rpms/scap-security-guide
7
0
Fork 0
Code Issues Pull Requests Releases Activity
ffdbed0b4e
scap-security-guide/scap-security-guide-0.1.57-rhel9_rules_various_2-PR_7040.patch
Matej Tyc 5f5226d27a Ported more rules and profiles to RHEL9 
Resolves: rhbz#1962564
2021-07-02 10:47:13 +02:00

816 lines
39 KiB
Diff
Raw Blame History

From b1ee8de3856252e2052bee8f5dd2aaaee5dcc95b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 11:33:52 +0200
Subject: [PATCH 1/8] Enable update-related rules for RHEL9.
---
.../software/updating/dnf-automatic_apply_updates/rule.yml | 2 +-
.../software/updating/package_dnf-automatic_installed/rule.yml | 2 +-
.../software/updating/timer_dnf-automatic_enabled/rule.yml | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
index 8b0343a52ec..7a10f5dd9ed 100644
--- a/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
+++ b/linux_os/guide/system/software/updating/dnf-automatic_apply_updates/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhel9
title: Configure dnf-automatic to Install Available Updates Automatically
diff --git a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
index 8b332b800c7..0bdace740b4 100644
--- a/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
+++ b/linux_os/guide/system/software/updating/package_dnf-automatic_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhel9
title: 'Install dnf-automatic Package'
diff --git a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
index 1c51fe22471..07aa5c3575b 100644
--- a/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
+++ b/linux_os/guide/system/software/updating/timer_dnf-automatic_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhel9
title: Enable dnf-automatic Timer
From 55bc57583158dc7c8080fdfd41b2c7ee4ddb677f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 11:45:02 +0200
Subject: [PATCH 2/8] Enable AIDE rules for RHEL9.
The component hasn't changed observably wrt our rules.
---
.../certified-vendor/installed_OS_is_FIPS_certified/rule.yml | 2 +-
.../software-integrity/aide/aide_build_database/rule.yml | 2 +-
.../software-integrity/aide/aide_scan_notification/rule.yml | 2 +-
.../software-integrity/aide/aide_use_fips_hashes/rule.yml | 2 +-
.../integrity/software-integrity/aide/aide_verify_acls/rule.yml | 2 +-
.../software-integrity/aide/aide_verify_ext_attributes/rule.yml | 2 +-
6 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
index 07d55e58e55..012fe8f6edd 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_FIPS_certified/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux8,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019
+prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux8,ubuntu1604,ubuntu1804,ubuntu2004,wrlinux1019
title: 'The Installed Operating System Is FIPS 140-2 Certified'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
index 175c997d508..6c0ee2e4c7b 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_build_database/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: debian9,debian10,fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
+prodtype: debian10,debian9,fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Build and Test AIDE Database'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
index 24d3f8e1c24..a73fb0a39ad 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_scan_notification/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019,sle12
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,wrlinux1019
title: 'Configure Notification of Post-AIDE Scan Details'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
index 1f86ed8a973..c982b8fde2e 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_use_fips_hashes/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4
title: 'Configure AIDE to Use FIPS 140-2 for Validating Hashes'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
index 144c0645503..f527068022a 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_acls/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
title: 'Configure AIDE to Verify Access Control Lists (ACLs)'
diff --git a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
index b5bcd202dea..7961f3b5a67 100644
--- a/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
+++ b/linux_os/guide/system/software/integrity/software-integrity/aide/aide_verify_ext_attributes/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
title: 'Configure AIDE to Verify Extended Attributes'
From 5425108a0a88ba36b422ee2a1f672f301531c167 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 15:44:41 +0200
Subject: [PATCH 3/8] Enabled package installed rules for RHEL9.
Packages are likely to exist in RHEL9.
---
.../disabling_xwindows/xwindows_remove_packages/rule.yml | 2 +-
.../smart_card_login/install_smartcard_packages/rule.yml | 2 +-
.../smart_card_login/package_opensc_installed/rule.yml | 2 +-
.../system/auditing/package_audispd-plugins_installed/rule.yml | 2 +-
.../package_policycoreutils-python-utils_installed/rule.yml | 2 +-
.../system/selinux/package_policycoreutils_installed/rule.yml | 2 +-
.../software/system-tools/package_rng-tools_installed/rule.yml | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
index 2f9dfc1b039..031d63ba778 100644
--- a/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
+++ b/linux_os/guide/services/xwindows/disabling_xwindows/xwindows_remove_packages/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8
+prodtype: ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable graphical user interface'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
index 85260712c6f..652e9287759 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/install_smartcard_packages/rule.yml
@@ -8,7 +8,7 @@
documentation_complete: true
-prodtype: fedora,ol7,rhel7,rhel8,sle12,sle15
+prodtype: fedora,ol7,rhel7,rhel8,rhel9,sle12,sle15
title: 'Install Smart Card Packages For Multifactor Authentication'
diff --git a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
index df01a282459..a55409d9e8f 100644
--- a/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
+++ b/linux_os/guide/system/accounts/accounts-physical/screen_locking/smart_card_login/package_opensc_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
title: 'Install the opensc Package For Multifactor Authentication'
diff --git a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
index 8ed5af7070a..6d96d340a33 100644
--- a/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
+++ b/linux_os/guide/system/auditing/package_audispd-plugins_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4
title: 'Install audispd-plugins Package'
diff --git a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
index 6c23fae18ab..a18a57dcbb3 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils-python-utils_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhel9
title: 'Install policycoreutils-python-utils package'
diff --git a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
index b9fcc6a889e..acce754e9d2 100644
--- a/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
+++ b/linux_os/guide/system/selinux/package_policycoreutils_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
title: 'Install policycoreutils Package'
diff --git a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
index 7d25f41fb98..f0ca76b6953 100644
--- a/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
+++ b/linux_os/guide/system/software/system-tools/package_rng-tools_installed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4
title: 'Install rng-tools Package'
From ef063898277b53e35db6f3b54604583c3512ff46 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 16:07:18 +0200
Subject: [PATCH 4/8] Enabled service-related rules for RHEL9.
---
linux_os/guide/services/base/service_kdump_disabled/rule.yml | 2 +-
linux_os/guide/services/rng/service_rngd_enabled/rule.yml | 2 +-
linux_os/guide/services/ssh/service_sshd_enabled/rule.yml | 2 +-
.../coredumps/service_systemd-coredump_disabled/rule.yml | 2 +-
4 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/linux_os/guide/services/base/service_kdump_disabled/rule.yml b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
index 8a12fd05711..1bb014b5993 100644
--- a/linux_os/guide/services/base/service_kdump_disabled/rule.yml
+++ b/linux_os/guide/services/base/service_kdump_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,wrlinux1019,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Disable KDump Kernel Crash Analyzer (kdump)'
diff --git a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
index 5d47b5d69b3..4f1e4d85197 100644
--- a/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
+++ b/linux_os/guide/services/rng/service_rngd_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol8,rhel8
+prodtype: fedora,ol8,rhcos4,rhel8,rhel9
title: 'Enable the Hardware RNG Entropy Gatherer Service'
diff --git a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
index 548750d0f61..a7aaa4f3f9c 100644
--- a/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
+++ b/linux_os/guide/services/ssh/service_sshd_enabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'Enable the OpenSSH Service'
diff --git a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
index a2e1affd89d..baa8a448026 100644
--- a/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/coredumps/service_systemd-coredump_disabled/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,rhcos4,ol8,rhel8
+prodtype: fedora,ol8,rhcos4,rhel8,rhel9
title: 'Disable acquiring, saving, and processing core dumps'
From ce273a6e9a50893d6cd2d623b74d30cba5c5ad8c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 17:13:54 +0200
Subject: [PATCH 5/8] More various rules.
---
.../files/dir_perms_world_writable_root_owned/rule.yml | 2 +-
.../software/disk_partitioning/encrypt_partitions/rule.yml | 6 ++++--
.../installed_OS_is_vendor_supported/rule.yml | 4 ++--
.../crypto/configure_openssl_tls_crypto_policy/rule.yml | 2 +-
.../rule.yml | 2 +-
.../system/software/sudo/sudoers_validate_passwd/rule.yml | 2 +-
.../updating/clean_components_post_updating/rule.yml | 2 +-
7 files changed, 11 insertions(+), 9 deletions(-)
diff --git a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
index 9714947ae47..0a4232cae38 100644
--- a/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
+++ b/linux_os/guide/system/permissions/files/dir_perms_world_writable_root_owned/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,wrlinux1019
title: 'Ensure All World-Writable Directories Are Owned by root user'
diff --git a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
index 7730800a0e8..ef544f33d48 100644
--- a/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
+++ b/linux_os/guide/system/software/disk_partitioning/encrypt_partitions/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhcos4,rhel7,rhel8,rhel9,rhv4,sle12,sle15
title: 'Encrypt Partitions'
@@ -37,8 +37,10 @@ description: |-
{{{ weblink(link="https://docs.oracle.com/en/operating-systems/oracle-linux/8/install/ol8-install-basic.html#install-storage-network") }}}.
{{% elif product in ["sle12", "sle15"] %}}
{{{ weblink(link="https://www.suse.com/documentation/sled-12/book_security/data/sec_security_cryptofs_y2.html") }}}
- {{% else %}}
+ {{% elif product == "rhel7" %}}
{{{ weblink(link="https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Encryption.html") }}}.
+ {{% else %}}
+ {{{ weblink(link="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/security_hardening/encrypting-block-devices-using-luks_security-hardening") }}}.
{{% endif %}}
rationale: |-
diff --git a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
index ac76ba7c5a0..8a36d5691b7 100644
--- a/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
+++ b/linux_os/guide/system/software/integrity/certified-vendor/installed_OS_is_vendor_supported/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15,wrlinux1019
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15,wrlinux1019
title: 'The Installed Operating System Is Vendor Supported'
@@ -56,7 +56,7 @@ ocil_clause: 'the installed operating system is not supported'
ocil: |-
To verify that the installed operating system is supported, run
the following command:
-{{% if product in ["rhel7", "rhel8"] %}}
+{{% if product.startswith("rhel") %}}
<pre>$ grep -i "red hat" /etc/redhat-release</pre>
{{% elif product in ["ol7", "ol8"] %}}
<pre>$ grep -i "oracle" /etc/oracle-release</pre>
diff --git a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
index c4637d39fed..dfe105771cc 100644
--- a/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
+++ b/linux_os/guide/system/software/integrity/crypto/configure_openssl_tls_crypto_policy/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8
+prodtype: rhel8,rhel9
title: 'Configure OpenSSL library to use TLS Encryption'
diff --git a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
index 4b01cb39e1a..930915327e0 100644
--- a/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudo_restrict_privilege_elevation_to_authorized/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
title: 'The operating system must restrict privilege elevation to authorized personnel'
-prodtype: ol7,ol8,rhel7,rhel8,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,sle15
description: |-
The sudo command allows a user to execute programs with elevated
diff --git a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
index eede35be8a1..d17f33852db 100644
--- a/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
+++ b/linux_os/guide/system/software/sudo/sudoers_validate_passwd/rule.yml
@@ -2,7 +2,7 @@ documentation_complete: true
title: 'Ensure invoking users password for privilege escalation when using sudo'
-prodtype: fedora,ol7,ol8,rhel7,rhel8,sle15
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9,sle15
description: |-
The sudoers security policy requires that users authenticate themselves before they can use sudo.
diff --git a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
index 34723d0e2a5..d0289b311c6 100644
--- a/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
+++ b/linux_os/guide/system/software/updating/clean_components_post_updating/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol7,ol8,rhel7,rhel8,rhv4,sle12,sle15
+prodtype: ol7,ol8,rhel7,rhel8,rhel9,rhv4,sle12,sle15
title: 'Ensure {{{ pkg_manager }}} Removes Previous Package Versions'
From 255ee86df41e9d5e8ee427ff28e214833796f156 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 17:15:51 +0200
Subject: [PATCH 6/8] Enabled zIPL rules for RHEL9.
There are indications that zIPL will remain the default bootloader for x390, and the project is very conservative.
---
.../guide/system/bootloader-zipl/zipl_audit_argument/rule.yml | 2 +-
.../bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml | 2 +-
.../guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml | 2 +-
.../system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml | 2 +-
.../system/bootloader-zipl/zipl_page_poison_argument/rule.yml | 2 +-
.../system/bootloader-zipl/zipl_slub_debug_argument/rule.yml | 2 +-
.../system/bootloader-zipl/zipl_vsyscall_argument/rule.yml | 2 +-
7 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
index c2fb5ba678c..987a42d31ec 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhcos4
+prodtype: rhcos4,rhel8,rhel9
title: 'Enable Auditing to Start Prior to the Audit Daemon in zIPL'
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
index 6548c352acc..cfb8c08f31d 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_audit_backlog_limit_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhcos4
+prodtype: rhcos4,rhel8,rhel9
title: 'Extend Audit Backlog Limit for the Audit Daemon in zIPL'
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
index c3f032d8cbb..b8b025f74f4 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bls_entries_only/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhcos4
+prodtype: rhcos4,rhel8,rhel9
title: 'Ensure all zIPL boot entries are BLS compliant'
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
index 13192cd8ca5..c8133e19ab4 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_bootmap_is_up_to_date/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhcos4
+prodtype: rhcos4,rhel8,rhel9
title: 'Ensure zIPL bootmap is up to date'
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
index 42c1c8aecd5..c626f6188cd 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_page_poison_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhcos4
+prodtype: rhcos4,rhel8,rhel9
title: 'Enable page allocator poisoning in zIPL'
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
index 2f9b04f7a27..d266165cddc 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_slub_debug_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhcos4
+prodtype: rhcos4,rhel8,rhel9
title: 'Enable SLUB/SLAB allocator poisoning in zIPL'
diff --git a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
index f90a0fb4141..387f7f13850 100644
--- a/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-zipl/zipl_vsyscall_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: rhel8,rhcos4
+prodtype: rhcos4,rhel8,rhel9
title: 'Disable vsyscalls in zIPL'
From 807dbda2042184d6d2e602506e846bb3a19a775d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 17:40:30 +0200
Subject: [PATCH 7/8] Enabled more audit rules for RHEL9.
Component maintainers have reported that there are no breaking changes in the audit configuration.
---
.../system/auditing/policy_rules/audit_access_failed/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_access_success/rule.yml | 2 +-
.../auditing/policy_rules/audit_basic_configuration/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_create_failed/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_create_success/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_delete_failed/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_delete_success/rule.yml | 2 +-
.../auditing/policy_rules/audit_immutable_login_uids/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_modify_failed/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_modify_success/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_module_load/rule.yml | 2 +-
.../system/auditing/policy_rules/audit_ospp_general/rule.yml | 2 +-
.../auditing/policy_rules/audit_owner_change_failed/rule.yml | 2 +-
.../auditing/policy_rules/audit_owner_change_success/rule.yml | 2 +-
.../auditing/policy_rules/audit_perm_change_failed/rule.yml | 2 +-
.../auditing/policy_rules/audit_perm_change_success/rule.yml | 2 +-
16 files changed, 16 insertions(+), 16 deletions(-)
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
index 458ac7e0ae6..a0d856b023b 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_failed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of unsuccessful file accesses'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
index 064618716e8..6f79a5cf04a 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_access_success/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of successful file accesses'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
index cce5e83fd6e..bd5d6455351 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_basic_configuration/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure basic parameters of Audit system'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
index 92800b472c7..b2f731d11ba 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_failed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of unsuccessful file creations'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
index 59db7b10073..a03a7f3b715 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_create_success/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of successful file creations'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
index 2f67a150dc5..d4bd88e6cfc 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_failed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of unsuccessful file deletions'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
index f54899fb842..6c05a736e39 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_delete_success/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of successful file deletions'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
index 073f29c9fe6..34e9fc134e0 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_immutable_login_uids/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure immutable Audit login UIDs'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
index 51f9d76f06d..2d0f7cf9da3 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_failed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of unsuccessful file modifications'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
index b51acc04dcb..28045878a69 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_modify_success/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of successful file modifications'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
index 20bfca83eee..d764e384ea2 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_module_load/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of loading and unloading of kernel modules'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
index fbf7473cc4c..0a41ece25fc 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_ospp_general/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Perform general configuration of Audit for OSPP'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
index b0052f8b645..a95c0146b11 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_failed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of unsuccessful ownership changes'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
index 3657a32fc3a..4133eb193f2 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_owner_change_success/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of successful ownership changes'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
index 477c74282d0..47f248a2b36 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_failed/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of unsuccessful permission changes'
diff --git a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
index 53ecf9d589a..5017b17849b 100644
--- a/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
+++ b/linux_os/guide/system/auditing/policy_rules/audit_perm_change_success/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8,rhcos4
+prodtype: ol8,rhcos4,rhel8,rhel9
title: 'Configure auditing of successful permission changes'
From 65b2fe65e7143d38f46f782d7e0d49738ad7dd76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mat=C4=9Bj=20T=C3=BD=C4=8D?= <matyc@redhat.com>
Date: Thu, 20 May 2021 17:46:00 +0200
Subject: [PATCH 8/8] Enabled Grub cmdline rules for RHEL9.
Those rules are not very specific - they perform basic configuration of kernel parameters.
---
.../system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml | 2 +-
.../guide/system/bootloader-grub2/grub2_pti_argument/rule.yml | 2 +-
.../system/bootloader-grub2/grub2_vsyscall_argument/rule.yml | 2 +-
.../restrictions/poisoning/grub2_page_poison_argument/rule.yml | 2 +-
.../restrictions/poisoning/grub2_slub_debug_argument/rule.yml | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
index 39f1bbe285c..03f56b8031d 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_kernel_trust_cpu_rng/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: ol8,rhel8
+prodtype: ol8,rhel8,rhel9
title: 'Configure kernel to trust the CPU random number generator'
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
index 1516972d72c..f186b1ae6e7 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_pti_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol8,rhel8
+prodtype: fedora,ol8,rhel8,rhel9
title: 'Enable Kernel Page-Table Isolation (KPTI)'
diff --git a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
index 9ad81924ceb..0b5873c56a2 100644
--- a/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
+++ b/linux_os/guide/system/bootloader-grub2/grub2_vsyscall_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
title: 'Disable vsyscalls'
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
index 820e4799f87..9b18bee588f 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_page_poison_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
title: 'Enable page allocator poisoning'
diff --git a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
index 182a0cc507c..f6059044f14 100644
--- a/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
+++ b/linux_os/guide/system/permissions/restrictions/poisoning/grub2_slub_debug_argument/rule.yml
@@ -1,6 +1,6 @@
documentation_complete: true
-prodtype: fedora,ol7,ol8,rhel7,rhel8
+prodtype: fedora,ol7,ol8,rhel7,rhel8,rhel9
title: 'Enable SLUB/SLAB allocator poisoning'
Reference in New Issue View Git Blame Copy Permalink