1
+    - var_password_pam_retry=3
+    - var_password_pam_minlen=15
+    # - var_sshd_set_keepalive=0
+    - sshd_approved_macs=stig
+    - sshd_approved_ciphers=stig
+    - sshd_idle_timeout_value=10_minutes
+    - var_accounts_authorized_local_users_regex=rhel8
+    - var_accounts_passwords_pam_faillock_deny=3
+    - var_accounts_passwords_pam_faillock_fail_interval=900
+    - var_accounts_passwords_pam_faillock_unlock_time=never
+    - var_ssh_client_rekey_limit_size=1G
+    - var_ssh_client_rekey_limit_time=1hour
+    - var_accounts_fail_delay=4
+    - var_account_disable_post_pw_expiration=35
+    - var_auditd_action_mail_acct=root
+    - var_time_service_set_maxpoll=18_hours
+    - var_accounts_maximum_age_login_defs=60
+    - var_auditd_space_left_percentage=25pc
+    - var_auditd_space_left_action=email
+    - var_auditd_disk_error_action=halt
+    - var_auditd_max_log_file_action=syslog
+    - var_auditd_disk_full_action=halt
+    - var_sssd_certificate_verification_digest_function=sha1
+    - login_banner_text=dod_banners
+
+    ### Enable / Configure FIPS
+    - enable_fips_mode
+    - var_system_crypto_policy=fips
+    - configure_crypto_policy
+    - configure_bind_crypto_policy
+    - configure_libreswan_crypto_policy
+    - configure_kerberos_crypto_policy
+    - enable_dracut_fips_module
+
+    ### Rules:
+    # RHEL-08-010000
+    - installed_OS_is_vendor_supported
+
+    # RHEL-08-010001
+    - package_mcafeetp_installed
+    - agent_mfetpd_running
+
+    # RHEL-08-010010
+    - security_patches_up_to_date
+
+    # RHEL-08-010020
+    - sysctl_crypto_fips_enabled
+
+    # RHEL-08-010030
+    - encrypt_partitions
+
+    # RHEL-08-010040
+    - sshd_enable_warning_banner
+
+    # RHEL-08-010049
+    - dconf_gnome_banner_enabled
+
+    # RHEL-08-010050
+    - dconf_gnome_login_banner_text
+
+    # RHEL-08-010060
+    - banner_etc_issue
+
+    # RHEL-08-010070
+    - rsyslog_remote_access_monitoring
+
+    # RHEL-08-010090
+
+    # RHEL-08-010100
+
+    # RHEL-08-010110
+    - set_password_hashing_algorithm_logindefs
+
+    # RHEL-08-010120
+    - accounts_password_all_shadowed_sha512
+
+    # RHEL-08-010130
+    - accounts_password_pam_unix_rounds_password_auth
+
+    # RHEL-08-010131
+    - accounts_password_pam_unix_rounds_system_auth
+
+    # RHEL-08-010140
+    - grub2_uefi_password
+
+    # RHEL-08-010141
+    - grub2_uefi_admin_username
+
+    # RHEL-08-010149
+    - grub2_admin_username
+
+    # RHEL-08-010150
+    - grub2_password
+
+    # RHEL-08-010151
+    - require_singleuser_auth
+
+    # RHEL-08-010152
+    - require_emergency_target_auth
+
+    # RHEL-08-010159
+    - set_password_hashing_algorithm_passwordauth
+
+    # RHEL-08-010160
+    - set_password_hashing_algorithm_systemauth
+
+    # RHEL-08-010161
+    - kerberos_disable_no_keytab
+
+    # RHEL-08-010162
+    - package_krb5-workstation_removed
+
+    # RHEL-08-010170
+    - selinux_state
+
+    # RHEL-08-010171
+    - package_policycoreutils_installed
+
+    # RHEL-08-010190
+    - dir_perms_world_writable_sticky_bits
+
+    # These two items don't behave as they used to in RHEL8.6 and RHEL9
+    # anymore. They will be disabled for now until an alternative
+    # solution is found.
+    # # RHEL-08-010200
+    # - sshd_set_keepalive_0
+    # # RHEL-08-010201
+    # - sshd_set_idle_timeout
+
+    # RHEL-08-010210
+    - file_permissions_var_log_messages
+
+    # RHEL-08-010220
+    - file_owner_var_log_messages
+
+    # RHEL-08-010230
+    - file_groupowner_var_log_messages
+
+    # RHEL-08-010240
+    - file_permissions_var_log
+
+    # RHEL-08-010250
+    - file_owner_var_log
+
+    # RHEL-08-010260
+    - file_groupowner_var_log
+
+    # RHEL-08-010287
+    - configure_ssh_crypto_policy
+
+    # RHEL-08-010290
+    - harden_sshd_macs_openssh_conf_crypto_policy
+    - harden_sshd_macs_opensshserver_conf_crypto_policy
+
+    # RHEL-08-010291
+    - harden_sshd_ciphers_openssh_conf_crypto_policy
+    - harden_sshd_ciphers_opensshserver_conf_crypto_policy
+
+    # RHEL-08-010292
+    - sshd_use_strong_rng
+
+    # RHEL-08-010293
+    - configure_openssl_crypto_policy
+
+    # RHEL-08-010294
+    - configure_openssl_tls_crypto_policy
+
+    # RHEL-08-010295
+    - configure_gnutls_tls_crypto_policy
+
+    # RHEL-08-010300
+    - file_permissions_binary_dirs
+
+    # RHEL-08-010310
+    - file_ownership_binary_dirs
+
+    # RHEL-08-010320
+    - file_groupownership_system_commands_dirs
+
+    # RHEL-08-010330
+    - file_permissions_library_dirs
+
+    # RHEL-08-010331
+    - dir_permissions_library_dirs
+
+    # RHEL-08-010340
+    - file_ownership_library_dirs
+
+    # RHEL-08-010341
+    - dir_ownership_library_dirs
+
+    # RHEL-08-010350
+    - root_permissions_syslibrary_files
+
+    # RHEL-08-010351
+    - dir_group_ownership_library_dirs
+
+    # RHEL-08-010359
+    - package_aide_installed
+
+    # RHEL-08-010360
+    - aide_scan_notification
+
+    # RHEL-08-010370
+    - ensure_gpgcheck_globally_activated
+
+    # RHEL-08-010371
+    - ensure_gpgcheck_local_packages
+
+    # RHEL-08-010372
+    - sysctl_kernel_kexec_load_disabled
+
+    # RHEL-08-010373
+    - sysctl_fs_protected_symlinks
+
+    # RHEL-08-010374
+    - sysctl_fs_protected_hardlinks
+
+    # RHEL-08-010375
+    - sysctl_kernel_dmesg_restrict
+
+    # RHEL-08-010376
+    - sysctl_kernel_perf_event_paranoid
+
+    # RHEL-08-010379
+    - sudoers_default_includedir
+
+    # RHEL-08-010380
+    - sudo_remove_nopasswd
+
+    # RHEL-08-010381
+    - sudo_remove_no_authenticate
+
+    # RHEL-08-010382
+    - sudo_restrict_privilege_elevation_to_authorized
+
+    # RHEL-08-010383
+    - sudoers_validate_passwd
+
+    # RHEL-08-010384
+    - sudo_require_reauthentication
+    - var_sudo_timestamp_timeout=always_prompt
+
+    # RHEL-08-010390
+    - install_smartcard_packages
+
+    # RHEL-08-010400
+    - sssd_certificate_verification
+
+    # RHEL-08-010410
+    - package_opensc_installed
+
+    # RHEL-08-010420
+    - bios_enable_execution_restrictions
+
+    # RHEL-08-010421
+    - grub2_page_poison_argument
+
+    # RHEL-08-010422
+    - grub2_vsyscall_argument
+
+    # RHEL-08-010423
+    - grub2_slub_debug_argument
+
+    # RHEL-08-010430
+    - sysctl_kernel_randomize_va_space
+
+    # RHEL-08-010440
+    - clean_components_post_updating
+
+    # RHEL-08-010450
+    - selinux_policytype
+
+    # RHEL-08-010460
+    - no_host_based_files
+
+    # RHEL-08-010470
+    - no_user_host_based_files
+
+    # RHEL-08-010471
+    - service_rngd_enabled
+
+    # RHEL-08-010472
+    - package_rng-tools_installed
+
+    # RHEL-08-010480
+    - file_permissions_sshd_pub_key
+
+    # RHEL-08-010490
+    - file_permissions_sshd_private_key
+
+    # RHEL-08-010500
+    - sshd_enable_strictmodes
+
+    # RHEL-08-010510
+    - sshd_disable_compression
+
+    # RHEL-08-010520
+    - sshd_disable_user_known_hosts
+
+    # RHEL-08-010521
+    - sshd_disable_kerb_auth
+
+    # RHEL-08-010522
+    - sshd_disable_gssapi_auth
+
+    # RHEL-08-010540
+    - partition_for_var
+
+    # RHEL-08-010541
+    - partition_for_var_log
+
+    # RHEL-08-010542
+    - partition_for_var_log_audit
+
+    # RHEL-08-010543
+    - partition_for_tmp
+
+    # RHEL-08-010544
+    - partition_for_var_tmp
+
+    # RHEL-08-010550
+    - sshd_disable_root_login
+
+    # RHEL-08-010561
+    - service_rsyslog_enabled
+
+    # RHEL-08-010570
+    - mount_option_home_nosuid
+
+    # RHEL-08-010571
+    - mount_option_boot_nosuid
+
+    # RHEL-08-010580
+    - mount_option_nodev_nonroot_local_partitions
+
+    # RHEL-08-010590
+    - mount_option_home_noexec
+
+    # RHEL-08-010600
+    - mount_option_nodev_removable_partitions
+
+    # RHEL-08-010610
+    - mount_option_noexec_removable_partitions
+
+    # RHEL-08-010620
+    - mount_option_nosuid_removable_partitions
+
+    # RHEL-08-010630
+    - mount_option_noexec_remote_filesystems
+
+    # RHEL-08-010640
+    - mount_option_nodev_remote_filesystems
+
+    # RHEL-08-010650
+    - mount_option_nosuid_remote_filesystems
+
+    # RHEL-08-010660
+    - accounts_user_dot_no_world_writable_programs
+
+    # RHEL-08-010670
+    - service_kdump_disabled
+
+    # RHEL-08-010671
+    - sysctl_kernel_core_pattern
+
+    # RHEL-08-010672
+    - service_systemd-coredump_disabled
+
+    # RHEL-08-010673
+    - disable_users_coredumps
+
+    # RHEL-08-010674
+    - coredump_disable_storage
+
+    # RHEL-08-010675
+    - coredump_disable_backtraces
+
+    # RHEL-08-010680
+    - network_configure_name_resolution
+
+    # RHEL-08-010690
+    - accounts_user_home_paths_only
+
+    # RHEL-08-010700
+    - dir_perms_world_writable_root_owned
+
+    # RHEL-08-010710
+
+    # RHEL-08-010720
+    - accounts_user_interactive_home_directory_defined
+
+    # RHEL-08-010730
+    - file_permissions_home_directories
+
+    # RHEL-08-010740
+    - file_groupownership_home_directories
+
+    # RHEL-08-010750
+    - accounts_user_interactive_home_directory_exists
+
+    # RHEL-08-010760
+    - accounts_have_homedir_login_defs
+
+    # RHEL-08-010770
+    - file_permission_user_init_files
+
+    # RHEL-08-010780
+    - no_files_unowned_by_user
+
+    # RHEL-08-010790
+    - file_permissions_ungroupowned
+
+    # RHEL-08-010800
+    - partition_for_home
+
+    # RHEL-08-010820
+    - gnome_gdm_disable_automatic_login
+
+    # RHEL-08-010830
+    - sshd_do_not_permit_user_env
+
+    # RHEL-08-020000
+    - account_temp_expire_date
+
+    # RHEL-08-020010, RHEL-08-020011, RHEL-08-020025, RHEL-08-020026
+    - accounts_passwords_pam_faillock_deny
+
+    # RHEL-08-020012, RHEL-08-020013
+    - accounts_passwords_pam_faillock_interval
+
+    # RHEL-08-020014, RHEL-08-020016, RHEL-08-020017
+    - accounts_passwords_pam_faillock_unlock_time
+
+    # RHEL-08-020015
+
+    # RHEL-08-020018, RHEL-08-020019
+    - accounts_passwords_pam_faillock_deny
+
+    # RHEL-08-020020
+
+    # RHEL-08-020021
+
+    # RHEL-08-020022, RHEL-08-020023
+    - accounts_passwords_pam_faillock_deny_root
+
+    # RHEL-08-020024
+    - accounts_max_concurrent_login_sessions
+
+    # RHEL-08-020030
+    - dconf_gnome_screensaver_lock_enabled
+
+    # RHEL-08-020039
+    - package_tmux_installed
+
+    # RHEL-08-020040
+    - configure_tmux_lock_command
+
+    # RHEL-08-020041
+    - configure_bashrc_exec_tmux
+
+    # RHEL-08-020042
+    - no_tmux_in_shells
+
+    # RHEL-08-020050
+    - dconf_gnome_lock_screen_on_smartcard_removal
+
+    # RHEL-08-020060
+    - dconf_gnome_screensaver_idle_delay
+
+    # RHEL-08-020070
+    - configure_tmux_lock_after_time
+
+    # RHEL-08-020080
+
+    # RHEL-08-020090
+    - sssd_enable_certmap
+
+    # RHEL-08-020100
+    - accounts_password_pam_pwquality_password_auth
+
+    # RHEL-08-020101
+    - accounts_password_pam_pwquality_system_auth
+
+    # RHEL-08-020102
+    # This is only required for RHEL8 systems below version 8.4 where the
+    # retry parameter was not yet available on /etc/security/pwquality.conf.
+
+    # RHEL-08-020103
+    # This is only required for RHEL8 systems below version 8.4 where the
+    # retry parameter was not yet available on /etc/security/pwquality.conf.
+
+    # RHEL-08-020104
+    - accounts_password_pam_retry
+
+    # RHEL-08-020110
+    - accounts_password_pam_ucredit
+
+    # RHEL-08-020120
+    - accounts_password_pam_lcredit
+
+    # RHEL-08-020130
+    - accounts_password_pam_dcredit
+
+    # RHEL-08-020140
+    - accounts_password_pam_maxclassrepeat
+
+    # RHEL-08-020150
+    - accounts_password_pam_maxrepeat
+
+    # RHEL-08-020160
+    - accounts_password_pam_minclass
+
+    # RHEL-08-020170
+    - accounts_password_pam_difok
+
+    # RHEL-08-020180
+    - accounts_password_set_min_life_existing
+
+    # RHEL-08-020190
+    - accounts_minimum_age_login_defs
+
+    # RHEL-08-020200
+    - accounts_maximum_age_login_defs
+
+    # RHEL-08-020210
+    - accounts_password_set_max_life_existing
+
+    # RHEL-08-020220
+    - accounts_password_pam_pwhistory_remember_system_auth
+
+    # RHEL-08-020221
+    - accounts_password_pam_pwhistory_remember_password_auth
+
+    # RHEL-08-020230
+    - accounts_password_pam_minlen
+
+    # RHEL-08-020231
+    - accounts_password_minlen_login_defs
+
+    # RHEL-08-020240
+    - account_unique_id
+
+    # RHEL-08-020250
+    - sssd_enable_smartcards
+
+    # RHEL-08-020260
+    - account_disable_post_pw_expiration
+
+    # RHEL-08-020270
+    - account_emergency_expire_date
+
+    # RHEL-08-020280
+    - accounts_password_pam_ocredit
+
+    # RHEL-08-020290
+    - sssd_offline_cred_expiration
+
+    # RHEL-08-020300
+    - accounts_password_pam_dictcheck
+
+    # RHEL-08-020310
+    - accounts_logon_fail_delay
+
+    # RHEL-08-020320
+    - accounts_authorized_local_users
+
+    # RHEL-08-020330
+    - sshd_disable_empty_passwords
+
+    # RHEL-08-020331
+    - no_empty_passwords
+
+    # RHEL-08-020332
+
+    # RHEL-08-020340
+    - display_login_attempts
+
+    # RHEL-08-020350
+    - sshd_print_last_log
+
+    # RHEL-08-020351
+    - accounts_umask_etc_login_defs
+
+    # RHEL-08-020352
+    - accounts_umask_interactive_users
+
+    # RHEL-08-020353
+    - accounts_umask_etc_bashrc
+    - accounts_umask_etc_csh_cshrc
+    - accounts_umask_etc_profile
+
+    # RHEL-08-030000
+    - audit_rules_suid_privilege_function
+
+    # RHEL-08-030010
+    - rsyslog_cron_logging
+
+    # RHEL-08-030020
+    - auditd_data_retention_action_mail_acct
+
+    # RHEL-08-030030
+    - postfix_client_configure_mail_alias
+
+    # RHEL-08-030040
+    - auditd_data_disk_error_action
+
+    # RHEL-08-030050
+    - auditd_data_retention_max_log_file_action
+
+    # RHEL-08-030060
+    - auditd_data_disk_full_action
+
+    # RHEL-08-030061
+    - auditd_local_events
+
+    # RHEL-08-030062
+    - auditd_name_format
+
+    # RHEL-08-030063
+    - auditd_log_format
+
+    # RHEL-08-030070
+    - file_permissions_var_log_audit
+
+    # RHEL-08-030080
+    - file_ownership_var_log_audit_stig
+
+    # RHEL-08-030090
+    - file_group_ownership_var_log_audit
+
+    # RHEL-08-030100
+    - directory_ownership_var_log_audit
+
+    # RHEL-08-030110
+    - directory_group_ownership_var_log_audit
+
+    # RHEL-08-030120
+    - directory_permissions_var_log_audit
+
+    # *** NOTE *** #
+    # Audit rules are currently under review as to how best to approach
+    # them. We are working with DISA and our internal audit experts to
+    # provide a final solution soon.
+    # ************ #
+
+    # RHEL-08-030121
+    - audit_rules_immutable
+
+    # RHEL-08-030122
+    - audit_immutable_login_uids
+
+    # RHEL-08-030130
+    - audit_rules_usergroup_modification_shadow
+
+    # RHEL-08-030140
+    - audit_rules_usergroup_modification_opasswd
+
+    # RHEL-08-030150
+    - audit_rules_usergroup_modification_passwd
+
+    # RHEL-08-030160
+    - audit_rules_usergroup_modification_gshadow
+
+    # RHEL-08-030170
+    - audit_rules_usergroup_modification_group
+
+    # RHEL-08-030171
+    - audit_rules_sudoers
+
+    # RHEL-08-030172
+    - audit_rules_sudoers_d
+
+    # RHEL-08-030180
+    - package_audit_installed
+
+    # RHEL-08-030181
+    - service_auditd_enabled
+
+    # RHEL-08-030190
+    - audit_rules_privileged_commands_su
+
+    # RHEL-08-030200
+    - audit_rules_dac_modification_lremovexattr
+    - audit_rules_dac_modification_removexattr
+    - audit_rules_dac_modification_lsetxattr
+    - audit_rules_dac_modification_fsetxattr
+    - audit_rules_dac_modification_fremovexattr
+    - audit_rules_dac_modification_setxattr
+
+    # RHEL-08-030250
+    - audit_rules_privileged_commands_chage
+
+    # RHEL-08-030260
+    - audit_rules_execution_chcon
+
+
+    # RHEL-08-030280
+    - audit_rules_privileged_commands_ssh_agent
+
+    # RHEL-08-030290
+    - audit_rules_privileged_commands_passwd
+
+    # RHEL-08-030300
+    - audit_rules_privileged_commands_mount
+
+    # RHEL-08-030301
+    - audit_rules_privileged_commands_umount
+
+    # RHEL-08-030302
+    - audit_rules_media_export
+
+    # RHEL-08-030310
+    - audit_rules_privileged_commands_unix_update
+
+    # RHEL-08-030311
+    - audit_rules_privileged_commands_postdrop
+
+    # RHEL-08-030312
+    - audit_rules_privileged_commands_postqueue
+
+    # RHEL-08-030313
+    - audit_rules_execution_semanage
+
+    # RHEL-08-030314
+    - audit_rules_execution_setfiles
+
+    # RHEL-08-030315
+    - audit_rules_privileged_commands_userhelper
+
+    # RHEL-08-030316
+    - audit_rules_execution_setsebool
+
+    # RHEL-08-030317
+    - audit_rules_privileged_commands_unix_chkpwd
+
+    # RHEL-08-030320
+    - audit_rules_privileged_commands_ssh_keysign
+
+    # RHEL-08-030330
+    - audit_rules_execution_setfacl
+
+    # RHEL-08-030340
+    - audit_rules_privileged_commands_pam_timestamp_check
+
+    # RHEL-08-030350
+    - audit_rules_privileged_commands_newgrp
+
+    # RHEL-08-030360
+    - audit_rules_kernel_module_loading_init
+    - audit_rules_kernel_module_loading_finit
+
+    # RHEL-08-030361
+    - audit_rules_file_deletion_events_rename
+    - audit_rules_file_deletion_events_renameat
+    - audit_rules_file_deletion_events_rmdir
+    - audit_rules_file_deletion_events_unlink
+    - audit_rules_file_deletion_events_unlinkat
+
+    # RHEL-08-030370
+    - audit_rules_privileged_commands_gpasswd
+
+    # RHEL-08-030390
+    - audit_rules_kernel_module_loading_delete
+
+    # RHEL-08-030400
+    - audit_rules_privileged_commands_crontab
+
+    # RHEL-08-030410
+    - audit_rules_privileged_commands_chsh
+
+    # RHEL-08-030420
+    - audit_rules_unsuccessful_file_modification_truncate
+    - audit_rules_unsuccessful_file_modification_openat
+    - audit_rules_unsuccessful_file_modification_open
+    - audit_rules_unsuccessful_file_modification_open_by_handle_at
+    - audit_rules_unsuccessful_file_modification_ftruncate
+    - audit_rules_unsuccessful_file_modification_creat
+
+    # RHEL-08-030480
+    - audit_rules_dac_modification_chown
+    - audit_rules_dac_modification_lchown
+    - audit_rules_dac_modification_fchownat
+    - audit_rules_dac_modification_fchown
+
+    # RHEL-08-030490
+    - audit_rules_dac_modification_chmod
+    - audit_rules_dac_modification_fchmodat
+    - audit_rules_dac_modification_fchmod
+
+    # RHEL-08-030550
+    - audit_rules_privileged_commands_sudo
+
+    # RHEL-08-030560
+    - audit_rules_privileged_commands_usermod
+
+    # RHEL-08-030570
+    - audit_rules_execution_chacl
+
+    # RHEL-08-030580
+    - audit_rules_privileged_commands_kmod
+
+    # RHEL-08-030590
+    # This one needs to be updated to use /var/log/faillock, but first RHEL-08-020017 should be
+    # implemented as it is the one that configures a different path for the events of failing locks
+    # - audit_rules_login_events_faillock
+
+    # RHEL-08-030600
+    - audit_rules_login_events_lastlog
+
+    # RHEL-08-030601
+    - grub2_audit_argument
+
+    # RHEL-08-030602
+    - grub2_audit_backlog_limit_argument
+
+    # RHEL-08-030603
+    - configure_usbguard_auditbackend
+
+    # RHEL-08-030610
+    - file_permissions_etc_audit_auditd
+    - file_permissions_etc_audit_rulesd
+
+    # RHEL-08-030620
+
+    # RHEL-08-030630
+
+    # RHEL-08-030640
+
+    # RHEL-08-030650
+    - aide_check_audit_tools
+
+    # RHEL-08-030660
+    - auditd_audispd_configure_sufficiently_large_partition
+
+    # RHEL-08-030670
+    - package_rsyslog_installed
+
+    # RHEL-08-030680
+    - package_rsyslog-gnutls_installed
+
+    # RHEL-08-030690
+    - rsyslog_remote_loghost
+
+    # RHEL-08-030700
+    - auditd_overflow_action
+
+    # RHEL-08-030710
+    - rsyslog_encrypt_offload_defaultnetstreamdriver
+    - rsyslog_encrypt_offload_actionsendstreamdrivermode
+
+    # RHEL-08-030720
+    - rsyslog_encrypt_offload_actionsendstreamdriverauthmode
+
+    # RHEL-08-030730
+    - auditd_data_retention_space_left_percentage
+
+    # RHEL-08-030731
+    - auditd_data_retention_space_left_action
+
+    # RHEL-08-030740
+    # remediation fails because default configuration file contains pool instead of server keyword
+    - chronyd_or_ntpd_set_maxpoll
+    - chronyd_server_directive
+
+    # RHEL-08-030741
+    - chronyd_client_only
+
+    # RHEL-08-030742
+    - chronyd_no_chronyc_network
+
+    # RHEL-08-040000
+    - package_telnet-server_removed
+
+    # RHEL-08-040001
+    - package_abrt_removed
+    - package_abrt-addon-ccpp_removed
+    - package_abrt-addon-kerneloops_removed
+    - package_python3-abrt-addon_removed
+    - package_abrt-cli_removed
+    - package_abrt-plugin-logger_removed
+    - package_abrt-plugin-rhtsupport_removed
+    - package_abrt-plugin-sosreport_removed
+
+    # RHEL-08-040002
+    - package_sendmail_removed
+
+    # RHEL-08-040003
+    ### NOTE: Will be removed in V1R2, merged into RHEL-08-040370
+
+    # RHEL-08-040004
+    - grub2_pti_argument
+
+    # RHEL-08-040010
+    - package_rsh-server_removed
+
+    # RHEL-08-040020
+
+    # RHEL-08-040021
+    - kernel_module_atm_disabled
+
+    # RHEL-08-040022
+    - kernel_module_can_disabled
+
+    # RHEL-08-040023
+    - kernel_module_sctp_disabled
+
+    # RHEL-08-040024
+    - kernel_module_tipc_disabled
+
+    # RHEL-08-040025
+    - kernel_module_cramfs_disabled
+
+    # RHEL-08-040026
+    - kernel_module_firewire-core_disabled
+
+    # RHEL-08-040030
+    - configure_firewalld_ports
+
+    # RHEL-08-040060
+    ### NOTE: Will be removed in V1R2
+
+    # RHEL-08-040070
+    - service_autofs_disabled
+
+    # RHEL-08-040080
+    - kernel_module_usb-storage_disabled
+
+    # RHEL-08-040090
+
+    # RHEL-08-040100
+    - package_firewalld_installed
+
+    # RHEL-08-040101
+    - service_firewalld_enabled
+
+    # RHEL-08-040110
+    - wireless_disable_interfaces
+
+    # RHEL-08-040111
+    - kernel_module_bluetooth_disabled
+
+    # RHEL-08-040120
+    - mount_option_dev_shm_nodev
+
+    # RHEL-08-040121
+    - mount_option_dev_shm_nosuid
+
+    # RHEL-08-040122
+    - mount_option_dev_shm_noexec
+
+    # RHEL-08-040123
+    - mount_option_tmp_nodev
+
+    # RHEL-08-040124
+    - mount_option_tmp_nosuid
+
+    # RHEL-08-040125
+    - mount_option_tmp_noexec
+
+    # RHEL-08-040126
+    - mount_option_var_log_nodev
+
+    # RHEL-08-040127
+    - mount_option_var_log_nosuid
+
+    # RHEL-08-040128
+    - mount_option_var_log_noexec
+
+    # RHEL-08-040129
+    - mount_option_var_log_audit_nodev
+
+    # RHEL-08-040130
+    - mount_option_var_log_audit_nosuid
+
+    # RHEL-08-040131
+    - mount_option_var_log_audit_noexec
+
+    # RHEL-08-040132
+    - mount_option_var_tmp_nodev
+
+    # RHEL-08-040133
+    - mount_option_var_tmp_nosuid
+
+    # RHEL-08-040134
+    - mount_option_var_tmp_noexec
+
+    # RHEL-08-040135
+    - package_fapolicyd_installed
+
+    # RHEL-08-040136
+    - service_fapolicyd_enabled
+
+    # RHEL-08-040139
+    - package_usbguard_installed
+
+    # RHEL-08-040140
+    - usbguard_generate_policy
+
+    # RHEL-08-040141
+    - service_usbguard_enabled
+
+    # RHEL-08-040150
+
+    # RHEL-08-040159
+    - package_openssh-server_installed
+
+    # RHEL-08-040160
+    - service_sshd_enabled
+
+    # RHEL-08-040161
+    - sshd_rekey_limit
+
+    # RHEL-08-040170
+    - disable_ctrlaltdel_reboot
+
+    # RHEL-08-040171
+    - dconf_gnome_disable_ctrlaltdel_reboot
+
+    # RHEL-08-040172
+    - disable_ctrlaltdel_burstaction
+
+    # RHEL-08-040180
+    - service_debug-shell_disabled
+
+    # RHEL-08-040190
+    - package_tftp-server_removed
+
+    # RHEL-08-040200
+    - accounts_no_uid_except_zero
+
+    # RHEL-08-040209
+    - sysctl_net_ipv4_conf_default_accept_redirects
+
+    # RHEL-08-040210
+    - sysctl_net_ipv6_conf_default_accept_redirects
+
+    # RHEL-08-040220
+    - sysctl_net_ipv4_conf_all_send_redirects
+
+    # RHEL-08-040230
+    - sysctl_net_ipv4_icmp_echo_ignore_broadcasts
+
+    # RHEL-08-040239
+    - sysctl_net_ipv4_conf_all_accept_source_route
+
+    # RHEL-08-040240
+    - sysctl_net_ipv6_conf_all_accept_source_route
+
+    # RHEL-08-040249
+    - sysctl_net_ipv4_conf_default_accept_source_route
+
+    # RHEL-08-040250
+    - sysctl_net_ipv6_conf_default_accept_source_route
+
+    # RHEL-08-040260
+    - sysctl_net_ipv4_ip_forward
+
+    # RHEL-08-040261
+    - sysctl_net_ipv6_conf_all_accept_ra
+
+    # RHEL-08-040262
+    - sysctl_net_ipv6_conf_default_accept_ra
+
+    # RHEL-08-040270
+    - sysctl_net_ipv4_conf_default_send_redirects
+
+    # RHEL-08-040279
+    - sysctl_net_ipv4_conf_all_accept_redirects
+
+    # RHEL-08-040280
+    - sysctl_net_ipv6_conf_all_accept_redirects
+
+    # RHEL-08-040281
+    - sysctl_kernel_unprivileged_bpf_disabled
+
+    # RHEL-08-040282
+    - sysctl_kernel_yama_ptrace_scope
+
+    # RHEL-08-040283
+    - sysctl_kernel_kptr_restrict
+
+    # RHEL-08-040284
+    - sysctl_user_max_user_namespaces
+
+    # RHEL-08-040285
+    - sysctl_net_ipv4_conf_all_rp_filter
+
+    # RHEL-08-040286
+    - sysctl_net_core_bpf_jit_harden
+
+    # RHEL-08-040290
+    - postfix_prevent_unrestricted_relay
+
+    # RHEL-08-040300
+    - aide_verify_ext_attributes
+
+    # RHEL-08-040310
+    - aide_verify_acls
+
+    # RHEL-08-040320
+    - xwindows_remove_packages
+
+    # RHEL-08-040321
+    - xwindows_runlevel_target
+
+    # RHEL-08-040330
+    - network_sniffer_disabled
+
+    # RHEL-08-040340
+    - sshd_disable_x11_forwarding
+
+    # RHEL-08-040341
+    - sshd_x11_use_localhost
+
+    # RHEL-08-040350
+    - tftpd_uses_secure_mode
+
+    # RHEL-08-040360
+    - package_vsftpd_removed
+
+    # RHEL-08-040370
+    - package_gssproxy_removed
+
+    # RHEL-08-040380
+    - package_iprutils_removed
+
+    # RHEL-08-040390
+    - package_tuned_removed
diff --git a/products/almalinux8/profiles/stig_gui.profile b/products/almalinux8/profiles/stig_gui.profile
new file mode 100644
index 00000000..d29ceb9c
--- /dev/null
+++ b/products/almalinux8/profiles/stig_gui.profile
@@ -0,0 +1,40 @@
+documentation_complete: true
+
+metadata:
+    version: V1R5
+    SMEs:
+        - mab879
+        - ggbecker
+
+reference: https://public.cyber.mil/stigs/downloads/?_dl_facet_stigs=operating-systems%2Cunix-linux
+
+title: 'DISA STIG with GUI for Red Hat Enterprise Linux 8'
+
+description: |-
+    This profile contains configuration checks that align to the
+    DISA STIG with GUI for Red Hat Enterprise Linux 8 V1R5.
+
+    In addition to being applicable to Red Hat Enterprise Linux 8, DISA recognizes this
+    configuration baseline as applicable to the operating system tier of
+    Red Hat technologies that are based on Red Hat Enterprise Linux 8, such as:
+
+    - Red Hat Enterprise Linux Server
+    - Red Hat Enterprise Linux Workstation and Desktop
+    - Red Hat Enterprise Linux for HPC
+    - Red Hat Storage
+    - Red Hat Containers with a Red Hat Enterprise Linux 8 image
+
+    Warning: The installation and use of a Graphical User Interface (GUI)
+    increases your attack vector and decreases your overall security posture. If
+    your Information Systems Security Officer (ISSO) lacks a documented operational
+    requirement for a graphical user interface, please consider using the
+    standard DISA STIG for Red Hat Enterprise Linux 8 profile.
+
+extends: stig
+
+selections:
+    # RHEL-08-040320
+    - '!xwindows_remove_packages'
+
+    # RHEL-08-040321
+    - '!xwindows_runlevel_target'
diff --git a/products/almalinux8/transforms/cci2html.xsl b/products/almalinux8/transforms/cci2html.xsl
new file mode 100644
index 00000000..f5e327b3
--- /dev/null
+++ b/products/almalinux8/transforms/cci2html.xsl
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/constants.xslt b/products/almalinux8/transforms/constants.xslt
new file mode 100644
index 00000000..92f8f9c4
--- /dev/null
+++ b/products/almalinux8/transforms/constants.xslt
@@ -0,0 +1,13 @@
+
+
+
+
+AlmaLinux 8
+AL8
+AL_8_STIG
+almalinux8
+
+https://www.cisecurity.org/benchmark/almalinuxos_linux/
+
+
+
diff --git a/products/almalinux8/transforms/table-add-srgitems.xslt b/products/almalinux8/transforms/table-add-srgitems.xslt
new file mode 100644
index 00000000..2e92d670
--- /dev/null
+++ b/products/almalinux8/transforms/table-add-srgitems.xslt
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/table-sortbyref.xslt b/products/almalinux8/transforms/table-sortbyref.xslt
new file mode 100644
index 00000000..bb57e7f5
--- /dev/null
+++ b/products/almalinux8/transforms/table-sortbyref.xslt
@@ -0,0 +1,6 @@
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/table-srgmap.xslt b/products/almalinux8/transforms/table-srgmap.xslt
new file mode 100644
index 00000000..5798a489
--- /dev/null
+++ b/products/almalinux8/transforms/table-srgmap.xslt
@@ -0,0 +1,11 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/table-style.xslt b/products/almalinux8/transforms/table-style.xslt
new file mode 100644
index 00000000..8b6caeab
--- /dev/null
+++ b/products/almalinux8/transforms/table-style.xslt
@@ -0,0 +1,5 @@
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
new file mode 100644
index 00000000..4789419b
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf-apply-overlay-stig.xslt
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf2stigformat.xslt b/products/almalinux8/transforms/xccdf2stigformat.xslt
new file mode 100644
index 00000000..a4e7d736
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2stigformat.xslt
@@ -0,0 +1,7 @@
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf2table-cce.xslt b/products/almalinux8/transforms/xccdf2table-cce.xslt
new file mode 100644
index 00000000..f156a669
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-cce.xslt
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
new file mode 100644
index 00000000..30419e92
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-profileccirefs.xslt
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf2table-profilecisrefs.xslt b/products/almalinux8/transforms/xccdf2table-profilecisrefs.xslt
new file mode 100644
index 00000000..07d32124
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-profilecisrefs.xslt
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt b/products/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt
new file mode 100644
index 00000000..15efdd5f
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-profilenistrefs-cui.xslt
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf2table-profilenistrefs.xslt b/products/almalinux8/transforms/xccdf2table-profilenistrefs.xslt
new file mode 100644
index 00000000..ea9f8b0d
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-profilenistrefs.xslt
@@ -0,0 +1,8 @@
+
+
+
+
+
+
+
+
diff --git a/products/almalinux8/transforms/xccdf2table-stig.xslt b/products/almalinux8/transforms/xccdf2table-stig.xslt
new file mode 100644
index 00000000..a71d8364
--- /dev/null
+++ b/products/almalinux8/transforms/xccdf2table-stig.xslt
@@ -0,0 +1,9 @@
+
+
+
+
+
+
+
+
+
diff --git a/shared/checks/oval/install_mcafee_hbss.xml b/shared/checks/oval/install_mcafee_hbss.xml
index 7e2f41cd..d20940a8 100644
--- a/shared/checks/oval/install_mcafee_hbss.xml
+++ b/shared/checks/oval/install_mcafee_hbss.xml
@@ -10,6 +10,7 @@
 	multi_platform_ol
 	multi_platform_rhcos
 	multi_platform_rhel
+multi_platform_almalinux
 	multi_platform_rhv
 	multi_platform_sle
 	multi_platform_ubuntu
diff --git a/shared/checks/oval/installed_OS_is_almalinux8.xml b/shared/checks/oval/installed_OS_is_almalinux8.xml
new file mode 100644
index 00000000..91af880d
--- /dev/null
+++ b/shared/checks/oval/installed_OS_is_almalinux8.xml
@@ -0,0 +1,36 @@
+
+  
+    
+      AlmaLinux 8
+      
+        multi_platform_all
+      
+      
+
+      The operating system installed on the system is
+      AlmaLinux 8
+    
+    
+      
+      
+          
+      
+    
+  
+
+  
+    
+    
+  
+  
+    ^8.*$
+  
+  
+    almalinux-release
+  
+
+
diff --git a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
index 41847663..be250510 100644
--- a/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
+++ b/shared/checks/oval/sysctl_kernel_ipv6_disable.xml
@@ -10,6 +10,7 @@
 	multi_platform_ol
 	multi_platform_rhcos
 	multi_platform_rhel
+multi_platform_almalinux
 	multi_platform_rhv
 	multi_platform_sle
 	multi_platform_ubuntu
diff --git a/shared/references/disa-stig-almalinux8-v1r4-xccdf-scap.xml b/shared/references/disa-stig-almalinux8-v1r4-xccdf-scap.xml
new file mode 120000
index 00000000..37c20342
--- /dev/null
+++ b/shared/references/disa-stig-almalinux8-v1r4-xccdf-scap.xml
@@ -0,0 +1 @@
+disa-stig-rhel8-v1r4-xccdf-scap.xml
\ No newline at end of file
diff --git a/shared/references/disa-stig-almalinux8-v1r5-xccdf-manual.xml b/shared/references/disa-stig-almalinux8-v1r5-xccdf-manual.xml
new file mode 120000
index 00000000..df167cfd
--- /dev/null
+++ b/shared/references/disa-stig-almalinux8-v1r5-xccdf-manual.xml
@@ -0,0 +1 @@
+disa-stig-rhel8-v1r5-xccdf-manual.xml
\ No newline at end of file
diff --git a/shared/references/disa-stig-ol7-v2r4-xccdf-manual.xml b/shared/references/disa-stig-ol7-v2r4-xccdf-manual.xml
index 3c8a6475..457f2c2a 100644
--- a/shared/references/disa-stig-ol7-v2r4-xccdf-manual.xml
+++ b/shared/references/disa-stig-ol7-v2r4-xccdf-manual.xml
@@ -986,18 +986,18 @@ password_pbkdf2 root {hash from grub2-mkpasswd-pbkdf2 command}
 Generate a new "grub.conf" file with the new password with the following commands:
 
 # grub2-mkconfig --output=/tmp/grub2.cfg
-# mv /tmp/grub2.cfg /boot/efi/EFI/redhat/grub.cfgFor systems that use BIOS, this is Not Applicable.
+# mv /tmp/grub2.cfg /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
 For systems that are running Oracle Linux 7.2 or newer, this is Not Applicable.
 
 Check to see if an encrypted root password is set. On systems that use UEFI, use the following command:
 
-# grep -i password /boot/efi/EFI/redhat/grub.cfg
+# grep -i password /boot/efi/EFI/almalinux/grub.cfg
 
 password_pbkdf2 [superusers-account] [password-hash]
 
 If the root password entry does not begin with "password_pbkdf2", this is a finding.
 
-If the "superusers-account" is not set to "root", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+If the "superusers-account" is not set to "root", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010491Oracle Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089V-99143SV-108247CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
 
 Generate an encrypted grub2 password for the grub superusers account with the following command:
 
@@ -1009,7 +1009,7 @@ For systems that are running a version of Oracle Linux prior to 7.2, this is Not
 
 Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
 
-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
 GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
 
 If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>OL07-00-010500The Oracle Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To ensure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
@@ -1919,7 +1919,7 @@ On BIOS-based machines, use the following command:
 
 On UEFI-based machines, use the following command:
 
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
 
 If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
 
@@ -1950,7 +1950,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
 
 If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
 
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
 
 # grep fips /boot/grub2/grub.cfg
 /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
@@ -2047,14 +2047,14 @@ All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
 
 If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2 approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>OL07-00-021700The Oracle Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089SV-108367V-99263CCI-001813Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media.
 
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
 
 Check for the existence of alternate boot loader configuration files with the following command:
 
 # find / -name grub.cfg
 /boot/grub2/grub.cfg
 
-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/redhat", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. 
+If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/almalinux", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. 
 
 Check that the grub configuration file has the set root command in each menu entry with the following commands:
 
@@ -5058,7 +5058,7 @@ export superusers
 
 If "superusers" is not set to a unique name or is missing a name, this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL07-00-010492Oracle Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for Oracle Linux 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 7DISADPMS TargetOracle Linux 74089CCI-000213Configure the system to require a grub bootloader password for the grub superusers account.
 
-Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section:
+Edit the /boot/efi/EFI/almalinux/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section:
 
 set superusers="[someuniquestringhere]"
 export superusers
@@ -5067,7 +5067,7 @@ password_pbkdf2 [someuniquestringhere] ${GRUB2_PASSWORD}SRG-OS-000033-GPOS-00014<GroupDescription></GroupDescription>OL08-00-010020OL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.<VulnDiscussion>Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the federal government since this provides assurance they have been tested and validated. 
  
-OL 8 uses GRUB 2 as the default bootloader. Note that GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines. 
+OL 8 uses GRUB 2 as the default bootloader. Note that GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines. 
  
 The fips=1 kernel option needs to be added to the kernel command line during system installation so that key generation is done with FIPS-approved algorithms and continuous monitoring tests in place. Users should also ensure the system has plenty of entropy during the installation process by moving the mouse around, or if no mouse is available, ensuring that many keystrokes are typed. The recommended number of keystrokes is 256 and more. Fewer than 256 keystrokes may generate a non-unique key.
 
@@ -450,7 +450,7 @@ $ sudo grep rounds /etc/pam.d/system-auth
  
 password sufficient pam_unix.so sha512 rounds=5000 
  
-If "rounds" has a value below "5000" or is commented out, this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/redhat/user.cfg" file. 
+If "rounds" has a value below "5000" or is commented out, this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>OL08-00-010140OL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for OL 8 and is designed to require a password to boot into single-user mode or modify the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Oracle Linux 8DISADPMS TargetOracle Linux 85416CCI-000213Configure the system to require an encrypted grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the "/boot/efi/EFI/almalinux/user.cfg" file. 
  
 Generate an encrypted grub2 password for the grub superusers account with the following command: 
  
@@ -460,7 +460,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
 
 Verify that a unique name is set as the "superusers" account:
 
-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
 set superusers="[someuniqueUserNamehere]"
 export superusers
 
diff --git a/shared/references/disa-stig-rhel7-v3r5-xccdf-manual.xml b/shared/references/disa-stig-rhel7-v3r5-xccdf-manual.xml
index a674d506..e8361c77 100644
--- a/shared/references/disa-stig-rhel7-v3r5-xccdf-manual.xml
+++ b/shared/references/disa-stig-rhel7-v3r5-xccdf-manual.xml
@@ -905,7 +905,7 @@ Check to see if an encrypted grub superusers password is set. On systems that us
 $ sudo grep -iw grub2_password /boot/grub2/user.cfg
 GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
 
-If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010491Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-95719V-81007CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010491Red Hat Enterprise Linux operating systems version 7.2 or newer using Unified Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user and maintenance modes.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-95719V-81007CCI-000213Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
 
 Generate an encrypted grub2 password for the grub superusers account with the following command:
 
@@ -917,7 +917,7 @@ For systems that are running a version of RHEL prior to 7.2, this is Not Applica
 
 Check to see if an encrypted grub superusers password is set. On systems that use UEFI, use the following command:
 
-$ sudo grep -iw grub2_password /boot/efi/EFI/redhat/user.cfg
+$ sudo grep -iw grub2_password /boot/efi/EFI/almalinux/user.cfg
 GRUB2_PASSWORD=grub.pbkdf2.sha512.[password_hash]
 
 If the grub superusers password does not begin with "grub.pbkdf2.sha512", this is a finding.SRG-OS-000104-GPOS-00051<GroupDescription></GroupDescription>RHEL-07-010500The Red Hat Enterprise Linux operating system must uniquely identify and must authenticate organizational users (or processes acting on behalf of organizational users) using multifactor authentication.<VulnDiscussion>To assure accountability and prevent unauthenticated access, organizational users must be identified and authenticated to prevent potential misuse and compromise of the system.
@@ -1866,7 +1866,7 @@ On BIOS-based machines, use the following command:
 
 On UEFI-based machines, use the following command:
 
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
 
 If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
 
@@ -1897,7 +1897,7 @@ dracut-fips-033-360.el7_2.x86_64.rpm
 
 If a "dracut-fips" package is installed, check to see if the kernel command line is configured to use FIPS mode with the following command:
 
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
 
 # grep fips /boot/grub2/grub.cfg
 /vmlinuz-3.8.0-0.40.el7.x86_64 root=/dev/mapper/rhel-root ro rd.md=0 rd.dm=0 rd.lvm.lv=rhel/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=rhel/root rhgb fips=1 quiet
@@ -1995,14 +1995,14 @@ All=p+i+n+u+g+s+m+S+sha512+acl+xattrs+selinux
 
 If the "sha512" rule is not being used on all uncommented selection lines in the "/etc/aide.conf" file, or another file integrity tool is not using FIPS 140-2-approved cryptographic hashes for validating file contents and directories, this is a finding.SRG-OS-000364-GPOS-00151<GroupDescription></GroupDescription>RHEL-07-021700The Red Hat Enterprise Linux operating system must not allow removable media to be used as the boot loader unless approved.<VulnDiscussion>Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. If removable media is designed to be used as the boot loader, the requirement must be documented with the Information System Security Officer (ISSO).</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899SV-86699V-72075CCI-000318CCI-000368CCI-001812CCI-001813CCI-001814Remove alternate methods of booting the system from removable media or document the configuration to boot from removable media with the ISSO.Verify the system is not configured to use a boot loader on removable media.
 
-Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/redhat/grub.cfg" file on UEFI machines.
+Note: GRUB 2 reads its configuration from the "/boot/grub2/grub.cfg" file on traditional BIOS-based machines and from the "/boot/efi/EFI/almalinux/grub.cfg" file on UEFI machines.
 
 Check for the existence of alternate boot loader configuration files with the following command:
 
 # find / -name grub.cfg
 /boot/grub2/grub.cfg
 
-If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/redhat", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. 
+If a "grub.cfg" is found in any subdirectories other than "/boot/grub2" and "/boot/efi/EFI/almalinux", ask the System Administrator if there is documentation signed by the ISSO to approve the use of removable media as a boot loader. 
 
 Check that the grub configuration file has the set root command in each menu entry with the following commands:
 
@@ -4969,7 +4969,7 @@ Verify that a unique name is set as the "superusers" account:
 If "superusers" is identical to any OS account name or is missing a name, this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-07-010492Red Hat Enterprise Linux operating systems version 7.2 or newer booted with United Extensible Firmware Interface (UEFI) must have a unique name for the grub superusers account when booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 7 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
 The GRUB 2 superuser account is an account of last resort. Establishing a unique username for this account hardens the boot loader against brute force attacks. Due to the nature of the superuser account database being distinct from the OS account database, this allows the use of a username that is not among those within the OS account database. Examples of non-unique superusers names are root, superuser, unlock, etc.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 7DISADPMS TargetRed Hat Enterprise Linux 72899CCI-000213Configure the system to have a unique name for the grub superusers account.
 
-Edit the /boot/efi/EFI/redhat/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section:
+Edit the /boot/efi/EFI/almalinux/grub.cfg file and add or modify the following lines in the "### BEGIN /etc/grub.d/01_users ###" section:
 
 set superusers="[someuniquestringhere]"
 export superusers
@@ -4979,7 +4979,7 @@ For systems that are running a version of RHEL prior to 7.2, this is Not Applica
 
 Verify that a unique name is set as the "superusers" account:
 
-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
     set superusers="[someuniquestringhere]"
     export superusers
 
diff --git a/shared/references/disa-stig-rhel7-v3r5-xccdf-scap.xml b/shared/references/disa-stig-rhel7-v3r5-xccdf-scap.xml
index 9a270474..6750a087 100644
--- a/shared/references/disa-stig-rhel7-v3r5-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel7-v3r5-xccdf-scap.xml
@@ -3449,7 +3449,7 @@ Confirm password:
           SV-95719
           V-81007
           CCI-000213
-          Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+          Configure the system to encrypt the boot password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
 
 Generate an encrypted grub2 password for the grub superusers account with the following command:
 
@@ -4223,7 +4223,7 @@ On BIOS-based machines, use the following command:
 
 On UEFI-based machines, use the following command:
 
-# grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
+# grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfg
 
 If /boot or /boot/efi reside on separate partitions, the kernel parameter boot=<partition of /boot or /boot/efi> must be added to the kernel command line. You can identify a partition by running the df /boot or df /boot/efi command:
 
@@ -8494,7 +8494,8 @@ Note: The "[value]" must be a number that is greater than or equal to "0".Disable Prelinking
             
               multi_platform_fedora
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
               multi_platform_rhel-osp
             
             The prelinking feature can interfere with the operation of
@@ -8525,7 +8526,8 @@ Note: The "[value]" must be a number that is greater than or equal to "0".
             Package openssh-server Removed
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
               multi_platform_fedora
               multi_platform_sle
             
@@ -9442,7 +9444,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
           
             Limit Password Reuse
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
               multi_platform_fedora
             
             The passwords to remember should be set correctly.
@@ -9464,7 +9467,8 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
           
             RHEL-07-040160 - The Red Hat Enterprise Linux operating system must be configured so that all network connections associated with a communication session are terminated at the end of the session or after 15 minutes of inactivity from the user at a command prompt, except to fulfill documented and validated mission requirements.
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             Terminating an idle session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle session will also free up resources committed by the managed network element. 
 
@@ -9573,7 +9577,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - chmod
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             The changing of file permissions and attributes should be audited.
             
@@ -9616,7 +9621,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - chown
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9645,7 +9651,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - fchmod
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9674,7 +9681,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - fchmodat
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9703,7 +9711,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - fchown
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9732,7 +9741,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - fchownat
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9761,7 +9771,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - fremovexattr
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9790,7 +9801,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - fsetxattr
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9819,7 +9831,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - lchown
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9848,7 +9861,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - lremovexattr
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9877,7 +9891,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - lsetxattr
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9906,7 +9921,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - removexattr
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -9935,7 +9951,8 @@ Terminating network connections associated with communications sessions includes
           
             Audit Discretionary Access Control Modification Events - setxattr
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -11246,7 +11263,8 @@ Terminating network connections associated with communications sessions includes
           
             Disable Host-Based Authentication
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             SSH host-based authentication should be disabled.
             
@@ -11261,7 +11279,8 @@ Terminating network connections associated with communications sessions includes
           
             Package prelink Removed
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             The RPM package prelink should be removed.
             
@@ -11404,7 +11423,8 @@ Terminating network connections associated with communications sessions includes
           
             Mount Remote Filesystems with nosuid
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -11434,7 +11454,8 @@ Terminating network connections associated with communications sessions includes
           
             Package net-snmp Removed
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             The RPM package net-snmp should be removed.
             
@@ -11461,7 +11482,8 @@ Terminating network connections associated with communications sessions includes
           
             Package telnet-server Removed
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             The RPM package telnet-server should be removed.
             
@@ -11489,7 +11511,8 @@ Terminating network connections associated with communications sessions includes
           
             Package vsftpd Removed
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             The RPM package vsftpd should be removed.
             
@@ -11502,7 +11525,8 @@ Terminating network connections associated with communications sessions includes
           
             Package xorg-x11-server-common Removed
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
               multi_platform_fedora
             
             
@@ -11531,7 +11555,8 @@ Terminating network connections associated with communications sessions includes
           
             Ensure /home Located On Separate Partition
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             If user home directories will be stored locally, create a
       separate partition for /home. If /home will be mounted from another
@@ -11549,7 +11574,8 @@ Terminating network connections associated with communications sessions includes
           
             Ensure /var Located On Separate Partition
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -11567,7 +11593,8 @@ Terminating network connections associated with communications sessions includes
           
             Ensure /var/log/audit Located On Separate Partition
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -11586,7 +11613,8 @@ Terminating network connections associated with communications sessions includes
             Verify File Hashes with RPM
             
               multi_platform_fedora
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             Verify the RPM digests of system binaries using the RPM database.
             
@@ -11660,7 +11688,8 @@ Terminating network connections associated with communications sessions includes
           
             Ensure Only Protocol 2 Connections Allowed
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
               multi_platform_debian
               multi_platform_ubuntu
             
@@ -11696,7 +11725,8 @@ Terminating network connections associated with communications sessions includes
           
             Disable .rhosts Files
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             
             
@@ -11761,7 +11791,8 @@ This should be disabled.
           
             Do Not Allow Users to Set Environment Options
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
             
             PermitUserEnvironment should be disabled
             
@@ -12113,7 +12144,8 @@ By specifying a cipher list with the order of ciphers being in a "strongest to w
           
             Package openssh-server is version 7.4 or higher
             
-              multi_platform_rhel
+              multi_platform_rhel
+multi_platform_almalinux
               multi_platform_fedora
               multi_platform_sle
             
@@ -12384,12 +12416,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
             The UEFI grub2 boot loader should have password protection enabled.
             
           
-          
+          
             
-            
+            
             
-              
-              
+              
+              
             
           
             
@@ -13399,7 +13431,7 @@ The ability to enable/disable a session lock is given to the user by default. Di
         
           
         
-        
+        
           
         
         
@@ -13964,10 +13996,10 @@ The ability to enable/disable a session lock is given to the user by default. Di
         
           
         
-        
+        
           
         
-        
+        
           
         
         
@@ -15542,7 +15574,7 @@ The ability to enable/disable a session lock is given to the user by default. Di
           /boot/grub2/grub.cfg
         
         
-          /boot/efi/EFI/redhat/grub.cfg
+          /boot/efi/EFI/almalinux/grub.cfg
         
         
           
@@ -16385,12 +16417,12 @@ The ability to enable/disable a session lock is given to the user by default. Di
           1
         
         
-          /boot/efi/EFI/redhat/user.cfg
+          /boot/efi/EFI/almalinux/user.cfg
           ^[\s]*GRUB2_PASSWORD=grub\.pbkdf2\.sha512\.\S+$
           1
         
         
-          /boot/efi/EFI/redhat/grub.cfg
+          /boot/efi/EFI/almalinux/grub.cfg
           ^[\s]*set[\s]+superusers=\"\S+\"$
           1
         
@@ -16950,7 +16982,7 @@ The ability to enable/disable a session lock is given to the user by default. Di
         
         
           /boot/grub2/grub.cfg
-          /boot/efi/EFI/redhat/grub.cfg
+          /boot/efi/EFI/almalinux/grub.cfg
         
         
           
diff --git a/shared/references/disa-stig-rhel8-v1r4-xccdf-scap.xml b/shared/references/disa-stig-rhel8-v1r4-xccdf-scap.xml
index 24c8f3e5..122efe4f 100644
--- a/shared/references/disa-stig-rhel8-v1r4-xccdf-scap.xml
+++ b/shared/references/disa-stig-rhel8-v1r4-xccdf-scap.xml
@@ -2493,7 +2493,7 @@ SHA_CRYPT_MIN_ROUNDS 5000
             2921
           
           CCI-000213
-          Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+          Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
 
 Generate an encrypted grub2 password for the grub superusers account with the following command:
 
@@ -9399,7 +9399,8 @@ Note: The "[value]" must be a number that is greater than or equal to "0".
             IPv6 is disabled in the kernel.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             IPv6 is disabled in the kernel, either via a kernel cmdline option or sysctl.
           
@@ -9415,7 +9416,8 @@ Note: The "[value]" must be a number that is greater than or equal to "0".
             OpenSSH is installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             OpenSSH is installed
           
@@ -9443,7 +9445,8 @@ Red Hat offers the Extended Update Support (EUS) ad-on to a Red Hat Enterprise L
           
             RHEL-08-010020 - RHEL 8 must implement NIST FIPS-validated cryptography for the following: to provision digital signatures, to generate cryptographic hashes, and to protect data requiring data-at-rest protections in accordance with applicable federal laws, Executive Orders, directives, policies, regulations, and standards.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of weak or untested encryption algorithms undermines the purposes of using encryption to protect data. The operating system must implement cryptographic modules adhering to the higher standards approved by the Federal Government since this provides assurance they have been tested and validated.
 
@@ -9460,7 +9463,8 @@ The fips=1 kernel option needs to be added to the kernel command line during sys
           
             RHEL-08-010110 - RHEL 8 must encrypt all stored passwords with a FIPS 140-2 approved cryptographic hashing algorithm.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Passwords need to be protected at all times, and encryption is the standard method for protecting passwords. If passwords are not encrypted, they can be plainly read (i.e., clear text) and easily compromised.
 
@@ -9476,7 +9480,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
           
             RHEL-08-010120 - RHEL 8 must employ FIPS 140-2 approved cryptographic hashing algorithms for all stored passwords.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The system must use a strong hashing algorithm to store the password.
 
@@ -9490,7 +9495,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
           
             RHEL-08-010130 - The RHEL 8 shadow password suite must be configured to use a sufficient number of hashing rounds.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The system must use a strong hashing algorithm to store the password. The system must use a sufficient number of hashing rounds to ensure the required level of entropy.
 
@@ -9505,15 +9511,16 @@ Passwords need to be protected at all times, and encryption is the standard meth
           
             RHEL-08-010140 - RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) implemented must require authentication upon booting into single-user mode and maintenance.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
           
-          
-            
+          
+            
             
-              
-              
+              
+              
             
           
         
@@ -9521,7 +9528,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
           
             RHEL-08-010150 - RHEL 8 operating systems booted with a BIOS must require authentication upon booting into single-user and maintenance modes.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.
           
@@ -9537,7 +9545,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
           
             RHEL-08-010160 - RHEL 8 operating systems must require authentication upon booting into rescue mode.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If the system does not require valid root authentication before it boots into rescue mode, anyone who invokes rescue mode is granted privileged access to all files on the system.
           
@@ -9549,7 +9558,8 @@ Passwords need to be protected at all times, and encryption is the standard meth
           
             RHEL-08-010160 - The RHEL 8 pam_unix.so module must be configured in the password-auth file to use a FIPS 140-2 approved cryptographic hashing algorithm for system authentication.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
 
@@ -9565,7 +9575,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
           
             RHEL-08-010161 - RHEL 8 must prevent system daemons from using Kerberos for authentication.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
 
@@ -9585,7 +9596,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
           
             RHEL-08-010162 - The krb5-workstation package must not be installed on RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
 
@@ -9605,7 +9617,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
           
             RHEL-08-010171 - RHEL 8 must have the policycoreutils package installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
 
@@ -9619,7 +9632,8 @@ Policycoreutils contains the policy core utilities that are required for basic o
           
             RHEL-08-010200 - RHEL 8 must be configured so that all network connections associated with SSH traffic are terminated at the end of the session or after 10 minutes of inactivity, except to fulfill documented and validated mission requirements.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Terminating an idle SSH session within a short time period reduces the window of opportunity for unauthorized personnel to take control of a management session enabled on the console or console port that has been left unattended. In addition, quickly terminating an idle SSH session will also free up resources committed by the managed network element.
 
@@ -9636,7 +9650,8 @@ RHEL 8 utilizes /etc/ssh/sshd_config for configurations of OpenSSH. Within the s
           
             RHEL-08-010210 - The RHEL 8 /var/log/messages file must have mode 0640 or less permissive.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -9650,7 +9665,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-010220 - The RHEL 8 /var/log/messages file must be owned by root.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -9664,7 +9680,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-010230 - The RHEL 8 /var/log/messages file must be group-owned by root.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -9678,7 +9695,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-010240 - The RHEL 8 /var/log directory must have mode 0755 or less permissive.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -9692,7 +9710,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-010250 - The RHEL 8 /var/log directory must be owned by root.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -9706,7 +9725,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-010260 - The RHEL 8 /var/log directory must be group-owned by root.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -9720,7 +9740,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-010292 - RHEL 8 must ensure the SSH server uses strong entropy.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The most important characteristic of a random number generator is its randomness, namely its ability to deliver random numbers that are impossible to predict.  Entropy in computer security is associated with the unpredictability of a source of randomness.  The random source with high entropy tends to achieve a uniform distribution of random values.  Random number generators are one of the most important building blocks of cryptosystems.
 
@@ -9736,7 +9757,8 @@ The SSH implementation in RHEL8 uses the OPENSSL library, which does not use hig
           
             RHEL-08-010294 - The RHEL 8 operating system must implement DoD-approved TLS encryption in the OpenSSL package.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without cryptographic integrity protections, information can be altered by unauthorized users without detection.
 
@@ -9764,7 +9786,8 @@ RHEL 8 incorporates system-wide crypto policies by default.  The employed algori
           
             RHEL-08-010300 - RHEL 8 system commands must have mode 755 or less permissive.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
@@ -9778,7 +9801,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
           
             RHEL-08-010310 - RHEL 8 system commands must be owned by root.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
@@ -9792,7 +9816,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
           
             RHEL-08-010320 - RHEL 8 system commands must be group-owned by root or a system account.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If RHEL 8 were to allow any user to make changes to software libraries, then those changes might be implemented without undergoing the appropriate testing and approvals that are part of a robust change management process.
 
@@ -9806,7 +9831,8 @@ This requirement applies to RHEL 8 with software libraries that are accessible a
           
             RHEL-08-010370 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components from a repository without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
 
@@ -9823,7 +9849,8 @@ Verifying the authenticity of the software prior to installation validates the i
           
             RHEL-08-010371 - RHEL 8 must prevent the installation of software, patches, service packs, device drivers, or operating system components of local packages without verification they have been digitally signed using a certificate that is issued by a Certificate Authority (CA) that is recognized and approved by the organization.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
 
@@ -9839,7 +9866,8 @@ Verifying the authenticity of the software prior to installation validates the i
           
             RHEL-08-010372 - RHEL 8 must prevent the loading of a new kernel for later execution.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.
 Disabling kexec_load prevents an unsigned kernel image (that could be a windows kernel or modified vulnerable kernel) from being loaded. Kexec can be used subvert the entire secureboot process and should be avoided at all costs especially since it can load unsigned kernel images.
@@ -9861,7 +9889,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-010373 - RHEL 8 must enable kernel parameters to enforce discretionary access control on symlinks.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write).  Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment.  DAC allows the owner to determine who will have access to objects they control.  An example of DAC includes user-controlled file permissions.  
 
@@ -9887,7 +9916,8 @@ Based on the information above, if a configuration file begins with "99-" is cre
           
             RHEL-08-010374 - RHEL 8 must enable kernel parameters to enforce discretionary access control on hardlinks.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Discretionary Access Control (DAC) is based on the notion that individual users are "owners" of objects and therefore have discretion over who should be authorized to access the object and in which mode (e.g., read or write). Ownership is usually acquired as a consequence of creating the object or via specified ownership assignment. DAC allows the owner to determine who will have access to objects they control. An example of DAC includes user-controlled file permissions.
 
@@ -9914,7 +9944,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-010375 - RHEL 8 must restrict access to the kernel message buffer.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
@@ -9942,7 +9973,8 @@ Based on the information above, if a configuration file begins with "99-" is cre
           
             RHEL-08-010376 - RHEL 8 must prevent kernel profiling by unprivileged users.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Preventing unauthorized information transfers mitigates the risk of information, including encrypted representations of information, produced by the actions of prior users/roles (or the actions of processes acting on behalf of prior users/roles) from being available to any current users/roles (or current processes) that obtain access to shared system resources (e.g., registers, main memory, hard disks) after those resources have been released back to information systems. The control of information in shared resources is also commonly referred to as object reuse and residual information protection.
 
@@ -9971,7 +10003,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-010380 - RHEL 8 must require users to provide a password for privilege escalation.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
 
@@ -9986,7 +10019,8 @@ When operating systems provide the capability to escalate a functional capabilit
           
             RHEL-08-010381 - RHEL 8 must require users to reauthenticate for privilege escalation.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without reauthentication, users may access resources or perform tasks for which they do not have authorization.
 
@@ -10001,7 +10035,8 @@ When operating systems provide the capability to escalate a functional capabilit
           
             RHEL-08-010390 - RHEL 8 must have the packages required for multifactor authentication installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Using an authentication device, such as a DoD Common Access Card (CAC) or token that is separate from the information system, ensures that even if the information system is compromised, credentials stored on the authentication device will not be affected.
 
@@ -10021,7 +10056,8 @@ This requirement only applies to components where this is specific to the functi
           
             RHEL-08-010440 - YUM must remove all software components after updated versions have been installed on RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Previous versions of software components that are not removed from the information system after updates have been installed may be exploited by adversaries. Some information technology products may remove older versions of software automatically from the information system.
           
@@ -10033,7 +10069,8 @@ This requirement only applies to components where this is specific to the functi
           
             RHEL-08-010450 - RHEL 8 must enable the SELinux targeted policy.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without verification of the security functions, security functions may not operate correctly and the failure may go unnoticed. Security function is defined as the hardware, software, and/or firmware of the information system responsible for enforcing the system security policy and supporting the isolation of code and data on which the protection is based. Security functionality includes, but is not limited to, establishing system accounts, configuring access authorizations (i.e., permissions, privileges), setting events to be audited, and setting intrusion detection parameters.
 
@@ -10047,7 +10084,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010460 - There must be no shosts.equiv files on the RHEL 8 operating system.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The "shosts.equiv" files are used to configure host-based authentication for the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.
           
@@ -10059,7 +10097,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010470 - There must be no .shosts files on the RHEL 8 operating system.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The ".shosts" files are used to configure host-based authentication for individual users or the system via SSH. Host-based authentication is not sufficient for preventing unauthorized access to the system, as it does not require interactive identification and authentication of a connection request, or for the use of two-factor authentication.
           
@@ -10071,7 +10110,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010480 - The RHEL 8 SSH public host key files must have mode 0644 or less permissive.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If a public host key file is modified by an unauthorized user, the SSH service may be compromised.
           
@@ -10084,7 +10124,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010490 - The RHEL 8 SSH private host key files must have mode 0600 or less permissive.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If an unauthorized user obtains the private SSH host key file, the host could be impersonated.
           
@@ -10097,7 +10138,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010500 - The RHEL 8 SSH daemon must perform strict mode checking of home directory configuration files.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If other users have access to modify user-specific SSH configuration files, they may be able to log on to the system as another user.
           
@@ -10110,7 +10152,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010510 - The RHEL 8 SSH daemon must not allow compression or must only allow compression after successful authentication.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If compression is allowed in an SSH connection prior to authentication, vulnerabilities in the compression software could result in compromise of the system from an unauthenticated connection, potentially with root privileges.
           
@@ -10123,7 +10166,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010520 - The RHEL 8 SSH daemon must not allow authentication using known hosts authentication.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Configuring this setting for the SSH daemon provides additional assurance that remote logon via SSH will require a password, even in the event of misconfiguration elsewhere.
           
@@ -10136,7 +10180,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010521 - The RHEL 8 SSH daemon must not allow Kerberos authentication, except to fulfill documented and validated mission requirements.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Configuring these settings for the SSH daemon provides additional assurance that remote logon via SSH will not use Kerberos authentication, even in the event of misconfiguration elsewhere.
           
@@ -10149,7 +10194,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010540 - RHEL 8 must use a separate file system for /var.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
           
@@ -10162,7 +10208,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010541 - RHEL 8 must use a separate file system for /var/log.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
           
@@ -10175,7 +10222,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010542 - RHEL 8 must use a separate file system for the system audit data path.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
           
@@ -10188,7 +10236,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010543 - A separate RHEL 8 filesystem must be used for the /tmp directory.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The use of separate file systems for different paths can protect the system from failures resulting from a file system becoming full or failing.
           
@@ -10201,7 +10250,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010550 - RHEL 8 must not permit direct logons to the root account using remote access via SSH.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Even though the communications channel may be encrypted, an additional layer of security is gained by extending the policy of not logging on directly as root. In addition, logging on with a user-specific account provides individual accountability of actions performed on the system.
           
@@ -10214,7 +10264,8 @@ This requirement applies to operating systems performing security function verif
           
             RHEL-08-010560 - The auditd service must be running in RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
 
@@ -10229,7 +10280,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-010561 - The rsyslog service must be running in RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Configuring RHEL 8 to implement organization-wide security implementation guides and security checklists ensures compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
 
@@ -10244,12 +10296,13 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-010571 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on the /boot directory.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
           
           
-            
+            
             
               
               
@@ -10260,7 +10313,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-010580 - RHEL 8 must prevent special devices on non-root local partitions.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.  The only legitimate location for device files is the /dev directory located on the root partition.
           
@@ -10273,7 +10327,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-010630 - RHEL 8 must prevent code from being executed on file systems that are imported via Network File System (NFS).
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The "noexec" mount option causes the system not to execute binary files. This option must be used for mounting any file system not containing approved binary as they may be incompatible. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
           
@@ -10286,7 +10341,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-010640 - RHEL 8 must prevent special devices on file systems that are imported via Network File System (NFS).
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The "nodev" mount option causes the system to not interpret character or block special devices. Executing character or block special devices from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
           
@@ -10299,7 +10355,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-010650 - RHEL 8 must prevent files with the setuid and setgid bit set from being executed on file systems that are imported via Network File System (NFS).
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The "nosuid" mount option causes the system not to execute "setuid" and "setgid" files with owner privileges. This option must be used for mounting any file system not containing approved "setuid" and "setguid" files. Executing files from untrusted file systems increases the opportunity for unprivileged users to attain unauthorized administrative access.
           
@@ -10312,7 +10369,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-010671 - RHEL 8 must disable the kernel.core_pattern.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -10335,7 +10393,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-010673 - RHEL 8 must disable core dumps for all users.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -10350,7 +10409,8 @@ A core dump includes a memory image taken at the time the operating system termi
           
             RHEL-08-010674 - RHEL 8 must disable storing core dumps.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -10364,7 +10424,8 @@ A core dump includes a memory image taken at the time the operating system termi
           
             RHEL-08-010675 - RHEL 8 must disable core dump backtraces.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -10378,7 +10439,8 @@ A core dump includes a memory image taken at the time the operating system termi
           
             RHEL-08-010760 - All RHEL 8 local interactive user accounts must be assigned a home directory upon creation
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If local interactive users are not assigned a valid home directory, there is no place for the storage and control of files they should own.
           
@@ -10390,7 +10452,8 @@ A core dump includes a memory image taken at the time the operating system termi
           
             RHEL-08-010830 - RHEL 8 must not allow users to override SSH environment variables.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             SSH environment options potentially allow users to bypass access restriction in some configurations.
           
@@ -10403,7 +10466,8 @@ A core dump includes a memory image taken at the time the operating system termi
           
             RHEL-08-020010 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10427,7 +10491,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
           
             RHEL-08-020011 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             In RHEL 8.2 the "/etc/security/faillock.conf" file was incorporated to centralize the configuration of the pam_faillock.so module.  Also introduced is a "local_users_only" option that will only track failed user authentication attempts for local users in /etc/passwd and ignore centralized (AD, IdM, LDAP, etc.) users to allow the centralized platform to solely manage user lockout.
 
@@ -10442,7 +10507,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
           
             RHEL-08-020012 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10462,7 +10528,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
           
             RHEL-08-020013 - RHEL 8 must automatically lock an account when three unsuccessful logon attempts occur during a 15-minute time period.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10479,7 +10546,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
           
             RHEL-08-020014 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10501,7 +10569,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
           
             RHEL-08-020015 - RHEL 8 must automatically lock an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10518,7 +10587,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
           
             RHEL-08-020018 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10538,7 +10608,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
           
             RHEL-08-020019 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10555,7 +10626,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
           
             RHEL-08-020020 - RHEL 8 must log user name information when unsuccessful logon attempts occur.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10575,7 +10647,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
           
             RHEL-08-020021 - RHEL 8 must prevent system messages from being presented when three unsuccessful logon attempts occur.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10592,7 +10665,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
           
             RHEL-08-020022 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10612,7 +10686,8 @@ From "Pam_Faillock" man pages: Note that the default directory that "pam_failloc
           
             RHEL-08-020023 - RHEL 8 must include root when automatically locking an account until the locked account is released by an administrator when three unsuccessful logon attempts occur during a 15-minute time period.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             By limiting the number of failed logon attempts, the risk of unauthorized system access via user password guessing, otherwise known as brute-force attacks, is reduced. Limits are imposed by locking the account.
 
@@ -10629,7 +10704,8 @@ From "faillock.conf" man pages: Note that the default directory that "pam_faillo
           
             RHEL-08-020024 - RHEL 8 must limit the number of concurrent sessions to ten for all accounts and/or account types.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Operating system management includes the ability to control the number of users and user sessions that utilize an operating system. Limiting the number of allowed users and sessions per user is helpful in reducing the risks related to DoS attacks.
 
@@ -10644,7 +10720,8 @@ This requirement addresses concurrent sessions for information system accounts a
           
             RHEL-08-020040 - RHEL 8 must enable a user session lock until that user re-establishes access using established identification and authentication procedures for command line sessions.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
 
@@ -10660,7 +10737,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
           
             RHEL-08-020041 - RHEL 8 must ensure session control is automatically started at shell initialization.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
 
@@ -10677,7 +10755,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
           
             RHEL-08-020042 - RHEL 8 must prevent users from disabling session control mechanisms.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             A session lock is a temporary action taken when a user stops work and moves away from the immediate physical vicinity of the information system but does not want to log out because of the temporary nature of the absence.
 
@@ -10693,7 +10772,8 @@ Tmux is a terminal multiplexer that enables a number of terminals to be created,
           
             RHEL-08-020100 - RHEL 8 must ensure the password complexity module is enabled in the password-auth file.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. "pwquality" enforces complex password construction configuration and has the ability to limit brute-force attacks on the system.
 
@@ -10709,7 +10789,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. This
           
             RHEL-08-020110 - RHEL 8 must enforce password complexity by requiring that at least one uppercase character be used.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10725,7 +10806,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
           
             RHEL-08-020120 - RHEL 8 must enforce password complexity by requiring that at least one lower-case character be used.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10741,7 +10823,8 @@ RHEL 8 utilizes pwquality as a mechanism to enforce password complexity. Note th
           
             RHEL-08-020130 - RHEL 8 must enforce password complexity by requiring that at least one numeric character be used.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10757,7 +10840,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
           
             RHEL-08-020140 - RHEL 8 must require the maximum number of repeating characters of the same character class be limited to four when passwords are changed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10773,7 +10857,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020150 - RHEL 8 must require the maximum number of repeating characters be limited to three when passwords are changed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10789,7 +10874,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020160 - RHEL 8 must require the change of at least four character classes when passwords are changed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10805,7 +10891,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020170 - RHEL 8 must require the change of at least 8 characters when passwords are changed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10821,7 +10908,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020180 - RHEL 8 passwords must have a 24 hours/1 day minimum password lifetime restriction in /etc/shadow.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
           
@@ -10834,7 +10922,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020190 - RHEL 8 passwords for new users or password changes must have a 24 hours/1 day minimum password lifetime restriction in /etc/logins.def.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Enforcing a minimum password lifetime helps to prevent repeated password changes to defeat the password reuse or history enforcement requirement. If users are allowed to immediately and continually change their password, the password could be repeatedly changed in a short period of time to defeat the organization's policy regarding password reuse.
           
@@ -10846,7 +10935,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020200 - RHEL 8 user account passwords must have a 60-day maximum password lifetime restriction.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.
           
@@ -10858,7 +10948,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020210 - RHEL 8 user account passwords must be configured so that existing passwords are restricted to a 60-day maximum lifetime.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Any password, no matter how complex, can eventually be cracked. Therefore, passwords need to be changed periodically. If RHEL 8 does not limit the lifetime of passwords and force users to change their passwords, there is the risk that RHEL 8 passwords could be compromised.
           
@@ -10873,7 +10964,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. The "
           
             RHEL-08-020220 - RHEL 8 must be configured in the password-auth file to prohibit password reuse for a minimum of five generations.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks. If the information system or application allows the user to reuse their password consecutively when that password has exceeded its defined lifetime, the end result is a password that is not changed per policy requirements.
 
@@ -10891,7 +10983,8 @@ Note that manual changes to the listed files may be overwritten by the "authsele
           
             RHEL-08-020230 - RHEL 8 passwords must have a minimum of 15 characters.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
 
@@ -10911,7 +11004,8 @@ The DoD minimum password requirement is 15 characters.
           
             RHEL-08-020231 - RHEL 8 passwords for new users must have a minimum of 15 characters.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The shorter the password, the lower the number of possible combinations that need to be tested before the password is compromised.
 
@@ -10927,7 +11021,8 @@ The DoD minimum password requirement is 15 characters.
           
             RHEL-08-020260 - RHEL 8 account identifiers (individuals, groups, roles, and devices) must be disabled after 35 days of inactivity.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Inactive identifiers pose a risk to systems and applications because attackers may exploit an inactive identifier and potentially obtain undetected access to the system. Owners of inactive accounts will not notice if unauthorized access to their user account has been obtained.
 
@@ -10941,7 +11036,8 @@ RHEL 8 needs to track periods of inactivity and disable application identifiers
           
             RHEL-08-020280 - All RHEL 8 passwords must contain at least one special character.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Use of a complex password helps to increase the time and resources required to compromise the password. Password complexity, or strength, is a measure of the effectiveness of a password in resisting attempts at guessing and brute-force attacks.
 
@@ -10957,7 +11053,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
           
             RHEL-08-020300 - RHEL 8 must prevent the use of dictionary words for passwords.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If RHEL 8 allows the user to select passwords based on dictionary words, this increases the chances of password compromise by increasing the opportunity for successful guesses, and brute-force attacks.
           
@@ -10970,7 +11067,8 @@ RHEL 8 utilizes "pwquality" as a mechanism to enforce password complexity. Note
           
             RHEL-08-020310 - RHEL 8 must enforce a delay of at least four seconds between logon prompts following a failed logon attempt.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Configuring the operating system to implement organization-wide security implementation guides and security checklists verifies compliance with federal standards and establishes a common security baseline across the DoD that reflects the most restrictive security posture consistent with operational requirements.
 
@@ -10984,7 +11082,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-020330 - RHEL 8 must not have accounts configured with blank or null passwords.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If an account has an empty password, anyone could log on and run commands with the privileges of that account. Accounts with empty passwords should never be used in operational environments.
           
@@ -10996,7 +11095,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-020350 - RHEL 8 must display the date and time of the last successful account logon upon an SSH logon.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Providing users with feedback on when account accesses via SSH last occurred facilitates user recognition and reporting of unauthorized account use.
           
@@ -11009,7 +11109,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-020351 - RHEL 8 must define default permissions for all authenticated users in such a way that the user can only read and modify their own files.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Setting the most restrictive default permissions ensures that when new accounts are created, they do not have unnecessary access.
           
@@ -11021,7 +11122,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-030000 - The RHEL 8 audit system must be configured to audit the execution of privileged functions and prevent all software from executing at higher privilege levels than users executing the software.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Misuse of privileged functions, either intentionally or unintentionally by authorized users, or by unauthorized external entities that have compromised information system accounts, is a serious and ongoing concern and can have significant adverse impacts on organizations. Auditing the use of privileged functions is one way to detect such misuse and identify the risk from insider threats and the advanced persistent threat.
           
@@ -11037,7 +11139,8 @@ Configuration settings are the set of parameters that can be changed in hardware
           
             RHEL-08-030020 - The RHEL 8 System Administrator (SA) and Information System Security Officer (ISSO) (at a minimum) must be alerted of an audit processing failure event.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
 
@@ -11053,7 +11156,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
           
             RHEL-08-030040 - The RHEL 8 System must take appropriate action when an audit processing failure occurs.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is critical for the appropriate personnel to be aware if a system is at risk of failing to process audit logs as required. Without this notification, the security personnel may be unaware of an impending failure of the audit capability, and system operation may be adversely affected.
 
@@ -11069,7 +11173,8 @@ This requirement applies to each audit data storage repository (i.e., distinct i
           
             RHEL-08-030060 - The RHEL 8 audit system must take appropriate action when the audit storage volume is full.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is critical that when RHEL 8 is at risk of failing to process audit logs as required, it takes action to mitigate the failure. Audit processing failures include software/hardware errors; failures in the audit capturing mechanisms; and audit storage capacity being reached or exceeded. Responses to audit failure depend upon the nature of the failure mode.
 
@@ -11087,7 +11192,8 @@ When availability is an overriding concern, other approved actions in response t
           
             RHEL-08-030061 - The RHEL 8 audit system must audit local events.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
 
@@ -11101,7 +11207,8 @@ Audit record content that may be necessary to satisfy this requirement includes,
           
             RHEL-08-030062 - RHEL 8 must label all off-loaded audit logs before sending them to the central log server.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
 
@@ -11119,7 +11226,8 @@ When audit logs are not labeled before they are sent to a central log server, th
           
             RHEL-08-030063 - RHEL 8 must resolve audit information before writing to disk.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
 
@@ -11135,7 +11243,8 @@ Enriched logging aids in making sense of who, what, and when events occur on a s
           
             RHEL-08-030070 - RHEL 8 audit logs must have a mode of 0600 or less permissive to prevent unauthorized read access.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -11149,7 +11258,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-030080 - RHEL 8 audit logs must be owned by root to prevent unauthorized read access.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Only authorized personnel should be aware of errors and the details of the errors. Error messages are an indicator of an organization's operational state or can identify the RHEL 8 system or platform. Additionally, Personally Identifiable Information (PII) and operational information must not be revealed through error messages to unauthorized personnel or their designated representatives.
 
@@ -11163,7 +11273,8 @@ The structure and content of error messages must be carefully considered by the
           
             RHEL-08-030090 - RHEL 8 audit logs must be group-owned by root to prevent unauthorized read access.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
 
@@ -11177,7 +11288,8 @@ Audit information includes all information (e.g., audit records, audit settings,
           
             RHEL-08-030100 - RHEL 8 audit log directory must be owned by root to prevent unauthorized read access.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
 
@@ -11191,7 +11303,8 @@ Audit information includes all information (e.g., audit records, audit settings,
           
             RHEL-08-030110 - RHEL 8 audit log directory must be group-owned by root to prevent unauthorized read access.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
 
@@ -11205,7 +11318,8 @@ Audit information includes all information (e.g., audit records, audit settings,
           
             RHEL-08-030120 - RHEL 8 audit log directory must have a mode of 0700 or less permissive to prevent unauthorized read access.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
 
@@ -11219,7 +11333,8 @@ Audit information includes all information (e.g., audit records, audit settings,
           
             RHEL-08-030121 - RHEL 8 audit system must protect auditing rules from unauthorized change.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
 
@@ -11235,7 +11350,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
           
             RHEL-08-030122 - RHEL 8 audit system must protect logon UIDs from unauthorized change.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unauthorized disclosure of audit records can reveal system and configuration data to attackers, thus compromising its confidentiality.
 
@@ -11251,7 +11367,8 @@ In immutable mode, unauthorized users cannot execute changes to the audit system
           
             RHEL-08-030130 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/shadow.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11266,7 +11383,8 @@ Audit records can be generated from various components within the information sy
           
             RHEL-08-030140 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/security/opasswd.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11281,7 +11399,8 @@ Audit records can be generated from various components within the information sy
           
             RHEL-08-030150 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/passwd.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11296,7 +11415,8 @@ Audit records can be generated from various components within the information sy
           
             RHEL-08-030160 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/gshadow.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11311,7 +11431,8 @@ Audit records can be generated from various components within the information sy
           
             RHEL-08-030170 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/group.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11326,7 +11447,8 @@ Audit records can be generated from various components within the information sy
           
             RHEL-08-030171 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11341,7 +11463,8 @@ Audit records can be generated from various components within the information sy
           
             RHEL-08-030172 - RHEL 8 must generate audit records for all account creations, modifications, disabling, and termination events that affect /etc/sudoers.d/.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11356,7 +11479,8 @@ Audit records can be generated from various components within the information sy
           
             RHEL-08-030180 - The RHEL 8 audit package must be installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without establishing what type of events occurred, the source of events, where events occurred, and the outcome of events, it would be difficult to establish, correlate, and investigate the events leading up to an outage or attack.
 
@@ -11372,7 +11496,8 @@ Associating event types with detected events in RHEL 8 audit logs provides a mea
           
             RHEL-08-030190 - Successful/unsuccessful uses of the su command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11389,7 +11514,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030200 - The RHEL 8 audit system must be configured to audit any usage of the setxattr, fsetxattr, lsetxattr, removexattr, fremovexattr and lremovexattr system calls.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11436,7 +11562,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
           
             RHEL-08-030250 - Successful/unsuccessful uses of the chage command in RHEL 8 must generate an audit record
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11455,7 +11582,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
           
             RHEL-08-030260 - Successful/unsuccessful uses of the chcon command in RHEL 8 must generate an audit record
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11474,7 +11602,8 @@ Satisfies: SRG-OS-000062-GPOS-00031, SRG-OS-000037-GPOS-00015, SRG-OS-000042-GPO
           
             RHEL-08-030280 - Successful/unsuccessful uses of the ssh-agent in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11491,7 +11620,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030290 - Successful/unsuccessful uses of the passwd command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11508,7 +11638,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030300 - Successful/unsuccessful uses of the mount command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11525,7 +11656,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030301 - Successful/unsuccessful uses of the umount command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11542,7 +11674,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030302 - Successful/unsuccessful uses of the mount syscall in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11560,7 +11693,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030310 - Successful/unsuccessful uses of the unix_update in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11577,7 +11711,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030311 - Successful/unsuccessful uses of postdrop in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11594,7 +11729,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030312 - Successful/unsuccessful uses of postqueue in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11611,7 +11747,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030313 - Successful/unsuccessful uses of semanage in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11628,7 +11765,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030314 - Successful/unsuccessful uses of setfiles in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11645,7 +11783,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030315 - Successful/unsuccessful uses of userhelper in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11662,7 +11801,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030316 - Successful/unsuccessful uses of setsebool in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11679,7 +11819,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030317 - Successful/unsuccessful uses of unix_chkpwd in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Reconstruction of harmful events or forensic analysis is not possible if audit records do not contain enough information.
 
@@ -11696,7 +11837,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030320 - Successful/unsuccessful uses of the ssh-keysign in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11713,7 +11855,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030330 - Successful/unsuccessful uses of the setfacl command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11730,7 +11873,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030340 - Successful/unsuccessful uses of the pam_timestamp_check command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11747,7 +11891,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030350 - Successful/unsuccessful uses of the newgrp command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11764,7 +11909,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030360 - Successful/unsuccessful uses of the init_module and finit_module command system calls in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11786,7 +11932,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
           
             RHEL-08-030361 - Successful/unsuccessful uses of the rename, unlink, rmdir, renameat and unlinkat commandsystem calls in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11817,7 +11964,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
           
             RHEL-08-030370 - Successful/unsuccessful uses of the gpasswd command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11834,7 +11982,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030390 - Successful/unsuccessful uses of the delete_module command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11852,7 +12001,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030400 - Successful/unsuccessful uses of the crontab command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11869,7 +12019,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030410 - Successful/unsuccessful uses of the chsh command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11886,7 +12037,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030420 - Successful/unsuccessful uses of the truncate, ftruncate, creat, open, openat, and open_by_handle_at system calls in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11931,7 +12083,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
           
             RHEL-08-030480 - Successful/unsuccessful uses of the chown, fchown, fchownat and lchown system calls in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11960,7 +12113,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
           
             RHEL-08-030490 - Successful/unsuccessful uses of the chmod, fchmod and fchmodat system calls in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -11985,7 +12139,8 @@ The system call rules are loaded into a matching engine that intercepts each sys
           
             RHEL-08-030550 - Successful/unsuccessful uses of the sudo command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -12002,7 +12157,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030560 - Successful/unsuccessful uses of the usermod command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -12019,7 +12175,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030570 - Successful/unsuccessful uses of the chacl command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without generating audit records that are specific to the security and mission needs of the organization, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -12036,7 +12193,8 @@ When a user logs on, the AUID is set to the UID of the account that is being aut
           
             RHEL-08-030580 - Successful/unsuccessful uses of the kmod command in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -12063,7 +12221,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
           
             RHEL-08-030600 - Successful/unsuccessful modifications to the lastlog file in RHEL 8 must generate an audit record.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without the capability to generate audit records, it would be difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
 
@@ -12090,7 +12249,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
           
             RHEL-08-030610 - RHEL 8 must allow only the Information System Security Manager (ISSM) (or individuals or roles appointed by the ISSM) to select which auditable events are to be audited.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without the capability to restrict the roles and individuals that can select which events are audited, unauthorized personnel may be able to prevent the auditing of critical events. Misconfigured audits may degrade the system's performance by overwhelming the audit log. Misconfigured audits may also make it more difficult to establish, correlate, and investigate the events relating to an incident or identify those responsible for one.
           
@@ -12103,7 +12263,8 @@ DoD has defined the list of events for which RHEL 8 will provide an audit record
           
             RHEL-08-030620 - RHEL 8 audit tools must have a mode of 0755 or less permissive.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
 
@@ -12119,7 +12280,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
           
             RHEL-08-030630 - RHEL 8 audit tools must be owned by root.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
 
@@ -12135,7 +12297,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
           
             RHEL-08-030640 - RHEL 8 audit tools must be group-owned by root.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Protecting audit information also includes identifying and protecting the tools used to view and manipulate log data. Therefore, protecting audit tools is necessary to prevent unauthorized operation on audit information.
 
@@ -12151,7 +12314,8 @@ Audit tools include, but are not limited to, vendor-provided and open source aud
           
             RHEL-08-030680 - RHEL 8 must have the packages required for encrypting offloaded audit logs installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
@@ -12174,7 +12338,8 @@ Note that a port number was given as there is no standard port for RELP.
             RHEL-08-030700 - RHEL 8 must take appropriate action when the internal event queue is full.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
@@ -12190,7 +12355,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
           
             RHEL-08-030730 - RHEL 8 must take action when allocated audit record storage volume reaches 75 percent of the repository maximum audit record storage capacity.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If security personnel are not notified immediately when storage volume reaches 75 percent utilization, they are unable to plan for audit record storage capacity expansion.
           
@@ -12202,7 +12368,8 @@ RHEL 8 installation media provides "rsyslogd".  "rsyslogd" is a system utility p
           
             RHEL-08-030741 - RHEL 8 must disable the chrony daemon from acting as a server.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
 
@@ -12220,7 +12387,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
           
             RHEL-08-030742 - RHEL 8 must disable network management of the chrony daemon.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Inaccurate time stamps make it more difficult to correlate events and can lead to an inaccurate analysis. Determining the correct time a particular event occurred on a system is critical when conducting forensic analysis and investigating system events. Sources outside the configured acceptable allowance (drift) may be inaccurate.
 
@@ -12238,7 +12406,8 @@ Note that USNO offers authenticated NTP service to DoD and U.S. Government agenc
           
             RHEL-08-040000 - RHEL 8 must not have the telnet-server package installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12260,7 +12429,8 @@ If a privileged user were to log on using this service, the privileged user pass
           
             RHEL-08-040001 - RHEL 8 must not have any automated bug reporting tools installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12278,7 +12448,8 @@ Verify the operating system is configured to disable non-essential capabilities.
           
             RHEL-08-040002 - RHEL 8 must not have the sendmail package installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12296,7 +12467,8 @@ Verify the operating system is configured to disable non-essential capabilities.
           
             RHEL-08-040010 - RHEL 8 must not have the rsh-server package installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12314,7 +12486,8 @@ If a privileged user were to log on using this service, the privileged user pass
           
             RHEL-08-040021 - RHEL 8 must disable the asynchronous transfer mode (ATM) protocol.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12331,7 +12504,8 @@ The Asynchronous Transfer Mode (ATM) is a protocol operating on network, data li
           
             RHEL-08-040022 - RHEL 8 must disable the controller area network (CAN) protocol.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12348,7 +12522,8 @@ The Controller Area Network (CAN) is a serial communications protocol, which was
           
             RHEL-08-040023 - RHEL 8 must disable the stream control transmission (SCTP) protocol.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12365,7 +12540,8 @@ The Stream Control Transmission Protocol (SCTP) is a transport layer protocol, d
           
             RHEL-08-040024 - RHEL 8 must disable the transparent inter-process communication (TIPC) protocol.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12382,7 +12558,8 @@ The Transparent Inter-Process Communication (TIPC) protocol is designed to provi
           
             RHEL-08-040025 - RHEL 8 must disable mounting of cramfs.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12399,7 +12576,8 @@ Compressed ROM/RAM file system (or cramfs) is a read-only file system designed f
           
             RHEL-08-040026 - RHEL 8 must disable IEEE 1394 (FireWire) Support.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -12414,7 +12592,8 @@ The IEEE 1394 (FireWire) is a serial bus standard for high-speed real-time commu
           
             RHEL-08-040060 - RHEL 8 must enforce SSHv2 for network access to all accounts.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             A replay attack may enable an unauthorized user to gain access to RHEL 8. Authentication sessions between the authenticator and RHEL 8 validating the user credentials must not be vulnerable to a replay attack.
 
@@ -12435,7 +12614,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
           
             RHEL-08-040080 - RHEL 8 must be configured to disable USB mass storage.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             USB mass storage permits easy introduction of unknown devices, thereby facilitating malicious activity.
           
@@ -12448,7 +12628,8 @@ RHEL 8 incorporates OpenSSH as a default ssh provider. OpenSSH has been a 100 pe
           
             RHEL-08-040111 - RHEL 8 Bluetooth must be disabled.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without protection of communications with wireless peripherals, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read, altered, or used to compromise the RHEL 8 operating system.
 
@@ -12464,7 +12645,8 @@ Protecting the confidentiality and integrity of communications with wireless per
           
             RHEL-08-040120 - RHEL 8 must mount /dev/shm with the nodev option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12483,7 +12665,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040121 - RHEL 8 must mount /dev/shm with the nosuid option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12500,7 +12683,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040122 - RHEL 8 must mount /dev/shm with the noexec option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12519,7 +12703,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040123 - RHEL 8 must mount /tmp with the nodev option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12539,7 +12724,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040124 - RHEL 8 must mount /tmp with the nosuid option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12557,7 +12743,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040125 - RHEL 8 must mount /tmp with the noexec option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12577,7 +12764,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040126 - RHEL 8 must mount /var/log with the nodev option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12597,7 +12785,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040127 - RHEL 8 must mount /var/log with the nosuid option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12617,7 +12806,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040128 - RHEL 8 must mount /var/log with the noexec option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12637,7 +12827,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040129 - RHEL 8 must mount /var/log/audit with the nodev option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12657,7 +12848,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040130 - RHEL 8 must mount /var/log/audit with the nosuid option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12677,7 +12869,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040131 - RHEL 8 must mount /var/log/audit with the noexec option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12697,7 +12890,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040132 - RHEL 8 must mount /var/tmp with the nodev option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12716,7 +12910,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040133 - RHEL 8 must mount /var/tmp with the nosuid option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12735,7 +12930,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040134 - RHEL 8 must mount /var/tmp with the noexec option.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The organization must identify authorized software programs and permit execution of authorized software. The process used to identify software programs that are authorized to execute on organizational information systems is commonly referred to as whitelisting.
 
@@ -12754,7 +12950,8 @@ The "nosuid" mount option causes the system to not execute "setuid" and "setgid"
           
             RHEL-08-040160 - All RHEL 8 networked systems must have and implement SSH to protect the confidentiality and integrity of transmitted and received information, as well as information during preparation for transmission.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
 
@@ -12771,7 +12968,8 @@ Protecting the confidentiality and integrity of organizational information can b
           
             RHEL 8 must force a frequent session key renegotiation for SSH connections to the server.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without protection of the transmitted information, confidentiality and integrity may be compromised because unprotected communications can be intercepted and either read or altered. 
 
@@ -12790,7 +12988,8 @@ Session key regeneration limits the chances of a session key becoming compromise
           
             RHEL-08-040172 - The systemd Ctrl-Alt-Delete burst key sequence in RHEL 8 must be disabled.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             A locally logged-on user who presses Ctrl-Alt-Delete when at the console can reboot the system. If accidentally pressed, as could happen in the case of a mixed OS environment, this can create the risk of short-term loss of availability of systems due to unintentional reboot. In a graphical user environment, risk of unintentional reboot from the Ctrl-Alt-Delete sequence is reduced because the user will be prompted before any action is taken.
           
@@ -12802,7 +13001,8 @@ Session key regeneration limits the chances of a session key becoming compromise
           
             RHEL-08-040190 - The Trivial File Transfer Protocol (TFTP) server package must not be installed if not required for RHEL 8 operational support.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If TFTP is required for operational support (such as the transmission of router configurations) its use must be documented with the Information System Security Officer (ISSO), restricted to only authorized personnel, and have access control rules established.
           
@@ -12814,7 +13014,8 @@ Session key regeneration limits the chances of a session key becoming compromise
           
             RHEL-08-040200 - The root account must be the only account having unrestricted access to the RHEL 8 system.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If an account other than root also has a User Identifier (UID) of "0", it has root authority, giving that account unrestricted access to the entire operating system. Multiple accounts with a UID of "0" afford an opportunity for potential intruders to guess a password for a privileged account.
           
@@ -12826,7 +13027,8 @@ Session key regeneration limits the chances of a session key becoming compromise
           
             RHEL-08-040210 - RHEL 8 must prevent Internet Control Message Protocol (ICMP) redirect messages from being accepted.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
           
@@ -12842,7 +13044,8 @@ Session key regeneration limits the chances of a session key becoming compromise
           
             RHEL-08-040220 - RHEL 8 must not send Internet Control Message Protocol (ICMP) redirects.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
 
@@ -12867,7 +13070,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040230 - RHEL 8 must not respond to Internet Control Message Protocol (ICMP) echoes sent to a broadcast address.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Responding to broadcast ICMP echoes facilitates network mapping and provides a vector for amplification attacks.
 
@@ -12892,7 +13096,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040240 - RHEL 8 must not forward source-routed packets.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 
@@ -12918,7 +13123,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040250 - RHEL 8 must not forward source-routed packets by default.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Source-routed packets allow the source of the packet to suggest that routers forward the packet along a different path than configured on the router, which can be used to bypass network security measures. This requirement applies only to the forwarding of source-routed traffic, such as when forwarding is enabled and the system is functioning as a router.
 		
@@ -12944,7 +13150,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040260 - RHEL 8 must not be performing packet forwarding unless the system is a router.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
 
@@ -12970,7 +13177,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040261 - RHEL 8 must not accept router advertisements on all IPv6 interfaces.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
 
@@ -12998,7 +13206,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040262 - RHEL 8 must not accept router advertisements on all IPv6 interfaces by default.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Routing protocol daemons are typically used on routers to exchange network topology information with other routers. If this software is used when not required, system network information may be unnecessarily transmitted across the network.
 
@@ -13026,7 +13235,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040270 - RHEL 8 must not allow interfaces to perform Internet Control Message Protocol (ICMP) redirects by default.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages contain information from the system's route table, possibly revealing portions of the network topology.
 
@@ -13051,7 +13261,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040280 - RHEL 8 must ignore Internet Control Message Protocol (ICMP) redirect messages.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             ICMP redirect messages are used by routers to inform hosts that a more direct route exists for a particular destination. These messages modify the host's route table and are unauthenticated. An illicit ICMP redirect message could result in a man-in-the-middle attack.
 
@@ -13077,7 +13288,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040281 - RHEL 8 must disable access to network bpf syscall from unprivileged processes.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -13100,7 +13312,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040282 - RHEL 8 must restrict usage of ptrace to descendant processes.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -13123,7 +13336,8 @@ Based on the information above, if a configuration file that begins with "99-" i
           
             RHEL-08-040283 - RHEL 8 must restrict exposed kernel pointer addresses access.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives.  These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.  
 
@@ -13145,7 +13359,8 @@ Based on the information above, if a configuration file begins with "99-" is cre
           
             RHEL-08-040284 - RHEL 8 must disable the use of user namespaces.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -13167,7 +13382,8 @@ Based on the information above, if a configuration file begins with "99-" is cre
           
             RHEL-08-040285 - RHEL 8 must use reverse path filtering on all IPv4 interfaces.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -13189,7 +13405,8 @@ Based on the information above, if a configuration file begins with "99-" is cre
           
             RHEL-08-040290 - RHEL 8 must be configured to prevent unrestricted mail relaying.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             If unrestricted mail relaying is permitted, unauthorized senders could use this host as a mail relay for the purpose of sending spam or other unauthorized activity.
           
@@ -13202,7 +13419,8 @@ Based on the information above, if a configuration file begins with "99-" is cre
           
             RHEL-08-040340 - RHEL 8 remote X connections for interactive users must be disabled unless to fulfill documented and validated mission requirements.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The security risk of using X11 forwarding is that the client's X11 display server may be exposed to attack when the SSH client requests forwarding.  A system administrator may have a stance in which they want to protect clients that may expose themselves to attack by unwittingly requesting X11 forwarding, which can warrant a ''no'' setting.
 X11 forwarding should be enabled with caution. Users with the ability to bypass file permissions on the remote host (for the user's X11 authorization database) can access the local X11 display through the forwarded connection. An attacker may then be able to perform activities such as keystroke monitoring if the ForwardX11Trusted option is also enabled.
@@ -13217,7 +13435,8 @@ If X11 services are not required for the system's intended function, they should
           
             RHEL-08-040341 - The RHEL 8 SSH daemon must prevent remote hosts from connecting to the proxy display.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             When X11 forwarding is enabled, there may be additional exposure to the server and client displays if the sshd proxy display is configured to listen on the wildcard address. By default, sshd binds the forwarding server to the loopback address and sets the hostname part of the DIPSLAY environment variable to localhost. This prevents remote hosts from connecting to the proxy display.
           
@@ -13230,7 +13449,8 @@ If X11 services are not required for the system's intended function, they should
           
             RHEL-08-040350 - If the Trivial File Transfer Protocol (TFTP) server is required, the RHEL 8 TFTP daemon must be configured to operate in secure mode.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Restricting TFTP to a specific directory prevents remote users from copying, transferring, or overwriting system files.
           
@@ -13243,7 +13463,8 @@ If X11 services are not required for the system's intended function, they should
           
             RHEL-08-040360 - A File Transfer Protocol (FTP) server package must not be installed unless mission essential on RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The FTP service provides an unencrypted remote access that does not provide for the confidentiality and integrity of user passwords or the remote session. If a privileged user were to log on using this service, the privileged user password could be compromised. SSH or other encrypted file transfer methods must be used in place of this service.
           
@@ -13255,7 +13476,8 @@ If X11 services are not required for the system's intended function, they should
           
             RHEL-08-040370 - The gssproxy package must not be installed unless mission essential on RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -13271,7 +13493,8 @@ The gssproxy package is a proxy for GSS API credential handling and could expose
           
             RHEL-08-040380 - The iprutils package must not be installed unless mission essential on RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -13287,7 +13510,8 @@ The iprutils package provides a suite of utilities to manage and configure SCSI
           
             RHEL-08-040390 - The tuned package must not be installed unless mission essential on RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             It is detrimental for operating systems to provide, or install by default, functionality exceeding requirements or mission objectives. These unnecessary capabilities or services are often overlooked and therefore may remain unsecured. They increase the risk to the platform by providing additional attack vectors.
 
@@ -13303,7 +13527,8 @@ The tuned package contains a daemon that tunes the system settings dynamically.
           
             RHEL-08-030670 - RHEL 8 must have the packages required for offloading audit logs installed.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Information stored in one location is vulnerable to accidental or incidental deletion or alteration.
 
@@ -13326,7 +13551,8 @@ Note that a port number was given as there is no standard port for RELP.
             RHEL-08-010163 - The krb5-server package must not be installed on RHEL 8.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Unapproved mechanisms that are used for authentication to the cryptographic module are not verified and therefore cannot be relied upon to provide confidentiality or integrity, and DoD data may be compromised.
 
@@ -13345,7 +13571,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
           
             RHEL-08-010382 - RHEL 8 must restrict privilege elevation to authorized personnel.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The sudo command allows a user to execute programs with elevated (administrator) privileges. It prompts the user for their password and confirms your request to execute a command by checking a file, called sudoers. If the "sudoers" file is not configured correctly, any user defined on the system can initiate privileged actions on the target system.
           
@@ -13358,7 +13585,8 @@ FIPS 140-2 is the current standard for validating that mechanisms used to access
           
             RHEL-08-010383 - RHEL 8 must use the invoking user's password for privilege escalation when using "sudo".
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             The sudoers security policy requires that users authenticate themselves before they can use sudo. When sudoers requires authentication, it validates the invoking user's credentials. If the rootpw, targetpw, or runaspw flags are defined and not disabled, by default the operating system will prompt the invoking user for the "root" user password. 
 For more information on each of the listed configurations, reference the sudoers(5) manual page.
@@ -13382,7 +13610,8 @@ For more information on each of the listed configurations, reference the sudoers
           
             RHEL-08-010384 - RHEL 8 must require re-authentication when using the "sudo" command.
             
-              Red Hat Enterprise Linux 8
+              Red Hat Enterprise Linux 8
+AlmaLinux 8
             
             Without re-authentication, users may access resources or perform tasks for which they do not have authorization. 
 
@@ -13456,15 +13685,15 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
           
           
         
-        
+        
           
           
         
-        
+        
           
           
         
-        
+        
           
         
         
@@ -14979,18 +15208,18 @@ If the value is set to an integer less than 0, the user's time stamp will not ex
           ^\s*SHA_CRYPT_MAX_ROUNDS\s+(\d+)\b
           1
         
-        
-          /boot/efi/EFI/redhat/grub.cfg
+        
+          /boot/efi/EFI/almalinux/grub.cfg
           ^\s*set\s+superusers\s*=\s*"(\w+)"\s*$
           1
         
-        
-          /boot/efi/EFI/redhat/user.cfg
+        
+          /boot/efi/EFI/almalinux/user.cfg
           ^\s*GRUB2_PASSWORD=(\S+)\b
           1
         
-        
-          /boot/efi/EFI/redhat/grub.cfg
+        
+          /boot/efi/EFI/almalinux/grub.cfg
         
         
           /boot/grub2/grub.cfg
diff --git a/shared/references/disa-stig-rhel8-v1r5-xccdf-manual.xml b/shared/references/disa-stig-rhel8-v1r5-xccdf-manual.xml
index 216e91f9..9cde5e5e 100644
--- a/shared/references/disa-stig-rhel8-v1r5-xccdf-manual.xml
+++ b/shared/references/disa-stig-rhel8-v1r5-xccdf-manual.xml
@@ -368,7 +368,7 @@ $ sudo egrep "^SHA_CRYPT_" /etc/login.defs
 
 If only one of "SHA_CRYPT_MIN_ROUNDS" or "SHA_CRYPT_MAX_ROUNDS" is set, and this value is below "5000", this is a finding.
 
-If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/redhat/user.cfg file.
+If both "SHA_CRYPT_MIN_ROUNDS" and "SHA_CRYPT_MAX_ROUNDS" are set, and the highest value for either is below "5000", this is a finding.SRG-OS-000080-GPOS-00048<GroupDescription></GroupDescription>RHEL-08-010140RHEL 8 operating systems booted with United Extensible Firmware Interface (UEFI) must require authentication upon booting into single-user mode and maintenance.<VulnDiscussion>If the system does not require valid authentication before it boots into single-user or maintenance mode, anyone who invokes single-user or maintenance mode is granted privileged access to all files on the system. GRUB 2 is the default boot loader for RHEL 8 and is designed to require a password to boot into single-user mode or make modifications to the boot menu.</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>DPMS Target Red Hat Enterprise Linux 8DISADPMS TargetRed Hat Enterprise Linux 82921CCI-000213Configure the system to require a grub bootloader password for the grub superusers account with the grub2-setpassword command, which creates/overwrites the /boot/efi/EFI/almalinux/user.cfg file.
 
 Generate an encrypted grub2 password for the grub superusers account with the following command:
 
@@ -378,7 +378,7 @@ Confirm password:For systems that use BIOS, this is Not Applicable.
+$ sudo grub2-mkconfig -o /boot/efi/EFI/almalinux/grub.cfgFor systems that use BIOS, this is Not Applicable.
 
 Verify that a unique name is set as the "superusers" account:
 
-$ sudo grep -iw "superusers" /boot/efi/EFI/redhat/grub.cfg
+$ sudo grep -iw "superusers" /boot/efi/EFI/almalinux/grub.cfg
 set superusers="[someuniquestringhere]"
 export superusers
 
diff --git a/shared/templates/accounts_password/ansible.template b/shared/templates/accounts_password/ansible.template
index 7383c68f..43cff8bd 100644
--- a/shared/templates/accounts_password/ansible.template
+++ b/shared/templates/accounts_password/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/accounts_password/bash.template b/shared/templates/accounts_password/bash.template
index 9633b681..674973a5 100644
--- a/shared/templates/accounts_password/bash.template
+++ b/shared/templates/accounts_password/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_dac_modification/ansible.template b/shared/templates/audit_rules_dac_modification/ansible.template
index 888f76e9..ae66d5d2 100644
--- a/shared/templates/audit_rules_dac_modification/ansible.template
+++ b/shared/templates/audit_rules_dac_modification/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_dac_modification/bash.template b/shared/templates/audit_rules_dac_modification/bash.template
index 9b57c665..b5b584f0 100644
--- a/shared/templates/audit_rules_dac_modification/bash.template
+++ b/shared/templates/audit_rules_dac_modification/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system
diff --git a/shared/templates/audit_rules_file_deletion_events/ansible.template b/shared/templates/audit_rules_file_deletion_events/ansible.template
index c54bd839..f1e948db 100644
--- a/shared/templates/audit_rules_file_deletion_events/ansible.template
+++ b/shared/templates/audit_rules_file_deletion_events/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_file_deletion_events/bash.template b/shared/templates/audit_rules_file_deletion_events/bash.template
index cd7e552c..6b9f4a47 100644
--- a/shared/templates/audit_rules_file_deletion_events/bash.template
+++ b/shared/templates/audit_rules_file_deletion_events/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system
diff --git a/shared/templates/audit_rules_login_events/ansible.template b/shared/templates/audit_rules_login_events/ansible.template
index 09d2e056..2b20c215 100644
--- a/shared/templates/audit_rules_login_events/ansible.template
+++ b/shared/templates/audit_rules_login_events/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_login_events/bash.template b/shared/templates/audit_rules_login_events/bash.template
index c94b1073..a7a1623c 100644
--- a/shared/templates/audit_rules_login_events/bash.template
+++ b/shared/templates/audit_rules_login_events/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 
diff --git a/shared/templates/audit_rules_path_syscall/ansible.template b/shared/templates/audit_rules_path_syscall/ansible.template
index 8c1361b7..6280a411 100644
--- a/shared/templates/audit_rules_path_syscall/ansible.template
+++ b/shared/templates/audit_rules_path_syscall/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_path_syscall/bash.template b/shared/templates/audit_rules_path_syscall/bash.template
index 332c87de..cdcf6352 100644
--- a/shared/templates/audit_rules_path_syscall/bash.template
+++ b/shared/templates/audit_rules_path_syscall/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system
diff --git a/shared/templates/audit_rules_privileged_commands/ansible.template b/shared/templates/audit_rules_privileged_commands/ansible.template
index aa7b5097..ad33c6a1 100644
--- a/shared/templates/audit_rules_privileged_commands/ansible.template
+++ b/shared/templates/audit_rules_privileged_commands/ansible.template
@@ -1,7 +1,7 @@
-{{%- if product in ["rhel8", "rhel9", "sle12", "sle15"] %}}
+{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15"] %}}
   {{%- set perm_x=" -F perm=x" %}}
 {{%- endif %}}
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_privileged_commands/bash.template b/shared/templates/audit_rules_privileged_commands/bash.template
index f3c57c5e..bcab9578 100644
--- a/shared/templates/audit_rules_privileged_commands/bash.template
+++ b/shared/templates/audit_rules_privileged_commands/bash.template
@@ -1,7 +1,7 @@
-{{%- if product in ["rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15", "ubuntu2004"] %}}
   {{%- set perm_x=" -F perm=x" %}}
 {{%- endif %}}
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 
 ACTION_ARCH_FILTERS="-a always,exit"
 OTHER_FILTERS="-F path={{{ PATH }}}{{{ perm_x }}}"
diff --git a/shared/templates/audit_rules_privileged_commands/oval.template b/shared/templates/audit_rules_privileged_commands/oval.template
index cba62e6e..ae1db793 100644
--- a/shared/templates/audit_rules_privileged_commands/oval.template
+++ b/shared/templates/audit_rules_privileged_commands/oval.template
@@ -1,4 +1,4 @@
-{{%- if product in ["rhel8", "rhel9", "sle12", "sle15", "ubuntu2004"] %}}
+{{%- if product in ["rhel8", "rhel9", "almalinux8", "sle12", "sle15", "ubuntu2004"] %}}
   {{%- set perm_x="(?:[\s]+-F[\s]+perm=x)" %}}
 {{%- endif %}}
 
diff --git a/shared/templates/audit_rules_syscall_events/ansible.template b/shared/templates/audit_rules_syscall_events/ansible.template
index 8c6ee906..cac54d94 100644
--- a/shared/templates/audit_rules_syscall_events/ansible.template
+++ b/shared/templates/audit_rules_syscall_events/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_syscall_events/bash.template b/shared/templates/audit_rules_syscall_events/bash.template
index 65325548..592ec6bd 100644
--- a/shared/templates/audit_rules_syscall_events/bash.template
+++ b/shared/templates/audit_rules_syscall_events/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 
 # Include source function library.
 . /usr/share/scap-security-guide/remediation_functions
diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
index 1e930bcf..58d026a4 100644
--- a/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
+++ b/shared/templates/audit_rules_unsuccessful_file_modification/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
index ff9a4f5e..ae7f6000 100644
--- a/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
+++ b/shared/templates/audit_rules_unsuccessful_file_modification/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 
 # First perform the remediation of the syscall rule
 # Retrieve hardware architecture of the underlying system
diff --git a/shared/templates/audit_rules_usergroup_modification/ansible.template b/shared/templates/audit_rules_usergroup_modification/ansible.template
index 87c8d2ce..57a2d0c0 100644
--- a/shared/templates/audit_rules_usergroup_modification/ansible.template
+++ b/shared/templates/audit_rules_usergroup_modification/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/shared/templates/audit_rules_usergroup_modification/bash.template b/shared/templates/audit_rules_usergroup_modification/bash.template
index 62faac34..3461e4e2 100644
--- a/shared/templates/audit_rules_usergroup_modification/bash.template
+++ b/shared/templates/audit_rules_usergroup_modification/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu
 
 # Perform the remediation for both possible tools: 'auditctl' and 'augenrules'
 
diff --git a/shared/templates/grub2_bootloader_argument/ansible.template b/shared/templates/grub2_bootloader_argument/ansible.template
index db3b4430..6d55ca29 100644
--- a/shared/templates/grub2_bootloader_argument/ansible.template
+++ b/shared/templates/grub2_bootloader_argument/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle
 # reboot = true
 # strategy = restrict
 # complexity = medium
diff --git a/shared/templates/grub2_bootloader_argument/bash.template b/shared/templates/grub2_bootloader_argument/bash.template
index 5f97efd4..24529bda 100644
--- a/shared/templates/grub2_bootloader_argument/bash.template
+++ b/shared/templates/grub2_bootloader_argument/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 {{#
    See the OVAL template for more comments.
    Product-specific categorization should be synced across all template content types
@@ -23,7 +23,7 @@ fi
 {{% set grub_helper_executable = "update-grub" -%}}
 {{% endif -%}}
 
-{{% if product in ["rhel8", "ol8"] %}}
+{{% if product in ["rhel8", "almalinux8", "ol8"] %}}
 {{# Suppress the None output of append -#}}
 {{{ grub_helper_args.append("--env=/boot/grub2/grubenv") or "" -}}}
 {{% endif -%}}
diff --git a/shared/templates/grub2_bootloader_argument/blueprint.template b/shared/templates/grub2_bootloader_argument/blueprint.template
index e07d5a4f..0c2c56ce 100644
--- a/shared/templates/grub2_bootloader_argument/blueprint.template
+++ b/shared/templates/grub2_bootloader_argument/blueprint.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 
 [customizations.kernel]
 append = "{{{ ARG_NAME_VALUE }}}"
diff --git a/shared/templates/grub2_bootloader_argument/oval.template b/shared/templates/grub2_bootloader_argument/oval.template
index 71367465..439ac799 100644
--- a/shared/templates/grub2_bootloader_argument/oval.template
+++ b/shared/templates/grub2_bootloader_argument/oval.template
@@ -16,7 +16,7 @@
 {{% set system_with_expanded_kernel_options_in_loader_entries = true %}}
 {{%- endif -%}}
 
-{{% if product in ["rhel8"] -%}}
+{{% if product in ["rhel8", "almalinux8"] -%}}
 {{% set system_with_referenced_kernel_options_in_loader_entries = true %}}
 {{% set system_with_kernel_options_in_grubenv = true %}}
 {{%- endif -%}}
diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
index a270be45..0844a6d7 100644
--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_etcdefaultgrub.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 7,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 # Removes argument from kernel command line in /etc/default/grub
 if grep -q '^GRUB_CMDLINE_LINUX=.*{{{ARG_NAME}}}=.*"'  '/etc/default/grub' ; then
diff --git a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
index fdf2a5d4..0e0e7297 100644
--- a/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/arg_not_there_grubenv.fail.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Removes audit argument from kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh b/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
index 5a97ec25..c679b04a 100644
--- a/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
+++ b/shared/templates/grub2_bootloader_argument/tests/wrong_value.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8
 
 # Break the argument in kernel command line in /boot/grub2/grubenv
 file="/boot/grub2/grubenv"
diff --git a/shared/templates/kernel_module_disabled/ansible.template b/shared/templates/kernel_module_disabled/ansible.template
index 2526baf7..7962d86b 100644
--- a/shared/templates/kernel_module_disabled/ansible.template
+++ b/shared/templates/kernel_module_disabled/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = true
 # strategy = disable
 # complexity = low
diff --git a/shared/templates/kernel_module_disabled/bash.template b/shared/templates/kernel_module_disabled/bash.template
index a0998bb9..f433e00d 100644
--- a/shared/templates/kernel_module_disabled/bash.template
+++ b/shared/templates/kernel_module_disabled/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = true
 # strategy = disable
 # complexity = low
diff --git a/shared/templates/mount/anaconda.template b/shared/templates/mount/anaconda.template
index fdcb4ee3..0d1d8dc2 100644
--- a/shared/templates/mount/anaconda.template
+++ b/shared/templates/mount/anaconda.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/mount/blueprint.template b/shared/templates/mount/blueprint.template
index 56617467..3cdacd4d 100644
--- a/shared/templates/mount/blueprint.template
+++ b/shared/templates/mount/blueprint.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora
 
 [[customizations.filesystem]]
 mountpoint = "{{{ MOUNTPOINT }}}"
diff --git a/shared/templates/mount_option/anaconda.template b/shared/templates/mount_option/anaconda.template
index 083b0ef0..14f7018a 100644
--- a/shared/templates/mount_option/anaconda.template
+++ b/shared/templates/mount_option/anaconda.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/mount_option_removable_partitions/anaconda.template b/shared/templates/mount_option_removable_partitions/anaconda.template
index 8665fb91..07cd9e3a 100644
--- a/shared/templates/mount_option_removable_partitions/anaconda.template
+++ b/shared/templates/mount_option_removable_partitions/anaconda.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/package_installed/anaconda.template b/shared/templates/package_installed/anaconda.template
index 0ac55f51..dd0bcdde 100644
--- a/shared/templates/package_installed/anaconda.template
+++ b/shared/templates/package_installed/anaconda.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/package_installed/bash.template b/shared/templates/package_installed/bash.template
index 473feef5..ef56a56a 100644
--- a/shared/templates/package_installed/bash.template
+++ b/shared/templates/package_installed/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/package_removed/anaconda.template b/shared/templates/package_removed/anaconda.template
index 489f9bb0..0120d927 100644
--- a/shared/templates/package_removed/anaconda.template
+++ b/shared/templates/package_removed/anaconda.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = disable
 # complexity = low
diff --git a/shared/templates/sebool/ansible.template b/shared/templates/sebool/ansible.template
index 0b523cde..70198115 100644
--- a/shared/templates/sebool/ansible.template
+++ b/shared/templates/sebool/ansible.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/sebool/bash.template b/shared/templates/sebool/bash.template
index 9af01925..dcab0090 100644
--- a/shared/templates/sebool/bash.template
+++ b/shared/templates/sebool/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,SUSE Linux Enterprise 15
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/service_disabled/bash.template b/shared/templates/service_disabled/bash.template
index b9bf1b5b..79783edb 100644
--- a/shared/templates/service_disabled/bash.template
+++ b/shared/templates/service_disabled/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_sle,multi_platform_ubuntu,multi_platform_sle
 # reboot = false
 # strategy = disable
 # complexity = low
diff --git a/shared/templates/service_disabled/kubernetes.template b/shared/templates/service_disabled/kubernetes.template
index 1ab45652..724e7b77 100644
--- a/shared/templates/service_disabled/kubernetes.template
+++ b/shared/templates/service_disabled/kubernetes.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ocp,multi_platform_rhcos,multi_platform_ubuntu
 # reboot = true
 # strategy = disable
 # complexity = low
diff --git a/shared/templates/service_enabled/bash.template b/shared/templates/service_enabled/bash.template
index 5571989a..8d3ea035 100644
--- a/shared/templates/service_enabled/bash.template
+++ b/shared/templates/service_enabled/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = false
 # strategy = enable
 # complexity = low
diff --git a/shared/templates/sysctl/bash.template b/shared/templates/sysctl/bash.template
index 6c82e6e3..f50f0147 100644
--- a/shared/templates/sysctl/bash.template
+++ b/shared/templates/sysctl/bash.template
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv,multi_platform_ubuntu,multi_platform_sle
 # reboot = true
 # strategy = disable
 # complexity = low
diff --git a/shared/templates/zipl_bls_entries_option/ansible.template b/shared/templates/zipl_bls_entries_option/ansible.template
index 336775e4..6411d1b9 100644
--- a/shared/templates/zipl_bls_entries_option/ansible.template
+++ b/shared/templates/zipl_bls_entries_option/ansible.template
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # reboot = true
 # strategy = configure
 # complexity = medium
diff --git a/shared/templates/zipl_bls_entries_option/bash.template b/shared/templates/zipl_bls_entries_option/bash.template
index 25cd7432..a415f2a3 100644
--- a/shared/templates/zipl_bls_entries_option/bash.template
+++ b/shared/templates/zipl_bls_entries_option/bash.template
@@ -1,4 +1,4 @@
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 
 # Correct BLS option using grubby, which is a thin wrapper around BLS operations
 grubby --update-kernel=ALL --args="{{{ ARG_NAME }}}={{{ ARG_VALUE }}}"
diff --git a/ssg/constants.py b/ssg/constants.py
index a2f66c55..4e9f667c 100644
--- a/ssg/constants.py
+++ b/ssg/constants.py
@@ -38,6 +38,7 @@ SSG_REF_URIS = {
 }
 
 product_directories = [
+    'almalinux8',
     'chromium',
     'debian9', 'debian10', 'debian11',
     'example',
@@ -194,6 +195,7 @@ PKG_MANAGER_TO_CONFIG_FILE = {
 }
 
 FULL_NAME_TO_PRODUCT_MAPPING = {
+    "AlmaLinux 8": "almalinux8",
     "Chromium": "chromium",
     "Debian 9": "debian9",
     "Debian 10": "debian10",
@@ -261,11 +263,12 @@ REFERENCES = dict(
 )
 
 
-MULTI_PLATFORM_LIST = ["rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
+MULTI_PLATFORM_LIST = ["almalinux", "rhel", "fedora", "rhosp", "rhv", "debian", "ubuntu",
                        "wrlinux", "opensuse", "sle", "ol", "ocp", "rhcos",
                        "example", "eks"]
 
 MULTI_PLATFORM_MAPPING = {
+    "multi_platform_almalinux": ["almalinux8"],
     "multi_platform_debian": ["debian9", "debian10", "debian11"],
     "multi_platform_example": ["example"],
     "multi_platform_eks": ["eks"],
@@ -452,6 +455,7 @@ MAKEFILE_ID_TO_PRODUCT_MAP = {
     'ocp': 'Red Hat OpenShift Container Platform',
     'rhcos': 'Red Hat Enterprise Linux CoreOS',
     'eks': 'Amazon Elastic Kubernetes Service',
+    'almalinux': 'AlmaLinux',
 }
 
 
@@ -465,4 +469,3 @@ DEFAULT_AIDE_CONF_PATH = '/etc/aide.conf'
 DEFAULT_AIDE_BIN_PATH = '/usr/sbin/aide'
 DEFAULT_SSH_DISTRIBUTED_CONFIG = 'false'
 DEFAULT_PRODUCT = 'example'
-
diff --git a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
index b0be0b4b..ef41579b 100644
--- a/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
+++ b/tests/unit/ssg-module/data/file_owner_grub2_cfg.yml
@@ -20,7 +20,7 @@ platforms:
   - machine
 # TODO: Make Rule get this from group, so it can be saved here
 # platforms: null
-prodtype: rhel7,rhel8,fedora,ol7,ol8
+prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8
 rationale: Only root should be able to modify important boot parameters.
 references: {cis: 1.4.1, cis-csc: '12,13,14,15,16,18,3,5', cjis: 5.5.2.2, cobit5: 'APO01.06,DSS05.04,DSS05.07,DSS06.02',
   cui: 3.4.5, disa: 'CCI-000225', hipaa: '164.308(a)(1)(ii)(B),164.308(a)(7)(i),164.308(a)(7)(ii)(A),164.310(a)(1),164.310(a)(2)(i),164.310(a)(2)(ii),164.310(a)(2)(iii),164.310(b),164.310(c),164.310(d)(1),164.310(d)(2)(iii)',
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
index ff0b30f0..0116294f 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/fixes/selinux_state.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml
index 40e55f09..cd8b4c74 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol8,rhcos4,rhel8,rhel9,rhv4
+prodtype: fedora,ol8,rhcos4,rhel8,almalinux8,rhel9,rhv4
 
 title: 'Configure System Cryptography Policy'
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
index efc1cab4..7e7ff6e1 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_and_current_same_time.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # packages = crypto-policies-scripts
 
 # IMPORTANT: This is a false negative scenario.
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
index 46d8e341..3e58358f 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/config_newer_than_current.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # packages = crypto-policies-scripts
 
 update-crypto-policies --set "DEFAULT"
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
index a18ad25b..c7a3c469 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_nss_config.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
index 04527eb2..7adf3b61 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
index 8864a8cd..6597c501 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/missing_policy_file.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
index 33719ca9..9de20e3c 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_file.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
index 6e53c39d..307cfba9 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/nss_config_as_symlink.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
index 1cb6ea49..2a5dc207 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_cis_l1.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_cis_server_l1,xccdf_org.ssgproject.content_profile_cis_workstation_l1
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
index 51d35ff9..96db9dda 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_nosha1_set.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_e8
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
index 053c5c1a..eafa80bc 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_default_set.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
index 07cbb3f6..ae916f02 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_fips_ospp_set.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
index 99d975bc..125e4ce2 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/policy_future_cis_l2.pass.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_cis,xccdf_org.ssgproject.content_profile_cis_workstation_l2
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
index fc7aeeae..3e831ed3 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/configure_crypto_policy/tests/wrong_policy.fail.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
-# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9
+# platform = multi_platform_fedora,Red Hat Enterprise Linux 8,AlmaLinux 8,Red Hat Enterprise Linux 9
 # profiles = xccdf_org.ssgproject.content_profile_ospp, xccdf_org.ssgproject.content_profile_standard
 # packages = crypto-policies-scripts
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml
index 5becd90b..976bc6a8 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/package_abrt_removed/rule.yml
@@ -1,6 +1,6 @@
 documentation_complete: true
 
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
+prodtype: fedora,ol7,ol8,rhel7,rhel8,almalinux8,rhel9
 
 title: 'Uninstall Automatic Bug Reporting Tool (abrt)'
 
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
index 1c1560a8..fc86b614 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/ansible/shared.yml
@@ -1,4 +1,4 @@
-# platform = multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = false
 # strategy = restrict
 # complexity = low
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
index 32baf94a..87ff017b 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
+++ b/tests/unit/ssg-module/test_playbook_builder_data/guide/selinux_state/bash/shared.sh
@@ -1,4 +1,4 @@
-# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
+# platform = multi_platform_wrlinux,multi_platform_rhel,multi_platform_almalinux,multi_platform_fedora,multi_platform_ol,multi_platform_rhv
 # reboot = true
 # strategy = restrict
 # complexity = low
diff --git a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
index 64e6cee7..7bcd1518 100644
--- a/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
+++ b/tests/unit/ssg-module/test_playbook_builder_data/rules/selinux_state.yml
@@ -14,7 +14,7 @@ ocil_clause: SELINUX is not set to enforcing
 oval_external_content: null
 platforms:
   - machine
-prodtype: rhel7,rhel8,fedora,ol7,ol8,rhv4
+prodtype: rhel7,rhel8,almalinux8,fedora,ol7,ol8,rhv4
 rationale: 'Setting the SELinux state to enforcing ensures SELinux is able to confine
 
   potentially compromised processes to the security policy, which is designed to
diff --git a/utils/ansible_playbook_to_role.py b/utils/ansible_playbook_to_role.py
index 7513b37e..3dd14360 100755
--- a/utils/ansible_playbook_to_role.py
+++ b/utils/ansible_playbook_to_role.py
@@ -57,6 +57,7 @@ yaml.add_constructor(_mapping_tag, dict_constructor)
 PRODUCT_WHITELIST = set([
     "rhel7",
     "rhel8",
+    "almalinux8",
 ])
 
 PROFILE_WHITELIST = set([