rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
ffdbed0b4e
scap-security-guide/scap-security-guide-0.1.57-rhel9_rules_various-PR_7006.patch
Matej Tyc 5f5226d27a Ported more rules and profiles to RHEL9 
Resolves: rhbz#1962564
2021-07-02 10:47:13 +02:00

1053 lines
50 KiB
Diff
Raw Blame History

From 041e6ff67258af02da7acc4d8c42d3309677ef50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Fri, 14 May 2021 16:01:05 +0200
Subject: [PATCH 1/5] Enabled integrity-related rules for RHEL9.
As the product doesn't have fingerprints available, rules have been extended
to build, but to return NOTCHECKED if until the product yaml is updated.
---
.../updating/ensure_redhat_gpgkey_installed/oval/shared.xml | 3 +++
.../software/updating/ensure_redhat_gpgkey_installed/rule.yml | 3 ++-
.../software/updating/security_patches_up_to_date/rule.yml | 3 ++-
shared/references/cce-redhat-avail.txt | 2 --
4 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
index 519589c40c3..dd514ad95fc 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/oval/shared.xml
@@ -1,3 +1,5 @@
+{{% if pkg_version %}}
+{{# If pkg_version isn't defined, then the rule should be NOTCHECKED, because we don't have data needed for the check #}}
<def-group>
<definition class="compliance" id="ensure_redhat_gpgkey_installed" version="2">
{{{ oval_metadata("The Red Hat release and auxiliary key packages are required to be installed.") }}}
@@ -73,3 +75,4 @@
{{%- endif %}}
</def-group>
+{{% endif %}}
diff --git a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
index 8a7a5e0b9ff..890574b6742 100644
--- a/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/ensure_redhat_gpgkey_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,rhcos4
+prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4
title: 'Ensure Red Hat GPG Key Installed'
@@ -35,6 +35,7 @@ severity: high
identifiers:
cce@rhel7: CCE-26957-1
cce@rhel8: CCE-80795-8
+ cce@rhel9: CCE-84180-9
cce@rhcos4: CCE-82754-3
references:
diff --git a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
index f7b42999a23..00a6e56f47a 100644
--- a/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
+++ b/linux_os/guide/system/software/updating/security_patches_up_to_date/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,ubuntu1604,ubuntu1804
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1604,ubuntu1804
title: 'Ensure Software Patches Installed'
@@ -38,6 +38,7 @@ severity: high
identifiers:
cce@rhel7: CCE-26895-3
cce@rhel8: CCE-80865-9
+ cce@rhel9: CCE-84185-8
cce@sle12: CCE-83002-6
cce@sle15: CCE-83261-8
diff --git a/shared/references/cce-redhat-avail.txt b/shared/references/cce-redhat-avail.txt
index 4c4f8c3aa36..626849d3f2b 100644
--- a/shared/references/cce-redhat-avail.txt
+++ b/shared/references/cce-redhat-avail.txt
@@ -506,10 +506,8 @@ CCE-84176-7
CCE-84177-5
CCE-84178-3
CCE-84179-1
-CCE-84180-9
CCE-84181-7
CCE-84183-3
-CCE-84185-8
CCE-84186-6
CCE-84187-4
CCE-84188-2
From d25f7f0a0373492e1e65e959e3e4a7dee401bdd3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Fri, 14 May 2021 16:13:14 +0200
Subject: [PATCH 2/5] Enable service disabled rules for RHEL9.
Although some of those services are very unlikely to appear on a RHEL9 system,
there is little harm coming from making sure that they are not enabled.
---
.../disable_avahi_group/service_avahi-daemon_disabled/rule.yml | 2 +-
linux_os/guide/services/base/service_abrtd_disabled/rule.yml | 2 +-
linux_os/guide/services/base/service_ntpdate_disabled/rule.yml | 2 +-
linux_os/guide/services/base/service_oddjobd_disabled/rule.yml | 2 +-
linux_os/guide/services/base/service_qpidd_disabled/rule.yml | 3 ++-
linux_os/guide/services/base/service_rdisc_disabled/rule.yml | 2 +-
linux_os/guide/services/base/service_rhnsd_disabled/rule.yml | 2 +-
.../guide/services/cron_and_at/service_atd_disabled/rule.yml | 2 +-
.../dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml | 2 +-
.../dns/disabling_dns_server/service_named_disabled/rule.yml | 2 +-
.../ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml | 2 +-
.../http/disabling_httpd/service_httpd_disabled/rule.yml | 2 +-
.../imap/disabling_dovecot/service_dovecot_disabled/rule.yml | 2 +-
.../disabling_nfs_services/service_rpcbind_disabled/rule.yml | 2 +-
.../disabling_nfsd/service_nfs_disabled/rule.yml | 2 +-
.../obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml | 3 ++-
.../guide/services/obsolete/service_rsyncd_disabled/rule.yml | 2 +-
.../services/obsolete/telnet/service_telnet_disabled/rule.yml | 2 +-
.../guide/services/printing/service_cups_disabled/rule.yml | 2 +-
.../proxy/disabling_squid/service_squid_disabled/rule.yml | 2 +-
.../routing/disabling_quagga/service_zebra_disabled/rule.yml | 3 ++-
.../services/smb/disabling_samba/service_smb_disabled/rule.yml | 2 +-
.../disabling_snmp_service/service_snmpd_disabled/rule.yml | 2 +-
.../permissions/mounting/service_autofs_disabled/rule.yml | 2 +-
24 files changed, 27 insertions(+), 24 deletions(-)
diff --git a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
index 2371c89fb6b..9254d328436 100644
--- a/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
+++ b/linux_os/guide/services/avahi/disable_avahi_group/service_avahi-daemon_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15
title: 'Disable Avahi Server Software'
diff --git a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml
index be6b76c46ad..cacd7eeb3a7 100644
--- a/linux_os/guide/services/base/service_abrtd_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_abrtd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable Automatic Bug Reporting Tool (abrtd)'
diff --git a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml
index 9ac97104351..8dfbcf5faab 100644
--- a/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_ntpdate_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable ntpdate Service (ntpdate)'
diff --git a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml
index f4b72c18890..64aa1c45f9e 100644
--- a/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_oddjobd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable Odd Job Daemon (oddjobd)'
diff --git a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml
index 3fc7c806ff0..badee1af18e 100644
--- a/linux_os/guide/services/base/service_qpidd_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_qpidd_disabled/rule.yml
@@ -1,6 +1,7 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8
+# package is unlikely to appear on a RHEL9 system, don't extend to RHEL10
+prodtype: ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable Apache Qpid (qpidd)'
diff --git a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml
index 924720cf9cb..772f8c37e68 100644
--- a/linux_os/guide/services/base/service_rdisc_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_rdisc_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable Network Router Discovery Daemon (rdisc)'
diff --git a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml
index c7eae4fb2f9..ba3b04d8811 100644
--- a/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_rhnsd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8
+prodtype: rhel7,rhel8,rhel9
title: 'Disable Red Hat Network Service (rhnsd)'
diff --git a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml
index 372329ad749..12bde00f86c 100644
--- a/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml
+++ b/linux_os/guide/services/cron_and_at/service_atd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable At Service (atd)'
diff --git a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml
index ab622910ad6..ef7cb53457e 100644
--- a/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml
+++ b/linux_os/guide/services/dhcp/disabling_dhcp_server/service_dhcpd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,sle15
+prodtype: rhel7,rhel8,rhel9,sle15
title: 'Disable DHCP Service'
diff --git a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml
index 67ec760f7fe..ee4527a8953 100644
--- a/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml
+++ b/linux_os/guide/services/dns/disabling_dns_server/service_named_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,sle15
+prodtype: rhel7,rhel8,rhel9,sle15
title: 'Disable named Service'
diff --git a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml
index e666b152eea..e6424e0162a 100644
--- a/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml
+++ b/linux_os/guide/services/ftp/disabling_vsftpd/service_vsftpd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,sle15
+prodtype: rhel7,rhel8,rhel9,sle15
title: 'Disable vsftpd Service'
diff --git a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml
index 54c5c7e338c..10808731308 100644
--- a/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml
+++ b/linux_os/guide/services/http/disabling_httpd/service_httpd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,sle15
+prodtype: rhel7,rhel8,rhel9,sle15
title: 'Disable httpd Service'
diff --git a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml
index 94441062700..54235dbfe6a 100644
--- a/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml
+++ b/linux_os/guide/services/imap/disabling_dovecot/service_dovecot_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,sle15
+prodtype: rhel7,rhel8,rhel9,sle15
title: 'Disable Dovecot Service'
diff --git a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
index 5908d55e6cf..f7631918fe8 100644
--- a/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/disabling_nfs/disabling_nfs_services/service_rpcbind_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15
title: 'Disable rpcbind Service'
diff --git a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml
index 2e18c0ba09a..5ecd328720e 100644
--- a/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml
+++ b/linux_os/guide/services/nfs_and_rpc/nfs_configuring_clients/disabling_nfsd/service_nfs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhel7,rhel8
+prodtype: fedora,rhel7,rhel8,rhel9
title: 'Disable Network File System (nfs)'
diff --git a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml
index c35040318a3..2c6448da572 100644
--- a/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml
+++ b/linux_os/guide/services/obsolete/inetd_and_xinetd/service_xinetd_disabled/rule.yml
@@ -1,6 +1,7 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle15
+# package is unlikely to appear on a RHEL9 system, don't extend to RHEL10
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Disable xinetd Service'
diff --git a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
index b26b56dec64..dc284c81998 100644
--- a/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
+++ b/linux_os/guide/services/obsolete/service_rsyncd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,ol7,rhel8,ol8,fedora,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Ensure rsyncd service is diabled'
diff --git a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml
index 049f2a48d58..b6446c2a78b 100644
--- a/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml
+++ b/linux_os/guide/services/obsolete/telnet/service_telnet_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
title: 'Disable telnet Service'
diff --git a/linux_os/guide/services/printing/service_cups_disabled/rule.yml b/linux_os/guide/services/printing/service_cups_disabled/rule.yml
index 11f30b3f837..71ef701ec8f 100644
--- a/linux_os/guide/services/printing/service_cups_disabled/rule.yml
+++ b/linux_os/guide/services/printing/service_cups_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,sle15
+prodtype: rhel7,rhel8,rhel9,sle15
title: 'Disable the CUPS Service'
diff --git a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml
index c049dd1849f..1a538ab1e05 100644
--- a/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml
+++ b/linux_os/guide/services/proxy/disabling_squid/service_squid_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15
title: 'Disable Squid'
diff --git a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml
index b8aabc13a8c..8d173cf74f4 100644
--- a/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml
+++ b/linux_os/guide/services/routing/disabling_quagga/service_zebra_disabled/rule.yml
@@ -1,6 +1,7 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4
+# package is unlikely to appear on a RHEL9 system, don't extend to RHEL10
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
title: 'Disable Quagga Service'
diff --git a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml
index 9360fc5de8b..1dba9883089 100644
--- a/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml
+++ b/linux_os/guide/services/smb/disabling_samba/service_smb_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,sle15
+prodtype: rhel7,rhel8,rhel9,sle15
title: 'Disable Samba'
diff --git a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml
index 506ee9976f2..df46bd44b95 100644
--- a/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml
+++ b/linux_os/guide/services/snmp/disabling_snmp_service/service_snmpd_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: debian10,debian9,rhel7,rhel8,sle15
+prodtype: debian10,debian9,rhel7,rhel8,rhel9,sle15
title: 'Disable snmpd Service'
diff --git a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
index f760480a103..e18b2fe0a9f 100644
--- a/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/mounting/service_autofs_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,ubuntu1804
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,ubuntu1804,wrlinux1019
title: 'Disable the Automounter'
From c8ac3c49dc377cd487ac15561938de9f1180c92a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Fri, 14 May 2021 16:16:43 +0200
Subject: [PATCH 3/5] Enabled low-level rules for RHEL9.
File owner-related settings are largery independent from changes in components.
---
.../guide/services/cron_and_at/file_groupowner_cron_d/rule.yml | 2 +-
.../services/cron_and_at/file_groupowner_cron_daily/rule.yml | 2 +-
.../services/cron_and_at/file_groupowner_cron_hourly/rule.yml | 2 +-
.../services/cron_and_at/file_groupowner_cron_monthly/rule.yml | 2 +-
.../services/cron_and_at/file_groupowner_cron_weekly/rule.yml | 2 +-
.../guide/services/cron_and_at/file_groupowner_crontab/rule.yml | 2 +-
linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml | 2 +-
.../guide/services/cron_and_at/file_owner_cron_daily/rule.yml | 2 +-
.../guide/services/cron_and_at/file_owner_cron_hourly/rule.yml | 2 +-
.../guide/services/cron_and_at/file_owner_cron_monthly/rule.yml | 2 +-
.../guide/services/cron_and_at/file_owner_cron_weekly/rule.yml | 2 +-
linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml | 2 +-
.../guide/services/ssh/file_groupowner_sshd_config/rule.yml | 2 +-
linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml | 2 +-
.../file_groupownership_home_directories/rule.yml | 2 +-
.../non-uefi/file_groupowner_grub2_cfg/rule.yml | 2 +-
.../bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml | 2 +-
17 files changed, 17 insertions(+), 17 deletions(-)
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
index 12b3e134b84..bcf17d8d1ba 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_d/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Group Who Owns cron.d'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
index 81b4dafe7ac..3731bcff80a 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_daily/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Group Who Owns cron.daily'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
index d9d95c54f67..f6be1d8e385 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_hourly/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Group Who Owns cron.hourly'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
index bc34431e4a6..823bf13d3a8 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_monthly/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Group Who Owns cron.monthly'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
index 6098829df8b..edeef8ff378 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_cron_weekly/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Group Who Owns cron.weekly'
diff --git a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
index 93469e4e4f0..8c4027198e3 100644
--- a/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_groupowner_crontab/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Group Who Owns Crontab'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
index 8835efc173e..29df5f3a977 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_d/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Owner on cron.d'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
index 329b6c3948c..f7e7811c8b1 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_daily/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Owner on cron.daily'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
index c28cac4d453..04041e13dfe 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_hourly/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Owner on cron.hourly'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
index 20d3604fb0b..46757a03195 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_monthly/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Owner on cron.monthly'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
index c34295639c3..48f897e4339 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_cron_weekly/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Owner on cron.weekly'
diff --git a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
index 41857468590..738d9820b7f 100644
--- a/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
+++ b/linux_os/guide/services/cron_and_at/file_owner_crontab/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15
+prodtype: rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Owner on crontab'
diff --git a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
index 48c52f4f99d..08224309561 100644
--- a/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_groupowner_sshd_config/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4
+prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Group Who Owns SSH Server config file'
diff --git a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
index 8daa499c96f..f69a5a177c0 100644
--- a/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
+++ b/linux_os/guide/services/ssh/file_owner_sshd_config/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,rhv4,sle15,rhcos4
+prodtype: rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify Owner on SSH Server config file'
diff --git a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
index 813c109c155..237e7e86c12 100644
--- a/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/file_groupownership_home_directories/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'All Interactive User Home Directories Must Be Group-Owned By The Primary User'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
index f66589ce1c2..c0acf9f031e 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_groupowner_grub2_cfg/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify {{{ grub2_boot_path }}}/grub.cfg Group Ownership'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
index 40bc1115608..94e219fa1ca 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/file_owner_grub2_cfg/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Verify {{{ grub2_boot_path }}}/grub.cfg User Ownership'
From 3e3dedd681319fc9952af9e154fb561e882b896b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Fri, 14 May 2021 16:25:28 +0200
Subject: [PATCH 4/5] Enable rules for RHEL9.
There are indications that those packages/services will continue to be part of RHEL9.
---
.../guide/services/cron_and_at/service_crond_enabled/rule.yml | 2 +-
.../firewalld_activation/service_firewalld_enabled/rule.yml | 2 +-
.../software/system-tools/package_rear_installed/rule.yml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml
index de8c5504867..d2c99d0d3f9 100644
--- a/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml
+++ b/linux_os/guide/services/cron_and_at/service_crond_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
title: 'Enable cron Service'
diff --git a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
index 535c588bc14..248da74dc9c 100644
--- a/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/firewalld_activation/service_firewalld_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
title: 'Verify firewalld Enabled'
diff --git a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
index 375301fdb6f..1d0ed040448 100644
--- a/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_rear_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
title: 'Install rear Package'
From 8255e799fb395f544871439d5df731da8aed66b3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Fri, 14 May 2021 16:46:57 +0200
Subject: [PATCH 5/5] Enabled various rules for RHEL9
This heterogenous assortment of rules either configures low-level settings that are largely distribution-independent,
or it performs basic configuration of stable components.
---
.../postfix_client/postfix_network_listening_disabled/rule.yml | 2 +-
linux_os/guide/services/mail/service_postfix_enabled/rule.yml | 2 +-
linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml | 2 +-
.../disabling_xwindows/xwindows_runlevel_target/rule.yml | 2 +-
.../system/accounts/accounts-banners/banner_etc_issue/rule.yml | 2 +-
.../system/accounts/accounts-banners/banner_etc_motd/rule.yml | 2 +-
.../set_password_hashing_algorithm_systemauth/rule.yml | 2 +-
.../accounts-physical/require_emergency_target_auth/rule.yml | 2 +-
.../accounts/accounts-physical/require_singleuser_auth/rule.yml | 2 +-
.../account_disable_post_pw_expiration/rule.yml | 2 +-
.../password_storage/no_legacy_plus_entries_etc_group/rule.yml | 2 +-
.../password_storage/no_legacy_plus_entries_etc_passwd/rule.yml | 2 +-
.../password_storage/no_legacy_plus_entries_etc_shadow/rule.yml | 2 +-
.../root_logins/no_shelllogin_for_systemaccounts/rule.yml | 2 +-
.../system/accounts/accounts-session/accounts_tmout/rule.yml | 2 +-
.../accounts_user_interactive_home_directory_exists/rule.yml | 2 +-
.../user_umask/accounts_umask_etc_bashrc/rule.yml | 2 +-
linux_os/guide/system/auditing/grub2_audit_argument/rule.yml | 2 +-
.../system/auditing/grub2_audit_backlog_limit_argument/rule.yml | 2 +-
.../system/bootloader-grub2/non-uefi/grub2_password/rule.yml | 2 +-
.../ruleset_modifications/set_firewalld_default_zone/rule.yml | 2 +-
.../wireless_software/wireless_disable_interfaces/rule.yml | 2 +-
linux_os/guide/system/network/network_sniffer_disabled/rule.yml | 2 +-
.../system/permissions/files/no_files_unowned_by_user/rule.yml | 2 +-
.../restrictions/coredumps/disable_users_coredumps/rule.yml | 2 +-
.../software/disk_partitioning/partition_for_var_tmp/rule.yml | 2 +-
.../aide/aide_periodic_cron_checking/rule.yml | 2 +-
27 files changed, 27 insertions(+), 27 deletions(-)
diff --git a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
index cea6ebe82bd..be9efe4b409 100644
--- a/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
+++ b/linux_os/guide/services/mail/postfix_client/postfix_network_listening_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15
title: 'Disable Postfix Network Listening'
diff --git a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml
index c807c0e375f..0906d5202dd 100644
--- a/linux_os/guide/services/mail/service_postfix_enabled/rule.yml
+++ b/linux_os/guide/services/mail/service_postfix_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15
title: 'Enable Postfix Service'
diff --git a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
index ef9867812c1..5dd9fa6b190 100644
--- a/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
+++ b/linux_os/guide/services/ntp/chronyd_run_as_chrony_user/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel7,rhel8,fedora,sle15
+prodtype: fedora,rhel7,rhel8,rhel9,sle15
title: 'Ensure that chronyd is running under chrony user account'
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
index 6a7fcbf095c..e64ddd91807 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_runlevel_target/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle12,sle15,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
title: 'Disable X Windows Startup By Setting Default Target'
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
index 5a462ee0163..75453bc8beb 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_issue/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Modify the System Login Banner'
diff --git a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
index 2c735ad0d41..190e5a8599a 100644
--- a/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-banners/banner_etc_motd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
title: 'Modify the System Message of the Day Banner'
diff --git a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
index 947de262c31..b0ecbd2bf1e 100644
--- a/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-pam/set_password_hashing_algorithm/set_password_hashing_algorithm_systemauth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: "Set PAM's Password Hashing Algorithm"
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
index 76cbe0b7e97..bc8c0a224b1 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_emergency_target_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Require Authentication for Emergency Systemd Target'
diff --git a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
index 3f8b43cc17b..3dee04454c3 100644
--- a/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/require_singleuser_auth/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
title: 'Require Authentication for Single User Mode'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
index 7d9b9bc99cc..0c538123879 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/account_expiration/account_disable_post_pw_expiration/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Set Account Expiration Following Inactivity'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
index ba40c093df4..f9799183e0c 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_group/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/group'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
index ef2266df268..1703c8b7ff4 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_passwd/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/passwd'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
index 687bbde8a1f..94ba6160154 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/password_storage/no_legacy_plus_entries_etc_shadow/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Ensure there are no legacy + NIS entries in /etc/shadow'
diff --git a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
index cc86a6e7b71..65e41ca5c18 100644
--- a/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-restrictions/root_logins/no_shelllogin_for_systemaccounts/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
title: 'Ensure that System Accounts Do Not Run a Shell Upon Login'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
index 2a4a2a2f717..5130296ad98 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_tmout/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019,rhcos4
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Set Interactive Session Timeout'
diff --git a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
index 11ebca78867..ac541680fa7 100644
--- a/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/accounts_user_interactive_home_directory_exists/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'All Interactive Users Home Directories Must Exist'
diff --git a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
index 5b0676910b3..d9afad723ef 100644
--- a/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-session/user_umask/accounts_umask_etc_bashrc/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhcos4,ol7,ol8,rhel7,rhel8,sle15
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
title: 'Ensure the Default Bash Umask is Set Correctly'
diff --git a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
index 35d93371321..9f8823ad464 100644
--- a/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Enable Auditing for Processes Which Start Prior to the Audit Daemon'
diff --git a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
index f087d384578..aab1e2f8cff 100644
--- a/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/auditing/grub2_audit_backlog_limit_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
title: 'Extend Audit Backlog Limit for the Audit Daemon'
diff --git a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
index 9f4fd1b1460..522da853ab5 100644
--- a/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/non-uefi/grub2_password/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019,sle12
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Set Boot Loader Password in grub2'
diff --git a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
index 60520b21c1f..636e30e3e1f 100644
--- a/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
+++ b/linux_os/guide/system/network/network-firewalld/ruleset_modifications/set_firewalld_default_zone/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15
title: 'Set Default firewalld Zone for Incoming Packets'
diff --git a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
index 37483573a33..1a7b2c785ff 100644
--- a/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
+++ b/linux_os/guide/system/network/network-wireless/wireless_software/wireless_disable_interfaces/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle15,sle12
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
title: 'Deactivate Wireless Network Interfaces'
diff --git a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
index 69f20153097..9b1e0b4f69d 100644
--- a/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
+++ b/linux_os/guide/system/network/network_sniffer_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Ensure System is Not Acting as a Network Sniffer'
diff --git a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
index 81823ab138c..1169d757fd0 100644
--- a/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
+++ b/linux_os/guide/system/permissions/files/no_files_unowned_by_user/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Ensure All Files Are Owned by a User'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
index c140e11271f..dd32d225db8 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/disable_users_coredumps/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,sle15
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15
title: 'Disable Core Dumps for All Users'
diff --git a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
index 52a1a9bf785..efb2e8fa203 100644
--- a/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/partition_for_var_tmp/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhcos4,sle15,ubuntu1804
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,sle15,ubuntu1804
title: 'Ensure /var/tmp Located On Separate Partition'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
index c3f7dedb33f..998a9780b75 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_periodic_cron_checking/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle15,wrlinux1019
title: 'Configure Periodic Execution of AIDE'
Reference in New Issue View Git Blame Copy Permalink