From 041e6ff67258af02da7acc4d8c42d3309677ef50 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Fri, 14 May 2021 16:01:05 +0200 Subject: [PATCH 1/5] Enabled integrity-related rules for RHEL9. As the product doesn't have fingerprints available, rules have been extended to build, but to return NOTCHECKED if until the product yaml is updated. --- .../updating/ensure_redhat_gpgkey_installed/oval/shared.xml | 3 +++ .../software/updating/ensure_redhat_gpgkey_installed/rule.yml | 3 ++- .../software/updating/security_patches_up_to_date/rule.yml | 3 ++- shared/references/cce-redhat-avail.txt | 2 -- 4 files changed, 7 insertions(+), 4 deletions(-) diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml index 519589c40c3..dd514ad95fc 100644 --- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml +++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml @@ -1,3 +1,5 @@ +{{% if pkg_version %}} +{{# If pkg_version isn't defined, then the rule should be NOTCHECKED, because we don't have data needed for the check #}} {{{ oval_metadata("The Red Hat release and auxiliary key packages are required to be installed.") }}} @@ -73,3 +75,4 @@ {{%- endif %}} +{{% endif %}} diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml index 8a7a5e0b9ff..890574b6742 100644 --- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml +++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,rhcos4 +prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4 title: 'Ensure Red Hat GPG Key Installed' @@ -35,6 +35,7 @@ severity: high identifiers: cce@rhel7: CCE-26957-1 cce@rhel8: CCE-80795-8 + cce@rhel9: CCE-84180-9 cce@rhcos4: CCE-82754-3 references: diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml index f7b42999a23..00a6e56f47a 100644 --- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml +++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804 title: 'Ensure Software Patches Installed' @@ -38,6 +38,7 @@ severity: high identifiers: cce@rhel7: CCE-26895-3 cce@rhel8: CCE-80865-9 + cce@rhel9: CCE-84185-8 cce@sle12: CCE-83002-6 cce@sle15: CCE-83261-8 diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt index 4c4f8c3aa36..626849d3f2b 100644 --- a/shared/references/cce-redhat-avail.txt +++ b/shared/references/cce-redhat-avail.txt @@ -506,10 +506,8 @@ CCE-84176-7 CCE-84177-5 CCE-84178-3 CCE-84179-1 -CCE-84180-9 CCE-84181-7 CCE-84183-3 -CCE-84185-8 CCE-84186-6 CCE-84187-4 CCE-84188-2 From d25f7f0a0373492e1e65e959e3e4a7dee401bdd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Fri, 14 May 2021 16:13:14 +0200 Subject: [PATCH 2/5] Enable service disabled rules for RHEL9. Although some of those services are very unlikely to appear on a RHEL9 system, there is little harm coming from making sure that they are not enabled. --- .../disable_avahi_group/service_avahi-daemon_disabled/rule.yml | 2 +- linux_os/guide/services/base/service_abrtd_disabled/rule.yml | 2 +- linux_os/guide/services/base/service_ntpdate_disabled/rule.yml | 2 +- linux_os/guide/services/base/service_oddjobd_disabled/rule.yml | 2 +- linux_os/guide/services/base/service_qpidd_disabled/rule.yml | 3 ++- linux_os/guide/services/base/service_rdisc_disabled/rule.yml | 2 +- linux_os/guide/services/base/service_rhnsd_disabled/rule.yml | 2 +- .../guide/services/cron_and_at/service_atd_disabled/rule.yml | 2 +- .../dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml | 2 +- .../dns/disabling_dns_server/service_named_disabled/rule.yml | 2 +- .../ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml | 2 +- .../http/disabling_httpd/service_httpd_disabled/rule.yml | 2 +- .../imap/disabling_dovecot/service_dovecot_disabled/rule.yml | 2 +- .../disabling_nfs_services/service_rpcbind_disabled/rule.yml | 2 +- .../disabling_nfsd/service_nfs_disabled/rule.yml | 2 +- .../obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml | 3 ++- .../guide/services/obsolete/service_rsyncd_disabled/rule.yml | 2 +- .../services/obsolete/telnet/service_telnet_disabled/rule.yml | 2 +- .../guide/services/printing/service_cups_disabled/rule.yml | 2 +- .../proxy/disabling_squid/service_squid_disabled/rule.yml | 2 +- .../routing/disabling_quagga/service_zebra_disabled/rule.yml | 3 ++- .../services/smb/disabling_samba/service_smb_disabled/rule.yml | 2 +- .../disabling_snmp_service/service_snmpd_disabled/rule.yml | 2 +- .../permissions/mounting/service_autofs_disabled/rule.yml | 2 +- 24 files changed, 27 insertions(+), 24 deletions(-) diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml index 2371c89fb6b..9254d328436 100644 --- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml +++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,sle15 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 title: 'Disable Avahi Server Software' diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml index be6b76c46ad..cacd7eeb3a7 100644 --- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,rhel9 title: 'Disable Automatic Bug Reporting Tool (abrtd)' diff --git a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml index 9ac97104351..8dfbcf5faab 100644 --- a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml +++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,rhel9 title: 'Disable ntpdate Service (ntpdate)' diff --git a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml index f4b72c18890..64aa1c45f9e 100644 --- a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,rhel9 title: 'Disable Odd Job Daemon (oddjobd)' diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml index 3fc7c806ff0..badee1af18e 100644 --- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml @@ -1,6 +1,7 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +# package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +prodtype: ol7,ol8,rhel7,rhel8,rhel9 title: 'Disable Apache Qpid (qpidd)' diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml index 924720cf9cb..772f8c37e68 100644 --- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml +++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8 +prodtype: ol7,ol8,rhel7,rhel8,rhel9 title: 'Disable Network Router Discovery Daemon (rdisc)' diff --git a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml index c7eae4fb2f9..ba3b04d8811 100644 --- a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml +++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8 +prodtype: rhel7,rhel8,rhel9 title: 'Disable Red Hat Network Service (rhnsd)' diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml index 372329ad749..12bde00f86c 100644 --- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml +++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 title: 'Disable At Service (atd)' diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml index ab622910ad6..ef7cb53457e 100644 --- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml +++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,rhel9,sle15 title: 'Disable DHCP Service' diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml index 67ec760f7fe..ee4527a8953 100644 --- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml +++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,rhel9,sle15 title: 'Disable named Service' diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml index e666b152eea..e6424e0162a 100644 --- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml +++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,rhel9,sle15 title: 'Disable vsftpd Service' diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml index 54c5c7e338c..10808731308 100644 --- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml +++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,rhel9,sle15 title: 'Disable httpd Service' diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml index 94441062700..54235dbfe6a 100644 --- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml +++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,rhel9,sle15 title: 'Disable Dovecot Service' diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml index 5908d55e6cf..f7631918fe8 100644 --- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,sle15 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 title: 'Disable rpcbind Service' diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml index 2e18c0ba09a..5ecd328720e 100644 --- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml +++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhel7,rhel8 +prodtype: fedora,rhel7,rhel8,rhel9 title: 'Disable Network File System (nfs)' diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml index c35040318a3..2c6448da572 100644 --- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml @@ -1,6 +1,7 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15 +# package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Disable xinetd Service' diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml index b26b56dec64..dc284c81998 100644 --- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Ensure rsyncd service is diabled' diff --git a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml index 049f2a48d58..b6446c2a78b 100644 --- a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml +++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 title: 'Disable telnet Service' diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml index 11f30b3f837..71ef701ec8f 100644 --- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml +++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,rhel9,sle15 title: 'Disable the CUPS Service' diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml index c049dd1849f..1a538ab1e05 100644 --- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml +++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,sle15 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 title: 'Disable Squid' diff --git a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml index b8aabc13a8c..8d173cf74f4 100644 --- a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml +++ b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml @@ -1,6 +1,7 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4 +# package is unlikely to appear on a RHEL9 system, don't extend to RHEL10 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4 title: 'Disable Quagga Service' diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml index 9360fc5de8b..1dba9883089 100644 --- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml +++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,sle15 +prodtype: rhel7,rhel8,rhel9,sle15 title: 'Disable Samba' diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml index 506ee9976f2..df46bd44b95 100644 --- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml +++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: debian10,debian9,rhel7,rhel8,sle15 +prodtype: debian10,debian9,rhel7,rhel8,rhel9,sle15 title: 'Disable snmpd Service' diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml index f760480a103..e18b2fe0a9f 100644 --- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml +++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,ubuntu1804 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,wrlinux1019 title: 'Disable the Automounter' From c8ac3c49dc377cd487ac15561938de9f1180c92a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Fri, 14 May 2021 16:16:43 +0200 Subject: [PATCH 3/5] Enabled low-level rules for RHEL9. File owner-related settings are largery independent from changes in components. --- .../guide/services/cron_and_at/file_groupowner_cron_d/rule.yml | 2 +- .../services/cron_and_at/file_groupowner_cron_daily/rule.yml | 2 +- .../services/cron_and_at/file_groupowner_cron_hourly/rule.yml | 2 +- .../services/cron_and_at/file_groupowner_cron_monthly/rule.yml | 2 +- .../services/cron_and_at/file_groupowner_cron_weekly/rule.yml | 2 +- .../guide/services/cron_and_at/file_groupowner_crontab/rule.yml | 2 +- linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml | 2 +- .../guide/services/cron_and_at/file_owner_cron_daily/rule.yml | 2 +- .../guide/services/cron_and_at/file_owner_cron_hourly/rule.yml | 2 +- .../guide/services/cron_and_at/file_owner_cron_monthly/rule.yml | 2 +- .../guide/services/cron_and_at/file_owner_cron_weekly/rule.yml | 2 +- linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml | 2 +- .../guide/services/ssh/file_groupowner_sshd_config/rule.yml | 2 +- linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml | 2 +- .../file_groupownership_home_directories/rule.yml | 2 +- .../non-uefi/file_groupowner_grub2_cfg/rule.yml | 2 +- .../bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml index 12b3e134b84..bcf17d8d1ba 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Group Who Owns cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml index 81b4dafe7ac..3731bcff80a 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Group Who Owns cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml index d9d95c54f67..f6be1d8e385 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Group Who Owns cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml index bc34431e4a6..823bf13d3a8 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Group Who Owns cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml index 6098829df8b..edeef8ff378 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Group Who Owns cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml index 93469e4e4f0..8c4027198e3 100644 --- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Group Who Owns Crontab' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml index 8835efc173e..29df5f3a977 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Owner on cron.d' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml index 329b6c3948c..f7e7811c8b1 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Owner on cron.daily' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml index c28cac4d453..04041e13dfe 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Owner on cron.hourly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml index 20d3604fb0b..46757a03195 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Owner on cron.monthly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml index c34295639c3..48f897e4339 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Owner on cron.weekly' diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml index 41857468590..738d9820b7f 100644 --- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml +++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15 +prodtype: rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Owner on crontab' diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml index 48c52f4f99d..08224309561 100644 --- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 +prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Group Who Owns SSH Server config file' diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml index 8daa499c96f..f69a5a177c0 100644 --- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml +++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,rhv4,sle15,rhcos4 +prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify Owner on SSH Server config file' diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml index 813c109c155..237e7e86c12 100644 --- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml index f66589ce1c2..c0acf9f031e 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml index 40bc1115608..94e219fa1ca 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership' From 3e3dedd681319fc9952af9e154fb561e882b896b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Fri, 14 May 2021 16:25:28 +0200 Subject: [PATCH 4/5] Enable rules for RHEL9. There are indications that those packages/services will continue to be part of RHEL9. --- .../guide/services/cron_and_at/service_crond_enabled/rule.yml | 2 +- .../firewalld_activation/service_firewalld_enabled/rule.yml | 2 +- .../software/system-tools/package_rear_installed/rule.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml index de8c5504867..d2c99d0d3f9 100644 --- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml +++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4 title: 'Enable cron Service' diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml index 535c588bc14..248da74dc9c 100644 --- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 title: 'Verify firewalld Enabled' diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml index 375301fdb6f..1d0ed040448 100644 --- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml +++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9 title: 'Install rear Package' From 8255e799fb395f544871439d5df731da8aed66b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= Date: Fri, 14 May 2021 16:46:57 +0200 Subject: [PATCH 5/5] Enabled various rules for RHEL9 This heterogenous assortment of rules either configures low-level settings that are largely distribution-independent, or it performs basic configuration of stable components. --- .../postfix_client/postfix_network_listening_disabled/rule.yml | 2 +- linux_os/guide/services/mail/service_postfix_enabled/rule.yml | 2 +- linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml | 2 +- .../disabling_xwindows/xwindows_runlevel_target/rule.yml | 2 +- .../system/accounts/accounts-banners/banner_etc_issue/rule.yml | 2 +- .../system/accounts/accounts-banners/banner_etc_motd/rule.yml | 2 +- .../set_password_hashing_algorithm_systemauth/rule.yml | 2 +- .../accounts-physical/require_emergency_target_auth/rule.yml | 2 +- .../accounts/accounts-physical/require_singleuser_auth/rule.yml | 2 +- .../account_disable_post_pw_expiration/rule.yml | 2 +- .../password_storage/no_legacy_plus_entries_etc_group/rule.yml | 2 +- .../password_storage/no_legacy_plus_entries_etc_passwd/rule.yml | 2 +- .../password_storage/no_legacy_plus_entries_etc_shadow/rule.yml | 2 +- .../root_logins/no_shelllogin_for_systemaccounts/rule.yml | 2 +- .../system/accounts/accounts-session/accounts_tmout/rule.yml | 2 +- .../accounts_user_interactive_home_directory_exists/rule.yml | 2 +- .../user_umask/accounts_umask_etc_bashrc/rule.yml | 2 +- linux_os/guide/system/auditing/grub2_audit_argument/rule.yml | 2 +- .../system/auditing/grub2_audit_backlog_limit_argument/rule.yml | 2 +- .../system/bootloader-grub2/non-uefi/grub2_password/rule.yml | 2 +- .../ruleset_modifications/set_firewalld_default_zone/rule.yml | 2 +- .../wireless_software/wireless_disable_interfaces/rule.yml | 2 +- linux_os/guide/system/network/network_sniffer_disabled/rule.yml | 2 +- .../system/permissions/files/no_files_unowned_by_user/rule.yml | 2 +- .../restrictions/coredumps/disable_users_coredumps/rule.yml | 2 +- .../software/disk_partitioning/partition_for_var_tmp/rule.yml | 2 +- .../aide/aide_periodic_cron_checking/rule.yml | 2 +- 27 files changed, 27 insertions(+), 27 deletions(-) diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml index cea6ebe82bd..be9efe4b409 100644 --- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml +++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,sle15 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 title: 'Disable Postfix Network Listening' diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml index c807c0e375f..0906d5202dd 100644 --- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml +++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,sle15 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15 title: 'Enable Postfix Service' diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml index ef9867812c1..5dd9fa6b190 100644 --- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml +++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhel7,rhel8,fedora,sle15 +prodtype: fedora,rhel7,rhel8,rhel9,sle15 title: 'Ensure that chronyd is running under chrony user account' diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml index 6a7fcbf095c..e64ddd91807 100644 --- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml +++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15,rhv4 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15 title: 'Disable X Windows Startup By Setting Default Target' diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml index 5a462ee0163..75453bc8beb 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Modify the System Login Banner' diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml index 2c735ad0d41..190e5a8599a 100644 --- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 title: 'Modify the System Message of the Day Banner' diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml index 947de262c31..b0ecbd2bf1e 100644 --- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: "Set PAM's Password Hashing Algorithm" diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml index 76cbe0b7e97..bc8c0a224b1 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Require Authentication for Emergency Systemd Target' diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml index 3f8b43cc17b..3dee04454c3 100644 --- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml +++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 title: 'Require Authentication for Single User Mode' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml index 7d9b9bc99cc..0c538123879 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Set Account Expiration Following Inactivity' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml index ba40c093df4..f9799183e0c 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Ensure there are no legacy + NIS entries in /etc/group' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml index ef2266df268..1703c8b7ff4 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Ensure there are no legacy + NIS entries in /etc/passwd' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml index 687bbde8a1f..94ba6160154 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Ensure there are no legacy + NIS entries in /etc/shadow' diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml index cc86a6e7b71..65e41ca5c18 100644 --- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml +++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 title: 'Ensure that System Accounts Do Not Run a Shell Upon Login' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml index 2a4a2a2f717..5130296ad98 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,rhcos4 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Set Interactive Session Timeout' diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml index 11ebca78867..ac541680fa7 100644 --- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 +prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'All Interactive Users Home Directories Must Exist' diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml index 5b0676910b3..d9afad723ef 100644 --- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml +++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 title: 'Ensure the Default Bash Umask is Set Correctly' diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml index 35d93371321..9f8823ad464 100644 --- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon' diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml index f087d384578..aab1e2f8cff 100644 --- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml +++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15 title: 'Extend Audit Backlog Limit for the Audit Daemon' diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml index 9f4fd1b1460..522da853ab5 100644 --- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml +++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Set Boot Loader Password in grub2' diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml index 60520b21c1f..636e30e3e1f 100644 --- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml +++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15 title: 'Set Default firewalld Zone for Incoming Packets' diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml index 37483573a33..1a7b2c785ff 100644 --- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml +++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,sle12 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15 title: 'Deactivate Wireless Network Interfaces' diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml index 69f20153097..9b1e0b4f69d 100644 --- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml +++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure System is Not Acting as a Network Sniffer' diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml index 81823ab138c..1169d757fd0 100644 --- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml +++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019 title: 'Ensure All Files Are Owned by a User' diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml index c140e11271f..dd32d225db8 100644 --- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml +++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15 +prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15 title: 'Disable Core Dumps for All Users' diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml index 52a1a9bf785..efb2e8fa203 100644 --- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml +++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804 +prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804 title: 'Ensure /var/tmp Located On Separate Partition' diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml index c3f7dedb33f..998a9780b75 100644 --- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml +++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml @@ -1,6 +1,6 @@ documentation_complete: true -prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019 +prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019 title: 'Configure Periodic Execution of AIDE'